Skip to content

Commit

Permalink
Allow whitelist distributions to be stood up before certs are finalized
Browse files Browse the repository at this point in the history
This avoids the catch-22 of a distribution requiring a valid cname that points to it before it can be created
  • Loading branch information
andysingleton committed Jul 12, 2024
1 parent 61ef1d5 commit 8cf4dd9
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 5 deletions.
1 change: 1 addition & 0 deletions aws_acm_certificates.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ resource "aws_acm_certificate" "certificate" {
}

resource "aws_acm_certificate_validation" "cert" {
count = var.whitelabel_domain ? 0 : 1
provider = aws.cloudfront
certificate_arn = aws_acm_certificate.certificate.arn
validation_record_fqdns = [for record in aws_route53_record.certificate_validation : record.fqdn]
Expand Down
6 changes: 2 additions & 4 deletions aws_cloudfront_distribution.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {

viewer_certificate {
cloudfront_default_certificate = var.use_cloudfront_default_certificate
acm_certificate_arn = aws_acm_certificate.certificate.arn
acm_certificate_arn = var.use_cloudfront_default_certificate ? "" : aws_acm_certificate.certificate.arn
ssl_support_method = "sni-only"
minimum_protocol_version = var.minimum_protocol_version
}
Expand All @@ -28,9 +28,7 @@ resource "aws_cloudfront_distribution" "s3_distribution" {
response_page_path = "/index.html"
}

aliases = [
var.distribution_fqdn
]
aliases = var.use_cloudfront_default_certificate ? [] : [var.distribution_fqdn]

logging_config {
bucket = module.bucket_cloudwatch_logs_backup.s3_bucket_bucket_domain_name
Expand Down
2 changes: 1 addition & 1 deletion outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ output "identity" {
}

output "domain_validations" {
value = aws_route53_record.certificate_validation
value = aws_acm_certificate.certificate.domain_validation_options
}

0 comments on commit 8cf4dd9

Please sign in to comment.