domains

.github/workflows/build.yml

@@ -71,10 +71,10 @@ jobs:
         path: accreditation
 
     - name: Copy to S3
-      run: aws s3 sync accreditation s3://dev.stumblefunk.org.uk/accreditation
+      run: aws s3 sync accreditation s3://www.dev.stumblefunk.org.uk/accreditation
 
     - name: Load env config
-      run: aws s3 cp s3://dev.stumblefunk.org.uk/accreditation/config.js.env s3://dev.stumblefunk.org.uk/accreditation/config.js
+      run: aws s3 cp s3://www.dev.stumblefunk.org.uk/accreditation/config.js.env s3://www.dev.stumblefunk.org.uk/accreditation/config.js
 
 
   deploy-prod:

environments/prod/terragrunt.hcl

@@ -10,5 +10,5 @@ include {
 
 # Specfic variables for this environment
 inputs = {
-  domain = "www.stumblefunk.org.uk"
+  domain = "stumblefunk.org.uk"
 }

terraform/acm.tf

@@ -0,0 +1,17 @@
+resource "aws_acm_certificate" "this" {
+  domain_name               = var.domain
+  subject_alternative_names = ["www.${var.domain}"]
+  validation_method         = "DNS"
+  provider                  = aws.virginia
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+
+resource "aws_acm_certificate_validation" "this" {
+  certificate_arn         = aws_acm_certificate.this.arn
+  validation_record_fqdns = [for record in aws_route53_record.validation : record.fqdn]
+  provider                = aws.virginia
+}

terraform/aws.tf

@@ -11,4 +11,9 @@ terraform {
 
 provider "aws" {
   region = var.aws_region
-}
+}
+
+provider "aws" {
+  alias = "virginia"
+  region = "us-east-1"
+}

terraform/cloudfront.tf

@@ -7,8 +7,6 @@ resource "aws_cloudfront_origin_access_control" "www" {
 }
 
 
-
-
 resource "aws_cloudfront_distribution" "www" {
   origin {
     domain_name              = aws_s3_bucket.www.bucket_regional_domain_name
@@ -18,9 +16,9 @@ resource "aws_cloudfront_distribution" "www" {
 
   enabled             = true
   default_root_object = "index.html"
+  comment             = "${var.product}-${var.environment}"
 
-  #   Optional - Extra CNAMEs (alternate domain names), if any, for this distribution
-  #   aliases             = ["mysite.example.com", "yoursite.example.com"]
+  aliases             = ["www.${var.domain}", var.domain]
 
   default_cache_behavior {
     allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
@@ -57,7 +55,8 @@ resource "aws_cloudfront_distribution" "www" {
   }
 
   viewer_certificate {
-    cloudfront_default_certificate = true
+    acm_certificate_arn = aws_acm_certificate.this.arn
+    ssl_support_method = "sni-only"
   }
 
 }

terraform/iam.tf

@@ -10,8 +10,6 @@ data "aws_iam_policy_document" "lambda" {
 }
 
 
-
-
 resource "aws_iam_role" "lambda" {
   name               = "${var.product}-role-${var.environment}"
   assume_role_policy = data.aws_iam_policy_document.lambda.json

terraform/route53.tf

@@ -0,0 +1,46 @@
+data "aws_route53_zone" "this" {
+  name         = "stumblefunk.org.uk"
+  private_zone = false
+}
+
+
+resource "aws_route53_record" "validation" {
+  for_each = {
+    for dvo in aws_acm_certificate.this.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.this.zone_id
+}
+
+
+resource "aws_route53_record" "www" {
+  zone_id = data.aws_route53_zone.this.zone_id
+  name    = "www.${var.domain}"
+  type    = "A"
+  alias {
+    name                   = aws_cloudfront_distribution.www.domain_name
+    zone_id                = aws_cloudfront_distribution.www.hosted_zone_id
+    evaluate_target_health = true
+  }
+}
+
+
+resource "aws_route53_record" "nowww" {
+  zone_id = data.aws_route53_zone.this.zone_id
+  name    = var.domain
+  type    = "A"
+  alias {
+    name                   = aws_cloudfront_distribution.www.domain_name
+    zone_id                = aws_cloudfront_distribution.www.hosted_zone_id
+    evaluate_target_health = true
+  }
+}

terraform/s3.tf

@@ -1,5 +1,5 @@
 resource "aws_s3_bucket" "www" {
-  bucket        = "${var.domain}"
+  bucket        = "www.${var.domain}"
   force_destroy = true
 }
 
@@ -12,7 +12,6 @@ resource "aws_s3_account_public_access_block" "www" {
 }
 
 
-
 locals {
   folder_files = [
     for file in flatten(fileset("${path.module}/public_html/**", "**")) :