Configure marlowe-finance.io certificates

Configure certificates for *.marlowe-finance.io using route53/DNS record based aws certificates.
IntersectMBO · May 4, 2021 · f6e8876 · f6e8876
1 parent a33a2ee
commit f6e8876
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/deployment/terraform/certificates.tf b/deployment/terraform/certificates.tf
@@ -110,3 +110,35 @@ resource "aws_acm_certificate_validation" "marlowe_web_private" {
   certificate_arn         = aws_acm_certificate.marlowe_web_private.arn
   validation_record_fqdns = [for record in aws_route53_record.marlowe_web_private : record.fqdn]
 }
+
+#
+# marlowe-finance.io certificates
+#
+
+resource "aws_acm_certificate" "marlowe_finance_io" {
+  domain_name               = "marlowe-finance.io"
+  validation_method         = "DNS"
+  subject_alternative_names = ["*.marlowe-finance.io"]
+}
+
+resource "aws_route53_record" "marlowe_finance_io" {
+  for_each = {
+    for dvo in aws_acm_certificate.marlowe_finance_io.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = var.marlowe_finance_io_public_zone
+}
+
+resource "aws_acm_certificate_validation" "marlowe_finance_io" {
+  certificate_arn         = aws_acm_certificate.marlowe_finance_io.arn
+  validation_record_fqdns = [for record in aws_route53_record.marlowe_finance_io : record.fqdn]
+}
diff --git a/deployment/terraform/loadbalancing.tf b/deployment/terraform/loadbalancing.tf
@@ -104,6 +104,11 @@ resource "aws_alb_listener" "playground" {
   }
 }
 
+resource "aws_lb_listener_certificate" "marlowe_finance_io" {
+  listener_arn    = aws_alb_listener.playground.arn
+  certificate_arn = aws_acm_certificate.marlowe_finance_io.arn
+}
+
 resource "aws_lb_listener_certificate" "marlowe_web" {
   listener_arn    = aws_alb_listener.playground.arn
   certificate_arn = aws_acm_certificate.marlowe_web_private.arn

diff --git a/deployment/terraform/variables.tf b/deployment/terraform/variables.tf
@@ -46,6 +46,10 @@ variable "marlowe_dash_public_zone" {
   default = "Z04600362E06M9P9U3Y12"
 }
 
+variable "marlowe_finance_io_public_zone" {
+  default = "Z08915482QHLWPND8OWOL"
+}
+
 variable "bastion_instance_type" {
   default = "t3.micro"
 }