-
Notifications
You must be signed in to change notification settings - Fork 2
/
domains.tf
93 lines (82 loc) · 3.63 KB
/
domains.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Domains and CDN/Caching Layers
#
# These depend on two manually-created resources in the AWS console:
# 1. The DNS zone (referenced in the `domain_name` variable).
# 2. An SSL certificate covering all the domains (referenced in the
# `ssl_certificate_arn` variable).
#
# All the records for the domain and subdomains, however, are managed via
# Terraform resources in this file.
#
# The domains variously point to CloudFront distributions for caching and DOS
# protection or to other services entirely if things are hosted outside AWS.
# The CloudFront distributions are only created if there is is also an SSL
# certificate set in the `ssl_certificate_arn` variable (see above).
locals {
# Domain at which to serve archived, historical data (stored in S3).
data_snapshots_subdomain = "archives"
data_snapshots_domain = (
var.domain_name != ""
? "${local.data_snapshots_subdomain}.${var.domain_name}"
: ""
)
}
# Domain DNS Recods -----------------------------------------------------------
data "aws_route53_zone" "domain_zone" {
count = var.domain_name != "" ? 1 : 0
name = var.domain_name
}
# DNS record for the domain specified in the `domain_name` variable.
resource "aws_route53_record" "api_apex_domain_record" {
count = var.domain_name != "" ? 1 : 0
zone_id = data.aws_route53_zone.domain_zone[0].zone_id
name = var.domain_name
type = "A"
records = var.domain_name_remote_api_ips
ttl = 300
}
# The `www.` subdomain. It is an alias for the primary domain name.
resource "aws_route53_record" "api_www_domain_record" {
count = var.domain_name != "" ? 1 : 0
zone_id = data.aws_route53_zone.domain_zone[0].zone_id
name = "www"
type = "CNAME"
records = [var.domain_name]
ttl = 300
}
# CloudFront ------------------------------------------------------------------
# Provide a protective caching layer and a nice domain name for the S3 bucket
# with historical data. (Allowing direct public access can get expensive.)
# Docs: https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn
module "univaf_data_snaphsots_cdn" {
count = (
var.domain_name != ""
&& var.ssl_certificate_arn != "" ? 1 : 0
)
# NOTE: If upgrading this module, please check whether it's now compatible
# with the current version of the AWS provider and upgrade that, too!
# See https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues/279
source = "cloudposse/cloudfront-s3-cdn/aws"
version = "0.90.0"
origin_bucket = aws_s3_bucket.data_snapshots.bucket
dns_alias_enabled = true
aliases = [local.data_snapshots_domain]
parent_zone_id = data.aws_route53_zone.domain_zone[0].zone_id
acm_certificate_arn = var.ssl_certificate_arn
cloudfront_access_logging_enabled = false
default_ttl = 60 * 60 * 24 * 7 # 1 Week
http_version = "http2and3"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
# By default, CORS headers are forwarded, but we don't really care about them
# since the bucket is not operating in "website" mode.
forward_header_values = []
# HACK: this module creates bad values if you don't explicitly set one or
# more of namespace, environment, stage, name, or attributes.
# Basically, Cloud Posse modules generate an internal ID from the above,
# and that ID is used for lots of things. Bad stuff happens if it is empty.
# This issue is marked as closed, but is not actually solved:
# https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues/151
namespace = "cp"
name = "univaf_data_snaphsots_cdn"
}