diff --git a/README.md b/README.md
index d31de11..403189b 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,7 @@ module "static-site" {
| Name | Source | Version |
|------|--------|---------|
-| [certificate](#module\_certificate) | terraform-aws-modules/acm/aws | 5.0.0 |
+| [certificate](#module\_certificate) | terraform-aws-modules/acm/aws | 5.1.1 |
| [gitlab](#module\_gitlab) | ./modules/gitlab | n/a |
| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | 4.1.2 |
@@ -116,6 +116,7 @@ module "static-site" {
| [aws_kms_alias.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_kms_key_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key_policy) | resource |
+| [aws_route53_record.extra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_cloudfront_cache_policy.managed_caching_disabled](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_cache_policy) | data source |
@@ -136,6 +137,7 @@ module "static-site" {
| [domains](#input\_domains) | List of domain aliases. You can also specify wildcard eg.: `*.example.com` | `list(string)` | n/a | yes |
| [enable\_deploy\_user](#input\_enable\_deploy\_user) | Toggle s3 deploy user creation | `bool` | `true` | no |
| [encrypt\_with\_kms](#input\_encrypt\_with\_kms) | Enable server side s3 bucket encryption with KMS key | `bool` | `false` | no |
+| [extra\_domains](#input\_extra\_domains) | Map of extra\_domains with domain name and zone\_id | `map(string)` | `{}` | no |
| [functions](#input\_functions) | n/a | object({
viewer_request = optional(string)
viewer_response = optional(string)
}) | `{}` | no |
| [gitlab\_environment](#input\_gitlab\_environment) | GitLab environment name | `string` | `"*"` | no |
| [gitlab\_project\_id](#input\_gitlab\_project\_id) | Integrates with GitLab CI/CD to deploy site and invalidate CloudFront cache | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 500fb86..ac7be3c 100644
--- a/main.tf
+++ b/main.tf
@@ -17,16 +17,18 @@ module "certificate" {
}
source = "terraform-aws-modules/acm/aws"
- version = "5.0.0"
+ version = "5.1.1"
domain_name = local.main_domain
zone_id = var.domain_zone_id
- subject_alternative_names = local.alternative_domains
+ subject_alternative_names = concat(local.alternative_domains, keys(var.extra_domains))
validation_method = "DNS"
wait_for_validation = true
+ zones = var.extra_domains
+
tags = local.tags
}
@@ -229,7 +231,7 @@ resource "aws_cloudfront_distribution" "this" {
}
}
- aliases = var.domains
+ aliases = concat(var.domains, keys(var.extra_domains))
enabled = true
is_ipv6_enabled = true
@@ -349,6 +351,20 @@ resource "aws_route53_record" "this" {
}
}
+resource "aws_route53_record" "extra" {
+ for_each = var.extra_domains
+
+ zone_id = each.value
+ name = each.key
+ type = "A"
+
+ alias {
+ name = aws_cloudfront_distribution.this.domain_name
+ zone_id = aws_cloudfront_distribution.this.hosted_zone_id
+ evaluate_target_health = false
+ }
+}
+
resource "aws_cloudfront_response_headers_policy" "this" {
count = length(var.s3_cors_rule) > 0 ? 1 : 0
name = "${var.s3_bucket_name}-cors"
diff --git a/variables.tf b/variables.tf
index b80edeb..29dce89 100644
--- a/variables.tf
+++ b/variables.tf
@@ -159,3 +159,9 @@ variable "response_header_access_control_allow_credentials" {
type = bool
default = false
}
+
+variable "extra_domains" {
+ type = map(string)
+ description = "Map of extra_domains with domain name and zone_id"
+ default = {}
+}