ACM validation

Script47 · Script47 · commit 372828972242 · 2024-12-01T23:29:40.000Z
diff --git a/static-site/acm.tf b/static-site/acm.tf
@@ -3,4 +3,9 @@ resource "aws_acm_certificate" "cloudfront_cert" {
   validation_method = "DNS"
   tags              = var.tags
   provider          = aws.acm
+}
+
+resource "aws_acm_certificate_validation" "cert_validation" {
+  certificate_arn         = aws_acm_certificate.cloudfront_cert.arn
+  validation_record_fqdns = [for record in data.hosted_zone : record.fqdn]
 }
diff --git a/static-site/data.tf b/static-site/data.tf
@@ -60,6 +60,10 @@ data "aws_iam_policy_document" "deploy_web" {
   }
 }
 
+data "aws_route53_zone" "hosted_zone" {
+  name = var.domain_name
+}
+
 data "aws_iam_openid_connect_provider" "github" {
   url = "https://token.actions.githubusercontent.com"
 }
diff --git a/static-site/route53.tf b/static-site/route53.tf
@@ -1,9 +1,30 @@
+#############################################
+# Validation for the ACM cert
+#############################################
+
+resource "aws_route53_record" "acm_records" {
+  for_each = {
+    for dvo in aws_acm_certificate.aws_acm_certificate.cloudfront_cert.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.hosted_zone.zone_id
+}
+
 #############################################
 # Setup the A record for your custom domain
 #############################################
 
 resource "aws_route53_record" "static_site_a_record" {
-  zone_id = var.hosted_zone_id
+  zone_id = data.aws_route53_zone.hosted_zone.zone_id
   name    = var.domain_name
   type    = "A"
 
diff --git a/static-site/variables.tf b/static-site/variables.tf
@@ -3,11 +3,6 @@ variable "bucket_name" {
   description = "The name of the bucket which will hold your static site"
 }
 
-variable "hosted_zone_id" {
-  type        = string
-  description = "The hosted zone ID to attach the A record for your custom domain"
-}
-
 variable "domain_name" {
   type        = string
   description = "The custom domain for your CloudFront distribution"

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,10 @@ data "aws_iam_policy_document" "deploy_web" {`
`60`	`60`	`}`
`61`	`61`	`}`
`62`	`62`
	`63`	`+data "aws_route53_zone" "hosted_zone" {`
	`64`	`+ name = var.domain_name`
	`65`	`+}`
	`66`	`+`
`63`	`67`	`data "aws_iam_openid_connect_provider" "github" {`
`64`	`68`	`url = "https://token.actions.githubusercontent.com"`
`65`	`69`	`}`