Skip to content

Commit

Permalink
wip: go back to old accounts and ugly url so I can deploy before node…
Browse files Browse the repository at this point in the history 
… upgrade
  • Loading branch information
@chlohilt
chlohilt committed May 16, 2024
1 parent 89f5fe0 commit f062c11
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 34 deletions.
2 changes: 1 addition & 1 deletion iac/dev/app/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,5 +55,5 @@ module "app" {
force_destroy = true
config_branch = local.config_branch
stage_name = local.stage_name
cdn_url = "cdn-dev.byu.edu"
cdn_url = "byu-oit-cdn-dev.amazon.byu.edu"
}
62 changes: 31 additions & 31 deletions iac/modules/app/cloudfront.tf
View file
Original file line number Diff line number Diff line change
@@ -1,35 +1,35 @@
## ==================== HTTPS cert ====================
resource "aws_acm_certificate" "cert" {
domain_name = var.cdn_url
validation_method = "DNS"
subject_alternative_names = ["*.${var.cdn_url}"]
}

resource "aws_acm_certificate_validation" "cert" {
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn]
}

resource "aws_route53_record" "cert_validation" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}

allow_overwrite = true
name = each.value.name
type = each.value.type
zone_id = data.aws_route53_zone.cdn_zone.id
records = [each.value.record]
ttl = 60
}
#resource "aws_acm_certificate" "cert" {
# domain_name = var.cdn_url
# validation_method = "DNS"
# subject_alternative_names = ["*.${var.cdn_url}"]
#}
#
#resource "aws_acm_certificate_validation" "cert" {
# certificate_arn = aws_acm_certificate.cert.arn
# validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn]
#}
#
#resource "aws_route53_record" "cert_validation" {
# for_each = {
# for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
# name = dvo.resource_record_name
# record = dvo.resource_record_value
# type = dvo.resource_record_type
# }
# }
#
# allow_overwrite = true
# name = each.value.name
# type = each.value.type
# zone_id = data.aws_route53_zone.cdn_zone.id
# records = [each.value.record]
# ttl = 60
#}

# ==================== Route53 ====================
resource "aws_route53_record" "a_record" {
name = var.cdn_url
name = "${local.app_name}-${var.env}"
type = "A"
zone_id = data.aws_route53_zone.cdn_zone.id
allow_overwrite = false
Expand All @@ -41,7 +41,7 @@ resource "aws_route53_record" "a_record" {
}

resource "aws_route53_record" "aaaa_record" {
name = var.cdn_url
name = "${local.app_name}-${var.env}"
type = "AAAA"
zone_id = data.aws_route53_zone.cdn_zone.id
allow_overwrite = false
Expand Down Expand Up @@ -72,12 +72,12 @@ resource "aws_iam_policy" "allow_cdn_parameter_store_access" {

resource "aws_cloudfront_distribution" "website_cloudfront" {
comment = "${var.cdn_url} - ${var.name} ${var.env}"
aliases = ["*.${var.cdn_url}"]
aliases = ["${local.app_name}.${var.cdn_url}"]
enabled = true
http_version = "http2"

viewer_certificate {
acm_certificate_arn = aws_acm_certificate.cert.arn
acm_certificate_arn = module.acs.certificate_virginia.arn # aws_acm_certificate.new_cert.arn
ssl_support_method = "sni-only"
minimum_protocol_version = "TLSv1"
}
Expand Down
4 changes: 2 additions & 2 deletions main-config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,8 @@ infrastructure:
dev:
settings:
root-dns: cdn-dev.byu.edu
account-stack-name: byu-oit-cdn-dev
certificate-arn: arn:aws:acm:us-east-1:637423550675:certificate/c1f3cc33-ea1f-4525-9b4c-cfb195a07f7f
account-stack-name: web-community-cdn-account
certificate-arn: arn:aws:acm:us-east-1:632558792265:certificate/1bc2f81c-2f79-46b3-9d3b-54ce672ba8be
prd:
settings:
root-dns: cdn.byu.edu
Expand Down

0 comments on commit f062c11

Please sign in to comment.