diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl
index 08be33dce..b83c00a34 100644
--- a/terraform/.terraform.lock.hcl
+++ b/terraform/.terraform.lock.hcl
@@ -41,22 +41,22 @@ provider "registry.terraform.io/hashicorp/azuread" {
}
provider "registry.terraform.io/hashicorp/azurerm" {
- version = "3.47.0"
- constraints = ">= 3.41.0"
+ version = "3.48.0"
+ constraints = ">= 3.41.0, >= 3.47.0"
hashes = [
- "h1:JW85JWb8IHUrf02p2ZA0bnfqbl/R6edKEke+1FnPbFA=",
- "zh:099ffaec3ef0ef45a23aebd851fdf49a279f872632dd2e72fa3cb897621511ac",
- "zh:0a2c33eff74c8934a371cff9647edc59a35cd2810d63613e5de4f6f2e43ae014",
- "zh:0ac4934c8ebff2cdb5aba2728693ba8e2143f7a16f51dadaff5847a442d535b3",
- "zh:125d2e039796ccf50f08e254be6f6258c28739fe28083c8e9fcb3952084bebb5",
- "zh:39de12f00902dbe42a07b75687b9f4c2f141874bd8c0d544b02f23991e295f66",
- "zh:584241a1dbee15d09007cfba5a341d0ae05722c194f51a67e01e4f6258dadc5e",
- "zh:a0001c265faa25e3b3595fd530891cb08a01108cecea9b84289420a83e3d57dc",
- "zh:c636316dc16226754b7c340fe0ad16fb1b2d9d4530303e9179be7205568cf40f",
- "zh:ce6e92a57a5f277f9ccab2a119f939faa28ada04eb2cc9d3f2d2c70dc19a1a84",
- "zh:cfde69b8c48edda6ac232d3afa676cfd9fa60515e43d764666a657b190b7ed71",
+ "h1:MrojhMxADZXFiCAd4dtSfvC4/n0xiQGN95/XpUBaBsI=",
+ "zh:01bd328009f2803ebc18ac27535e7d1548c735bb5bd02460e471acc835e5dd19",
+ "zh:070b0bdd5ff27232eec7ef9128fc9bd17e6bdae503ddcc450c944449f3a8d216",
+ "zh:0a0a0e81f7ab8757aa83876fffbc57328843664900923d8b3c577e7596884726",
+ "zh:30994e6988c92d90a71b88bff0bbc4fa8f3b48034d18eb068bd5281888304579",
+ "zh:54dfdbae2bf79f8104ae73e5c6cd94a69d1e6de4345322f6c8eb6affb04a66c5",
+ "zh:55ba99b32346237435d7212b3f2521952ee67934dd5ee942a51642357b0ad4fc",
+ "zh:881bc29857511f7eedc3d359a0f2dcca6b526a48f6d54887cafdb25647abd1fd",
+ "zh:892bfa34b95b6b4b2ced24dc2989edf512b193bd9e5cf121ae47bb9d9e6d0b94",
+ "zh:c7d2c778b0f251990874ee859b9093fbb4beb9b3968858137da6c5167c797ea9",
+ "zh:db558aa70b163af44a73fcb1306d0e4dcafcafe585bedb90ef69f063fa9766a3",
+ "zh:e0ae252b7bea560e05fde09fe632f012430fb91ff9063fce560d997ecdb1cf75",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:fc1269b2f4d27cd2d14cd970e5b5066adf68a3b267f21d57edc36b8ef6dba82f",
]
}
diff --git a/terraform/README.md b/terraform/README.md
index 4c26950bd..f7970c49a 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -136,7 +136,7 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v0.14.6 |
+| [azure\_container\_apps\_hosting](#module\_azure\_container\_apps\_hosting) | github.com/DFE-Digital/terraform-azurerm-container-apps-hosting | v0.16.0 |
| [azurerm\_key\_vault](#module\_azurerm\_key\_vault) | github.com/DFE-Digital/terraform-azurerm-key-vault-tfvars | v0.1.1 |
## Resources
@@ -148,14 +148,19 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [azure\_location](#input\_azure\_location) | Azure location in which to launch resources. | `string` | n/a | yes |
+| [cdn\_frontdoor\_custom\_domains](#input\_cdn\_frontdoor\_custom\_domains) | Azure CDN Front Door custom domains. If they are within the DNS zone (optionally created), the Validation TXT records and ALIAS/CNAME records will be created | `list(string)` | n/a | yes |
| [cdn\_frontdoor\_enable\_rate\_limiting](#input\_cdn\_frontdoor\_enable\_rate\_limiting) | Enable CDN Front Door Rate Limiting. This will create a WAF policy, and CDN security policy. For pricing reasons, there will only be one WAF policy created. | `bool` | n/a | yes |
| [cdn\_frontdoor\_health\_probe\_path](#input\_cdn\_frontdoor\_health\_probe\_path) | Specifies the path relative to the origin that is used to determine the health of the origin. | `string` | n/a | yes |
| [cdn\_frontdoor\_host\_add\_response\_headers](#input\_cdn\_frontdoor\_host\_add\_response\_headers) | List of response headers to add at the CDN Front Door `[{ "Name" = "Strict-Transport-Security", "value" = "max-age=31536000" }]` | `list(map(string))` | n/a | yes |
| [container\_command](#input\_container\_command) | Container command | `list(any)` | n/a | yes |
| [container\_health\_probe\_path](#input\_container\_health\_probe\_path) | Specifies the path that is used to determine the liveness of the Container | `string` | n/a | yes |
| [container\_secret\_environment\_variables](#input\_container\_secret\_environment\_variables) | Container secret environment variables | `map(string)` | n/a | yes |
+| [dns\_ns\_records](#input\_dns\_ns\_records) | DNS NS records to add to the DNS Zone | map(
object({
ttl : optional(number, 300),
records : list(string)
})
)
| n/a | yes |
+| [dns\_txt\_records](#input\_dns\_txt\_records) | DNS TXT records to add to the DNS Zone | map(
object({
ttl : optional(number, 300),
records : list(string)
})
)
| n/a | yes |
+| [dns\_zone\_domain\_name](#input\_dns\_zone\_domain\_name) | DNS zone domain name. If created, records will automatically be created to point to the CDN. | `string` | n/a | yes |
| [enable\_cdn\_frontdoor](#input\_enable\_cdn\_frontdoor) | Enable Azure CDN FrontDoor. This will use the Container Apps endpoint as the origin. | `bool` | n/a | yes |
| [enable\_container\_registry](#input\_enable\_container\_registry) | Set to true to create a container registry | `bool` | n/a | yes |
+| [enable\_dns\_zone](#input\_enable\_dns\_zone) | Conditionally create a DNS zone | `bool` | n/a | yes |
| [enable\_event\_hub](#input\_enable\_event\_hub) | Send Azure Container App logs to an Event Hub sink | `bool` | n/a | yes |
| [enable\_monitoring](#input\_enable\_monitoring) | Create an App Insights instance and notification group for the Container App | `bool` | n/a | yes |
| [environment](#input\_environment) | Environment name. Will be used along with `project_name` as a prefix for all resources. | `string` | n/a | yes |
diff --git a/terraform/container-apps-hosting.tf b/terraform/container-apps-hosting.tf
index 53c43a6af..1cf6590cc 100644
--- a/terraform/container-apps-hosting.tf
+++ b/terraform/container-apps-hosting.tf
@@ -1,5 +1,5 @@
module "azure_container_apps_hosting" {
- source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v0.14.6"
+ source = "github.com/DFE-Digital/terraform-azurerm-container-apps-hosting?ref=v0.16.0"
environment = local.environment
project_name = local.project_name
@@ -10,6 +10,11 @@ module "azure_container_apps_hosting" {
enable_container_registry = local.enable_container_registry
+ enable_dns_zone = local.enable_dns_zone
+ dns_zone_domain_name = local.dns_zone_domain_name
+ dns_ns_records = local.dns_ns_records
+ dns_txt_records = local.dns_txt_records
+
image_name = local.image_name
container_command = local.container_command
container_secret_environment_variables = local.container_secret_environment_variables
@@ -17,6 +22,7 @@ module "azure_container_apps_hosting" {
enable_cdn_frontdoor = local.enable_cdn_frontdoor
cdn_frontdoor_enable_rate_limiting = local.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_host_add_response_headers = local.cdn_frontdoor_host_add_response_headers
+ cdn_frontdoor_custom_domains = local.cdn_frontdoor_custom_domains
enable_event_hub = local.enable_event_hub
diff --git a/terraform/locals.tf b/terraform/locals.tf
index d309334eb..4a34d41e1 100644
--- a/terraform/locals.tf
+++ b/terraform/locals.tf
@@ -10,12 +10,17 @@ locals {
container_secret_environment_variables = var.container_secret_environment_variables
enable_cdn_frontdoor = var.enable_cdn_frontdoor
enable_event_hub = var.enable_event_hub
+ enable_dns_zone = var.enable_dns_zone
+ dns_zone_domain_name = var.dns_zone_domain_name
+ dns_ns_records = var.dns_ns_records
+ dns_txt_records = var.dns_txt_records
key_vault_access_users = toset(var.key_vault_access_users)
tfvars_filename = var.tfvars_filename
enable_monitoring = var.enable_monitoring
monitor_email_receivers = var.monitor_email_receivers
cdn_frontdoor_enable_rate_limiting = var.cdn_frontdoor_enable_rate_limiting
cdn_frontdoor_host_add_response_headers = var.cdn_frontdoor_host_add_response_headers
+ cdn_frontdoor_custom_domains = var.cdn_frontdoor_custom_domains
container_health_probe_path = var.container_health_probe_path
cdn_frontdoor_health_probe_path = var.cdn_frontdoor_health_probe_path
monitor_endpoint_healthcheck = var.monitor_endpoint_healthcheck
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 4e8317cb3..3c33ebc57 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -54,6 +54,36 @@ variable "container_secret_environment_variables" {
sensitive = true
}
+variable "enable_dns_zone" {
+ description = "Conditionally create a DNS zone"
+ type = bool
+}
+
+variable "dns_zone_domain_name" {
+ description = "DNS zone domain name. If created, records will automatically be created to point to the CDN."
+ type = string
+}
+
+variable "dns_ns_records" {
+ description = "DNS NS records to add to the DNS Zone"
+ type = map(
+ object({
+ ttl : optional(number, 300),
+ records : list(string)
+ })
+ )
+}
+
+variable "dns_txt_records" {
+ description = "DNS TXT records to add to the DNS Zone"
+ type = map(
+ object({
+ ttl : optional(number, 300),
+ records : list(string)
+ })
+ )
+}
+
variable "enable_cdn_frontdoor" {
description = "Enable Azure CDN FrontDoor. This will use the Container Apps endpoint as the origin."
type = bool
@@ -89,6 +119,11 @@ variable "cdn_frontdoor_health_probe_path" {
type = string
}
+variable "cdn_frontdoor_custom_domains" {
+ description = "Azure CDN Front Door custom domains. If they are within the DNS zone (optionally created), the Validation TXT records and ALIAS/CNAME records will be created"
+ type = list(string)
+}
+
variable "monitor_endpoint_healthcheck" {
description = "Specify a route that should be monitored for a 200 OK status"
type = string