dap-ps
/
infra-dapps
mirror of https://github.com/dap-ps/infra-dapps.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

include SAN for dap.ps in certificates for different stages 

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2019-08-09 12:29:59 -04:00
parent 603309e83d
commit d6853ee6b4
No known key found for this signature in database
GPG Key ID: 4EF064D0E6D63020
2 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
modules/aws-eb-env/cert.tf
View File

@ -1,20 +1,32 @@
locals {
cert_sans = [var.dns_domain]
}
resource "aws_acm_certificate" "main" {
domain_name = "${var.stage}.${var.dns_domain}"
/* TODO support SAN of dap.ps */
subject_alternative_names = []
subject_alternative_names = local.cert_sans
validation_method = "DNS"
tags = {
Name = "${var.stage}.${var.dns_domain}"
}
}
resource "gandi_zonerecord" "cert_verification" {
zone = var.gandi_zone_id
name = replace(aws_acm_certificate.main.domain_validation_options[0].resource_record_name, ".${var.dns_domain}.", "")
type = aws_acm_certificate.main.domain_validation_options[0].resource_record_type
zone = var.gandi_zone_id
name = replace(aws_acm_certificate.main.domain_validation_options[count.index].resource_record_name, ".${var.dns_domain}.", "")
type = aws_acm_certificate.main.domain_validation_options[count.index].resource_record_type
ttl = 300
values = [aws_acm_certificate.main.domain_validation_options[0].resource_record_value]
values = [aws_acm_certificate.main.domain_validation_options[count.index].resource_record_value]
count = length(local.cert_sans)+1
}
resource "aws_acm_certificate_validation" "main" {
certificate_arn = aws_acm_certificate.main.arn
validation_record_fqdns = ["${gandi_zonerecord.cert_verification.name}.${var.dns_domain}"]
validation_record_fqdns = [
for verification in gandi_zonerecord.cert_verification:
"${verification.name}.${var.dns_domain}"
]
}

11
modules/aws-eb-env/main.tf
View File

@ -49,12 +49,13 @@ module "eb_environment" {
solution_stack_name = var.stack_name
keypair = var.keypair_name
app = module.eb_application.app_name
loadbalancer_certificate_arn = aws_acm_certificate.main.arn
vpc_id = module.vpc.vpc_id
public_subnets = module.subnets.public_subnet_ids
private_subnets = module.subnets.public_subnet_ids /* should be private */
security_groups = [module.vpc.vpc_default_security_group_id]
app = module.eb_application.app_name
vpc_id = module.vpc.vpc_id
public_subnets = module.subnets.public_subnet_ids
private_subnets = module.subnets.public_subnet_ids /* should be private */
security_groups = [module.vpc.vpc_default_security_group_id]
/* Access */
ssh_listener_port = "22"