diff --git a/main.tf b/main.tf index 8652dd7..728ae32 100644 --- a/main.tf +++ b/main.tf @@ -26,10 +26,30 @@ module "certificate" { validation_method = "DNS" wait_for_validation = true + create_route53_records = false # TODO: revert before merge tags = local.tags } +module "tmp_route53_record" { # TODO revert before merge + source = "terraform-aws-modules/acm/aws" + version = "~> 4.0" + + providers = { + aws = aws.us_east_1 + } + + create_certificate = false + create_route53_records_only = true + + validation_method = "DNS" + + distinct_domain_names = [local.main_domain] + zone_id = var.domain_zone_id + + acm_certificate_domain_validation_options = module.certificate.acm_certificate_domain_validation_options +} + resource "aws_cloudfront_origin_access_control" "this" { name = "Access from CF to S3 - ${local.main_domain}" description = "Access from CF to S3 - ${local.main_domain}" @@ -64,7 +84,7 @@ data "aws_iam_policy_document" "bucket_policy" { condition { test = "StringEquals" variable = "AWS:SourceArn" - values = [aws_cloudfront_distribution.this.arn] + values = [aws_cloudfront_distribution.this.arn,var.tmp_additional_cloudfront_distribution_arn] #TODO: revert before mege } } @@ -254,7 +274,7 @@ resource "aws_cloudfront_distribution" "this" { } resource "aws_route53_record" "this" { - for_each = toset(var.domains) + for_each = toset([local.main_domain]) # TODO: revert before merge zone_id = var.domain_zone_id name = each.value diff --git a/variables.tf b/variables.tf index a89fb52..40887ae 100644 --- a/variables.tf +++ b/variables.tf @@ -89,3 +89,8 @@ variable "kms_deletion_window_in_days" { default = 30 description = "The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key" } + +variable "tmp_additional_cloudfront_distribution_arn" { + type = string + description = "Temporary variable to pass additional cloudfront distribution to s3 bucket policy" +}