Merge pull request #20 from openoakland/add-oakcrime-org

Add oakcrime org
openoakland · May 20, 2020 · 23c9400 · 23c9400
2 parents 85be7ee + 32823f4
commit 23c9400
Show file tree

Hide file tree

Showing 6 changed files with 118 additions and 8 deletions.
diff --git a/modules/oakcrime/dns.tf b/modules/oakcrime/dns.tf
@@ -0,0 +1,98 @@
+resource "aws_route53_zone" "oakcrime" {
+  name = "oakcrime.org"
+}
+
+resource "aws_acm_certificate" "cert" {
+  provider          = aws.cloudfront
+  domain_name       = "oakcrime.org"
+  validation_method = "DNS"
+  subject_alternative_names = ["www.oakcrime.org"]
+}
+
+resource "aws_route53_record" "cert_validation" {
+  name    = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name
+  type    = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type
+  zone_id = aws_route53_zone.oakcrime.zone_id
+  records = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value]
+  ttl     = 60
+}
+
+resource "aws_route53_record" "cert_validation_www" {
+  name    = aws_acm_certificate.cert.domain_validation_options.1.resource_record_name
+  type    = aws_acm_certificate.cert.domain_validation_options.1.resource_record_type
+  zone_id = aws_route53_zone.oakcrime.zone_id
+  records = [aws_acm_certificate.cert.domain_validation_options.1.resource_record_value]
+  ttl     = 60
+}
+
+resource "aws_acm_certificate_validation" "cert" {
+  provider                = aws.cloudfront
+  certificate_arn         = aws_acm_certificate.cert.arn
+  validation_record_fqdns = [
+    aws_route53_record.cert_validation.fqdn, aws_route53_record.cert_validation_www.fqdn
+  ]
+}
+
+resource "aws_cloudfront_distribution" "oakcrime" {
+  provider = aws.cloudfront
+  enabled = true
+
+  aliases = ["oakcrime.org", "www.oakcrime.org"]
+  origin {
+    origin_id = "oakcrime.org"
+    domain_name = module.env_web_production.fqdn
+    custom_origin_config {
+      http_port = 80
+      https_port = 443
+      origin_protocol_policy = "https-only"
+      origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
+    }
+  }
+
+  default_cache_behavior {
+    allowed_methods = ["GET", "HEAD", "POST", "PATCH", "PUT", "DELETE", "OPTIONS"]
+    cached_methods = ["GET", "HEAD"]
+    target_origin_id = "oakcrime.org"
+    viewer_protocol_policy = "redirect-to-https"
+
+    forwarded_values {
+      headers = ["*"]
+      query_string = true
+      cookies {
+        forward = "all"
+      }
+    }
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    acm_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn
+    ssl_support_method = "sni-only"
+  }
+}
+
+resource "aws_route53_record" "oakcrime_org" {
+  name    = "oakcrime.org"
+  type    = "A"
+  zone_id = aws_route53_zone.oakcrime.zone_id
+
+  alias {
+    name = aws_cloudfront_distribution.oakcrime.domain_name
+    zone_id = aws_cloudfront_distribution.oakcrime.hosted_zone_id
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "www_oakcrime_org" {
+  name    = "www.oakcrime.org"
+  type    = "CNAME"
+  zone_id = aws_route53_zone.oakcrime.zone_id
+  records = [aws_cloudfront_distribution.oakcrime.domain_name]
+  ttl     = 60
+}
+
diff --git a/modules/oakcrime/outputs.tf b/modules/oakcrime/outputs.tf
@@ -1,3 +1,7 @@
+output "namecheap_name_servers" {
+  value = join(" ", aws_route53_zone.oakcrime.name_servers)
+}
+
 output "ci_aws_access_key_id" {
   value     = "${module.ci_user.access_key_id}"
   sensitive = true

diff --git a/modules/oakcrime/terraform.tf b/modules/oakcrime/terraform.tf
@@ -4,19 +4,19 @@ provider "aws" {
 }
 
 module "ci_user" {
-  source = "github.com/openoakland/terraform-modules//eb_deploy_user?ref=v2.0.0"
+  source = "github.com/openoakland/terraform-modules//eb_deploy_user?ref=v2.2.0"
 
   eb_deploy_username = "oakcrime-ci"
 }
 
 module "app_oakcrime" {
-  source = "github.com/openoakland/terraform-modules//beanstalk_app?ref=v2.0.0"
+  source = "github.com/openoakland/terraform-modules//beanstalk_app?ref=v2.2.0"
 
   app_name = "oakcrime"
 }
 
 module "db_production" {
-  source = "github.com/openoakland/terraform-modules//postgresdb?ref=v2.1.0"
+  source = "github.com/openoakland/terraform-modules//postgresdb?ref=v2.2.0"
 
   db_engine_version = "10.6"
   db_name     = "oakcrime"
@@ -26,7 +26,7 @@ module "db_production" {
 }
 
 module "env_web_production" {
-  source = "github.com/openoakland/terraform-modules//beanstalk_web_env?ref=v2.1.1"
+  source = "github.com/openoakland/terraform-modules//beanstalk_web_env?ref=v2.2.0"
 
   app_instance = "prod-web"
   app_name     = "oakcrime"
@@ -50,7 +50,7 @@ module "env_web_production" {
 }
 
 module "env_worker_production" {
-  source = "github.com/openoakland/terraform-modules//beanstalk_worker_env?ref=v2.1.1"
+  source = "github.com/openoakland/terraform-modules//beanstalk_worker_env?ref=v2.2.0"
 
   app_instance = "production"
   app_name     = "oakcrime"

diff --git a/modules/oakcrime/variables.tf b/modules/oakcrime/variables.tf
@@ -1,6 +1,5 @@
 variable "security_group_name" {}
 variable "key_pair_id" {}
-variable "zone_id" {}
 
 variable "prod_box_enterprise_id" {
   description = "Box Enterprise ID for Patrol log fetching."

diff --git a/modules/openoakland.org/main.tf b/modules/openoakland.org/main.tf
@@ -3,7 +3,7 @@ provider "aws" {
 }
 
 module "site" {
-  source = "github.com/openoakland/terraform-modules//s3_cloudfront_website"
+  source = "github.com/openoakland/terraform-modules//s3_cloudfront_website?ref=v2.2.0"
   host   = "beta"
   zone   = "aws.openoakland.org"
   aliases = ["openoakland.org"]

diff --git a/oakcrime.tf b/oakcrime.tf
@@ -42,7 +42,6 @@ module "oakcrime" {
   source              = "./modules/oakcrime"
   security_group_name = aws_security_group.ssh_and_web.name
   key_pair_id         = aws_key_pair.openoakland.id
-  zone_id             = data.aws_route53_zone.openoakland.id
 
   # Beanstalk apps
   dns_zone                 = data.aws_route53_zone.openoakland.name
@@ -56,6 +55,11 @@ module "oakcrime" {
   prod_django_secret_key   = var.oakcrime_prod_django_secret_key
   prod_google_maps_api_key = var.oakcrime_prod_google_maps_api_key
   prod_socrata_key         = var.oakcrime_prod_socrata_key
+
+  providers = {
+    aws            = aws
+    aws.cloudfront = aws.cloudfront
+  }
 }
 
 output "oakcrime_ci_aws_access_key_id" {
@@ -67,3 +71,8 @@ output "oakcrime_ci_aws_secret_access_key" {
   value     = module.oakcrime.ci_aws_secret_access_key
   sensitive = true
 }
+
+output "oakcrime_namecheap_name_servers" {
+  description = "Set the oakcrime.org domain nameservers to these values:"
+  value = module.oakcrime.namecheap_name_servers
+}