Merge pull request #3107 from input-output-hk/marlowe-finance-routing

Marlowe finance routing

deployment/terraform/certificates.tf

@@ -110,3 +110,35 @@ resource "aws_acm_certificate_validation" "marlowe_web_private" {
   certificate_arn         = aws_acm_certificate.marlowe_web_private.arn
   validation_record_fqdns = [for record in aws_route53_record.marlowe_web_private : record.fqdn]
 }
+
+#
+# marlowe-finance.io certificates
+#
+
+resource "aws_acm_certificate" "marlowe_finance_io" {
+  domain_name               = "marlowe-finance.io"
+  validation_method         = "DNS"
+  subject_alternative_names = ["*.marlowe-finance.io"]
+}
+
+resource "aws_route53_record" "marlowe_finance_io" {
+  for_each = {
+    for dvo in aws_acm_certificate.marlowe_finance_io.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = var.marlowe_finance_io_public_zone
+}
+
+resource "aws_acm_certificate_validation" "marlowe_finance_io" {
+  certificate_arn         = aws_acm_certificate.marlowe_finance_io.arn
+  validation_record_fqdns = [for record in aws_route53_record.marlowe_finance_io : record.fqdn]
+}

deployment/terraform/loadbalancing.tf

@@ -104,6 +104,11 @@ resource "aws_alb_listener" "playground" {
   }
 }
 
+resource "aws_lb_listener_certificate" "marlowe_finance_io" {
+  listener_arn    = aws_alb_listener.playground.arn
+  certificate_arn = aws_acm_certificate.marlowe_finance_io.arn
+}
+
 resource "aws_lb_listener_certificate" "marlowe_web" {
   listener_arn    = aws_alb_listener.playground.arn
   certificate_arn = aws_acm_certificate.marlowe_web_private.arn
@@ -348,3 +353,55 @@ resource "aws_route53_record" "plutus_playground_alb" {
     evaluate_target_health = true
   }
 }
+
+
+#
+# Production: marlowe-finance.io forwarding
+#
+
+resource "aws_alb_listener_rule" "marlowe-finance-marlowe-web" {
+  listener_arn = aws_alb_listener.playground.arn
+  action {
+    type             = "forward"
+    target_group_arn = aws_alb_target_group.marlowe_web.id
+  }
+
+  condition {
+    host_header {
+      values = ["marlowe-finance.io"]
+    }
+  }
+}
+
+resource "aws_alb_listener_rule" "marlowe-finance-marlowe-dash" {
+  depends_on   = [aws_alb_target_group.marlowe_dash]
+  listener_arn = aws_alb_listener.playground.arn
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_alb_target_group.marlowe_dash.id
+  }
+
+  condition {
+    host_header {
+      values = ["run.marlowe-finance.io"]
+    }
+  }
+}
+
+resource "aws_alb_listener_rule" "marlowe-finance-marlowe-playground" {
+  depends_on   = [aws_alb_target_group.marlowe_playground]
+  listener_arn = aws_alb_listener.playground.arn
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_alb_target_group.marlowe_playground.id
+  }
+
+  condition {
+    host_header {
+      values = ["play.marlowe-finance.io"]
+    }
+  }
+}
+

deployment/terraform/network.tf

@@ -121,15 +121,6 @@ resource "aws_route_table_association" "private" {
   route_table_id = aws_route_table.private.*.id[count.index]
 }
 
-# Bastion hosts
-data "template_file" "bastion_user_data" {
-  template = "${file("${path.module}/templates/bastion_configuration.nix")}"
-
-  vars = {
-    ssh_keys   = "${join(" ", formatlist("\"command=\\\"echo 'this host is for forwarding only'\\\",no-X11-forwarding,no-user-rc %s\"", local.bastion_ssh_keys))}"
-    network_id = "canbeanything"
-  }
-}
 
 resource "aws_instance" "bastion" {
   count                       = length(var.azs)
@@ -229,3 +220,42 @@ resource "aws_route53_zone" "plutus_private_zone" {
     Environment = var.env
   }
 }
+
+resource "aws_route53_zone" "marlowe_finance_io_zone" {
+  name = "marlowe-finance.io"
+}
+
+resource "aws_route53_record" "marlowe_finance_top_level" {
+  zone_id = aws_route53_zone.marlowe_finance_io_zone.zone_id
+  name    = "marlowe-finance.io"
+  type    = "A"
+  ttl     = 300
+  records = [var.marlowe_finance_production_ip]
+}
+
+resource "aws_route53_record" "marlowe_finance_play" {
+  zone_id = aws_route53_zone.marlowe_finance_io_zone.zone_id
+  name    = "play.marlowe-finance.io"
+  type    = "CNAME"
+  ttl     = 300
+  records = ["production.marlowe.iohkdev.io"]
+}
+
+resource "aws_route53_record" "marlowe_finance_run" {
+  zone_id = aws_route53_zone.marlowe_finance_io_zone.zone_id
+  name    = "run.marlowe-finance.io"
+  type    = "CNAME"
+  ttl     = 300
+  records = ["production.marlowe-dash.iohkdev.io"]
+}
+
+
+# Bastion hosts
+data "template_file" "bastion_user_data" {
+  template = "${file("${path.module}/templates/bastion_configuration.nix")}"
+
+  vars = {
+    ssh_keys   = "${join(" ", formatlist("\"command=\\\"echo 'this host is for forwarding only'\\\",no-X11-forwarding,no-user-rc %s\"", local.bastion_ssh_keys))}"
+    network_id = "canbeanything"
+  }
+}

deployment/terraform/variables.tf

@@ -46,6 +46,10 @@ variable "marlowe_dash_public_zone" {
   default = "Z04600362E06M9P9U3Y12"
 }
 
+variable "marlowe_finance_io_public_zone" {
+  default = "Z08915482QHLWPND8OWOL"
+}
+
 variable "bastion_instance_type" {
   default = "t3.micro"
 }
@@ -74,6 +78,12 @@ variable "private_subnet_cidrs" {
   default = ["10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
 }
 
+# The public ip address of production.marlowe.iohkdev.io which
+# is used to create a route53 A record for marlowe-finance.io.
+variable "marlowe_finance_production_ip" {
+  default = "52.213.243.4"
+}
+
 variable "azs" {
   default = ["a", "b"]
 }