Merge pull request #17 from cookielab/multiple_domains

feat(multiple domains): Add possibility to ACM for multiple zones + create DNS record in extra zones + CF aliases
cookielab · Oct 15, 2024 · 8e7ec88 · 8e7ec88
2 parents 2620855 + 641dee9
commit 8e7ec88
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -98,7 +98,7 @@ module "static-site" {
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_certificate"></a> [certificate](#module\_certificate) | terraform-aws-modules/acm/aws | 5.0.0 |
+| <a name="module_certificate"></a> [certificate](#module\_certificate) | terraform-aws-modules/acm/aws | 5.1.1 |
 | <a name="module_gitlab"></a> [gitlab](#module\_gitlab) | ./modules/gitlab | n/a |
 | <a name="module_s3_bucket"></a> [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.1.2 |
 
@@ -116,6 +116,7 @@ module "static-site" {
 | [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
 | [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
 | [aws_kms_key_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key_policy) | resource |
+| [aws_route53_record.extra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_cloudfront_cache_policy.managed_caching_disabled](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_cache_policy) | data source |
@@ -136,6 +137,7 @@ module "static-site" {
 | <a name="input_domains"></a> [domains](#input\_domains) | List of domain aliases. You can also specify wildcard eg.: `*.example.com` | `list(string)` | n/a | yes |
 | <a name="input_enable_deploy_user"></a> [enable\_deploy\_user](#input\_enable\_deploy\_user) | Toggle s3 deploy user creation | `bool` | `true` | no |
 | <a name="input_encrypt_with_kms"></a> [encrypt\_with\_kms](#input\_encrypt\_with\_kms) | Enable server side s3 bucket encryption with KMS key | `bool` | `false` | no |
+| <a name="input_extra_domains"></a> [extra\_domains](#input\_extra\_domains) | Map of extra\_domains with domain name and zone\_id | `map(string)` | `{}` | no |
 | <a name="input_functions"></a> [functions](#input\_functions) | n/a | <pre>object({<br>    viewer_request  = optional(string)<br>    viewer_response = optional(string)<br>  })</pre> | `{}` | no |
 | <a name="input_gitlab_environment"></a> [gitlab\_environment](#input\_gitlab\_environment) | GitLab environment name | `string` | `"*"` | no |
 | <a name="input_gitlab_project_id"></a> [gitlab\_project\_id](#input\_gitlab\_project\_id) | Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache | `string` | `null` | no |

diff --git a/main.tf b/main.tf
@@ -17,16 +17,18 @@ module "certificate" {
   }
 
   source  = "terraform-aws-modules/acm/aws"
-  version = "5.0.0"
+  version = "5.1.1"
 
   domain_name = local.main_domain
   zone_id     = var.domain_zone_id
 
-  subject_alternative_names = local.alternative_domains
+  subject_alternative_names = concat(local.alternative_domains, keys(var.extra_domains))
 
   validation_method   = "DNS"
   wait_for_validation = true
 
+  zones = var.extra_domains
+
   tags = local.tags
 }
 
@@ -229,7 +231,7 @@ resource "aws_cloudfront_distribution" "this" {
     }
   }
 
-  aliases = var.domains
+  aliases = concat(var.domains, keys(var.extra_domains))
 
   enabled             = true
   is_ipv6_enabled     = true
@@ -349,6 +351,20 @@ resource "aws_route53_record" "this" {
   }
 }
 
+resource "aws_route53_record" "extra" {
+  for_each = var.extra_domains
+
+  zone_id = each.value
+  name    = each.key
+  type    = "A"
+
+  alias {
+    name                   = aws_cloudfront_distribution.this.domain_name
+    zone_id                = aws_cloudfront_distribution.this.hosted_zone_id
+    evaluate_target_health = false
+  }
+}
+
 resource "aws_cloudfront_response_headers_policy" "this" {
   count   = length(var.s3_cors_rule) > 0 ? 1 : 0
   name    = "${var.s3_bucket_name}-cors"

diff --git a/variables.tf b/variables.tf
@@ -159,3 +159,9 @@ variable "response_header_access_control_allow_credentials" {
   type    = bool
   default = false
 }
+
+variable "extra_domains" {
+  type        = map(string)
+  description = "Map of extra_domains with domain name and zone_id"
+  default     = {}
+}