Merge pull request #215 from silinternational/develop

Release 11.0.0-alpha.2 -- intermediate CNAMEs for id-sync, ssp, pw-api
silinternational · Aug 7, 2023 · b9cce72 · b9cce72
2 parents 1be7af1 + 7020a4f
commit b9cce72
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 6 deletions.
diff --git a/terraform/050-pw-manager/main-api.tf b/terraform/050-pw-manager/main-api.tf
@@ -32,7 +32,10 @@ resource "aws_alb_listener_rule" "pwmanager" {
 
   condition {
     host_header {
-      values = ["${var.api_subdomain}.${var.cloudflare_domain}"]
+      values = [
+        "${var.api_subdomain}.${var.cloudflare_domain}",
+        "${local.api_subdomain_with_region}.${var.cloudflare_domain}"
+      ]
     }
   }
 }
@@ -48,6 +51,8 @@ resource "random_id" "access_token_hash" {
  * Create ECS service for API
  */
 locals {
+  api_subdomain_with_region = "${var.api_subdomain}-${var.aws_region}"
+
   task_def = templatefile("${path.module}/task-definition-api.json", {
     access_token_hash                   = random_id.access_token_hash.hex
     alerts_email                        = var.alerts_email
@@ -116,13 +121,21 @@ module "ecsservice" {
 }
 
 /*
- * Create Cloudflare DNS record
+ * Create Cloudflare DNS record(s)
  */
 resource "cloudflare_record" "apidns" {
   count = var.create_dns_record ? 1 : 0
 
   zone_id = data.cloudflare_zone.domain.id
   name    = var.api_subdomain
+  value   = cloudflare_record.apidns_intermediate.hostname
+  type    = "CNAME"
+  proxied = true
+}
+
+resource "cloudflare_record" "apidns_intermediate" {
+  zone_id = data.cloudflare_zone.domain.id
+  name    = local.api_subdomain_with_region
   value   = var.alb_dns_name
   type    = "CNAME"
   proxied = true

diff --git a/terraform/050-pw-manager/outputs.tf b/terraform/050-pw-manager/outputs.tf
@@ -14,6 +14,11 @@ output "api_hostname" {
   value = "${var.api_subdomain}.${var.cloudflare_domain}"
 }
 
+output "api_public_dns_value" {
+  description = "The value to use for the 'public' DNS record, if creating it outside of this module."
+  value       = cloudflare_record.apidns_intermediate.hostname
+}
+
 output "db_pwmanager_user" {
   value = var.mysql_user
 }

diff --git a/terraform/060-simplesamlphp/main.tf b/terraform/060-simplesamlphp/main.tf
@@ -28,7 +28,10 @@ resource "aws_alb_listener_rule" "ssp" {
 
   condition {
     host_header {
-      values = ["${var.subdomain}.${var.cloudflare_domain}"]
+      values = [
+        "${var.subdomain}.${var.cloudflare_domain}",
+        "${local.subdomain_with_region}.${var.cloudflare_domain}"
+      ]
     }
   }
 }
@@ -49,6 +52,8 @@ module "cf_ips" {
 }
 
 locals {
+  subdomain_with_region = "${var.subdomain}-${var.aws_region}"
+
   other_ip_addresses = var.trust_cloudflare_ips == "ipv4" ? module.cf_ips.ipv4_cidrs : []
 
   trusted_ip_addresses = concat(module.cf_ips.ipv4_cidrs, var.trusted_ip_addresses)
@@ -114,13 +119,21 @@ module "ecsservice" {
 }
 
 /*
- * Create Cloudflare DNS record
+ * Create Cloudflare DNS record(s)
  */
 resource "cloudflare_record" "sspdns" {
   count = var.create_dns_record ? 1 : 0
 
   zone_id = data.cloudflare_zone.domain.id
   name    = var.subdomain
+  value   = cloudflare_record.sspdns_intermediate.hostname
+  type    = "CNAME"
+  proxied = true
+}
+
+resource "cloudflare_record" "sspdns_intermediate" {
+  zone_id = data.cloudflare_zone.domain.id
+  name    = local.subdomain_with_region
   value   = var.alb_dns_name
   type    = "CNAME"
   proxied = true

diff --git a/terraform/060-simplesamlphp/outputs.tf b/terraform/060-simplesamlphp/outputs.tf
@@ -15,3 +15,7 @@ output "secret_salt" {
   sensitive = true
 }
 
+output "public_dns_value" {
+  description = "The value to use for the 'public' DNS record, if creating it outside of this module."
+  value       = cloudflare_record.sspdns_intermediate.hostname
+}
diff --git a/terraform/070-id-sync/main.tf b/terraform/070-id-sync/main.tf
@@ -28,7 +28,10 @@ resource "aws_alb_listener_rule" "idsync" {
 
   condition {
     host_header {
-      values = ["${var.subdomain}.${var.cloudflare_domain}"]
+      values = [
+        "${var.subdomain}.${var.cloudflare_domain}",
+        "${local.subdomain_with_region}.${var.cloudflare_domain}"
+      ]
     }
   }
 }
@@ -44,12 +47,15 @@ resource "random_id" "access_token_external" {
  * Create ECS service
  */
 locals {
+  subdomain_with_region = "${var.subdomain}-${var.aws_region}"
+
   id_store_config = join(",",
     [for k, v in var.id_store_config : jsonencode({
       name  = "ID_STORE_CONFIG_${k}"
       value = v
     })]
   )
+
   task_def = templatefile("${path.module}/task-definition.json", {
     app_env                      = var.app_env
     app_name                     = var.app_name
@@ -94,13 +100,21 @@ module "ecsservice" {
 }
 
 /*
- * Create Cloudflare DNS record
+ * Create Cloudflare DNS record(s)
  */
 resource "cloudflare_record" "idsyncdns" {
   count = var.create_dns_record ? 1 : 0
 
   zone_id = data.cloudflare_zone.domain.id
   name    = var.subdomain
+  value   = cloudflare_record.idsyncdns_intermediate.hostname
+  type    = "CNAME"
+  proxied = true
+}
+
+resource "cloudflare_record" "idsyncdns_intermediate" {
+  zone_id = data.cloudflare_zone.domain.id
+  name    = local.subdomain_with_region
   value   = var.alb_dns_name
   type    = "CNAME"
   proxied = true

diff --git a/terraform/070-id-sync/outputs.tf b/terraform/070-id-sync/outputs.tf
@@ -5,3 +5,8 @@ output "idsync_url" {
 output "access_token_external" {
   value = random_id.access_token_external.hex
 }
+
+output "public_dns_value" {
+  description = "The value to use for the 'public' DNS record, if creating it outside of this module."
+  value       = cloudflare_record.idsyncdns_intermediate.hostname
+}