adding domain records / cerificate

Summary: terraform changes already applied Reviewed By: a8m Differential Revision: D16752076 fbshipit-source-id: b3ccf1c827f6d918c6507f2978c3b497533ab725
2026-05-24 09:31:56 +03:00 · 2019-08-11 03:00:45 -07:00
parent fd91886c2c
commit 933fe91741
4 changed files with 51 additions and 3 deletions
--- a/doc/tf/bucket.tf
+++ b/doc/tf/bucket.tf
@@ -1,5 +1,5 @@
 resource "aws_s3_bucket" "website" {
-  bucket = "entgo.io"
+  bucket = local.domain_name
  acl    = "public-read"

  server_side_encryption_configuration {
@@ -22,7 +22,7 @@ data "aws_iam_policy_document" "website" {
    ]

    resources = [
-      format("%s/*", aws_s3_bucket.website.arn)
+      "${aws_s3_bucket.website.arn}/*"
    ]

    principals {
@@ -35,4 +35,4 @@ data "aws_iam_policy_document" "website" {
 resource "aws_s3_bucket_policy" "website" {
  bucket = aws_s3_bucket.website.id
  policy = data.aws_iam_policy_document.website.json
-}
+}
--- a/doc/tf/cert.tf
+++ b/doc/tf/cert.tf
@@ -0,0 +1,31 @@
+
+resource "aws_acm_certificate" "cert" {
+  domain_name       = aws_route53_zone.zone.name
+  validation_method = "DNS"
+
+  subject_alternative_names = [
+    "*.${aws_route53_zone.zone.name}"
+  ]
+
+  tags = {
+    Name = aws_route53_zone.zone.name
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_route53_record" "cert_validation" {
+  name            = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name
+  type            = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type
+  zone_id         = aws_route53_zone.zone.id
+  records         = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value]
+  ttl             = 60
+  allow_overwrite = true
+}
+
+resource "aws_acm_certificate_validation" "cert" {
+  certificate_arn         = aws_acm_certificate.cert.arn
+  validation_record_fqdns = [aws_route53_record.cert_validation.fqdn]
+}
--- a/doc/tf/domain.tf
+++ b/doc/tf/domain.tf
@@ -0,0 +1,15 @@
+locals {
+  domain_name = "entgo.io"
+}
+
+resource "aws_route53_zone" "zone" {
+  name = local.domain_name
+}
+
+resource "aws_route53_record" "ns" {
+  name    = aws_route53_zone.zone.name
+  type    = "NS"
+  zone_id = aws_route53_zone.zone.id
+  ttl     = 300
+  records = aws_route53_zone.zone.name_servers
+}
--- a/doc/tf/main.tf
+++ b/doc/tf/main.tf
@@ -5,4 +5,6 @@ terraform {
    key            = "terraform.tfstate"
    dynamodb_table = "entgo.terraform.lock"
  }
+
+  required_version = "> 0.12"
 }