Setup linkry HTTPS certificate for acm.gg

[devksingh4]

Summary by CodeRabbit

• New Features
  • Frontend now supports multiple public domains.
  • Added configurable certificate ARN parameter for deployments.

[coderabbitai]

Walkthrough

Changes rename LinkryPublicDomain to LinkryPublicDomains (string → set(string)) across prod/qa environments and the frontend module. Adds LinkryCertificateArn variable to both environments. Updates frontend module to use LinkryPublicDomains array and LinkryCertificateArn for CloudFront configuration. Prod environment includes additional domain acm.gg.

Changes

Cohort / File(s)	Summary
Environment configuration - Prod terraform/envs/prod/main.tf, terraform/envs/prod/variables.tf	Updated frontend module call: renamed LinkryPublicDomain to LinkryPublicDomains with array value [var.LinkryPublicDomain, "acm.gg"]. Added LinkryCertificateArn variable binding and new variable declaration with environment-specific ARN.
Environment configuration - QA terraform/envs/qa/main.tf, terraform/envs/qa/variables.tf	Updated frontend module call: renamed LinkryPublicDomain to LinkryPublicDomains with array value [var.LinkryPublicDomain]. Added LinkryCertificateArn variable binding and new variable declaration with environment-specific ARN.
Frontend module terraform/modules/frontend/main.tf, terraform/modules/frontend/variables.tf	Renamed LinkryPublicDomain to LinkryPublicDomains (type: string → set(string)). Added LinkryCertificateArn variable. Updated CloudFront configuration to use var.LinkryPublicDomains directly for aliases and var.LinkryCertificateArn instead of var.CoreCertificateArn for certificate ARN.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify ACM certificate ARN values are correct and accessible for each environment (different AWS accounts: prod uses 298118738376, qa uses 427040638965)
• Confirm that prod environment intentionally includes both the original domain variable and the hardcoded "acm.gg" domain
• Validate that the CloudFront distribution configuration correctly supports set(string) type for aliases (should work, but verify no issues with Terraform provider)
• Check that the certificate ARN change from CoreCertificateArn to LinkryCertificateArn applies only to Linkry distribution and doesn't affect other resources

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: configuring HTTPS certificate infrastructure for the linkry service on the acm.gg domain.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dsingh14/linkry-direct

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

terraform/envs/prod/variables.tf (1)

27-31: Prod-specific LinkryCertificateArn for multi-domain support.

The new variable mirrors the QA setup with an appropriate prod account ID and certificate ARN. The inline comment explains the motivation for a separate certificate.

Minor: Correct the typo in the comment on line 27: "seperate" → "separate".

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between bf24941 and 81e2206.

📒 Files selected for processing (6)

• terraform/envs/prod/main.tf (1 hunks)
• terraform/envs/prod/variables.tf (1 hunks)
• terraform/envs/qa/main.tf (1 hunks)
• terraform/envs/qa/variables.tf (1 hunks)
• terraform/modules/frontend/main.tf (2 hunks)
• terraform/modules/frontend/variables.tf (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build Application
• GitHub Check: Run Unit Tests

🔇 Additional comments (7)

terraform/envs/qa/variables.tf (1)

17-20: LGTM: New LinkryCertificateArn variable addition.

The new variable follows the existing naming convention and is correctly positioned. The default ARN is in the us-east-1 region, which is appropriate for CloudFront certificates.

terraform/modules/frontend/main.tf (2)

461-461: Update to CloudFront aliases to support multiple domains.

Switching from a single-element list to the LinkryPublicDomains variable enables the frontend module to handle multiple domain aliases. The CloudFront resource correctly accepts a set of domains.

---

478-478: Separate ACM certificate for Linkry domains.

Using a dedicated LinkryCertificateArn instead of reusing CoreCertificateArn allows independent certificate management for Linkry, necessary for supporting additional domains like acm.gg in production.

Verify that the ACM certificates referenced by LinkryCertificateArn in both environments are valid and include all required domain aliases (particularly acm.gg in production and go.aws.qa.acmuiuc.org in QA).

terraform/modules/frontend/variables.tf (2)

31-34: Variable rename and type promotion for multiple Linkry domains.

Renaming LinkryPublicDomain to LinkryPublicDomains and changing the type from string to set(string) correctly enables support for multiple domain aliases. The description is updated accordingly.

---

42-45: New LinkryCertificateArn variable for dedicated certificate management.

Introduces a dedicated ACM certificate variable for Linkry, separating it from the Core certificate. This enables independent lifecycle and domain coverage management.

terraform/envs/qa/main.tf (1)

130-132: QA frontend module updated with new LinkryPublicDomains and LinkryCertificateArn bindings.

The QA environment correctly wraps the existing single domain in a list to match the module's updated set(string) type, and adds the dedicated Linkry certificate ARN. This maintains QA's single-domain setup while supporting the module's new multi-domain capability.

terraform/envs/prod/main.tf (1)

127-128: Prod environment adds acm.gg as secondary Linkry domain with dedicated certificate.

The production frontend module now includes both go.acm.illinois.edu and acm.gg as CloudFront aliases, enabling the HTTPS setup for the new domain. The dedicated LinkryCertificateArn supports independent certificate management for these domains.

Verify that DNS resolution for acm.gg is properly configured (potentially at the DNS registrar or external provider, since Route53 records are not present in this file). Ensure the ACM certificate referenced by LinkryCertificateArn in production covers both go.acm.illinois.edu and acm.gg domains.