diff --git a/src/core/README.md b/src/core/README.md
index 5387e956d..6aba9580a 100644
--- a/src/core/README.md
+++ b/src/core/README.md
@@ -112,7 +112,6 @@
| [redis\_common\_backup\_zrs](#module\_redis\_common\_backup\_zrs) | github.com/pagopa/terraform-azurerm-v3//storage_account | v7.61.0 |
| [redis\_common\_snet](#module\_redis\_common\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
| [redis\_messages\_v6](#module\_redis\_messages\_v6) | git::https://github.com/pagopa/terraform-azurerm-v3.git//redis_cache | v7.61.0 |
-| [selfcare\_cdn](#module\_selfcare\_cdn) | git::https://github.com/pagopa/terraform-azurerm-v3.git//cdn | v7.61.0 |
| [selfcare\_jwt](#module\_selfcare\_jwt) | git::https://github.com/pagopa/terraform-azurerm-v3.git//jwt_keys | v7.61.0 |
| [services\_snet](#module\_services\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
| [shared\_1\_snet](#module\_shared\_1\_snet) | git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet | v7.61.0 |
@@ -391,6 +390,7 @@
| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
| [azurerm_cosmosdb_account.cosmos_api](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
| [azurerm_cosmosdb_account.cosmos_remote_content](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/cosmosdb_account) | data source |
+| [azurerm_dns_a_record.selfcare_cdn](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/dns_a_record) | data source |
| [azurerm_eventhub_authorization_rule.io-p-messages-weu-prod01-evh-ns_message-status_io-fn-messages-cqrs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
| [azurerm_eventhub_authorization_rule.io-p-messages-weu-prod01-evh-ns_messages_io-fn-messages-cqrs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
| [azurerm_eventhub_authorization_rule.io-p-payments-weu-prod01-evh-ns_payment-updates_io-fn-messages-cqrs](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/eventhub_authorization_rule) | data source |
diff --git a/src/core/monitor.tf b/src/core/monitor.tf
index 90b2cc3dd..96b8ecd0f 100644
--- a/src/core/monitor.tf
+++ b/src/core/monitor.tf
@@ -334,8 +334,8 @@ locals {
},
{
# https://io.selfcare.pagopa.it
- name = module.selfcare_cdn.fqdn,
- host = module.selfcare_cdn.fqdn,
+ name = trimsuffix(data.azurerm_dns_a_record.selfcare_cdn.fqdn, "."),
+ host = trimsuffix(data.azurerm_dns_a_record.selfcare_cdn.fqdn, "."),
path = "",
frequency = 900
http_status = 200,
diff --git a/src/core/selfcare.tf b/src/core/selfcare.tf
index 3350f86b4..f0c6251cb 100644
--- a/src/core/selfcare.tf
+++ b/src/core/selfcare.tf
@@ -16,67 +16,17 @@ data "azurerm_resource_group" "selfcare_fe_rg" {
name = "${local.project}-selfcare-fe-rg"
}
-### Frontend resources
-#tfsec:ignore:azure-storage-queue-services-logging-enabled:exp:2022-05-01 # already ignored, maybe a bug in tfsec
-module "selfcare_cdn" {
- source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//cdn?ref=v7.61.0"
-
- name = "selfcare"
- prefix = local.project
- resource_group_name = data.azurerm_resource_group.selfcare_fe_rg.name
- location = data.azurerm_resource_group.selfcare_fe_rg.location
- hostname = "${var.dns_zone_io_selfcare}.${var.external_domain}"
- https_rewrite_enabled = true
-
- index_document = "index.html"
- error_404_document = "404.html"
-
- storage_account_replication_type = "GZRS"
-
- dns_zone_name = azurerm_dns_zone.io_selfcare_pagopa_it[0].name
- dns_zone_resource_group_name = azurerm_dns_zone.io_selfcare_pagopa_it[0].resource_group_name
-
- keyvault_vault_name = module.key_vault.name
- keyvault_resource_group_name = module.key_vault.resource_group_name
- keyvault_subscription_id = data.azurerm_subscription.current.subscription_id
-
- querystring_caching_behaviour = "BypassCaching"
-
- global_delivery_rule = {
- cache_expiration_action = []
- cache_key_query_string_action = []
- modify_request_header_action = []
-
- # HSTS
- modify_response_header_action = [{
- action = "Overwrite"
- name = "Strict-Transport-Security"
- value = "max-age=31536000"
- },
- # Content-Security-Policy (in Report mode)
- {
- action = "Append"
- name = "Content-Security-Policy-Report-Only"
- value = "script-src 'self' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'none'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; "
- },
- {
- action = "Append"
- name = "Content-Security-Policy-Report-Only"
- value = "img-src 'self' https://assets.cdn.io.italia.it data:; "
- }
- ]
- }
-
- log_analytics_workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id
-
- tags = var.tags
-}
-
### Backend common resources
data "azurerm_resource_group" "selfcare_be_rg" {
name = format("%s-selfcare-be-rg", local.project)
}
+data "azurerm_dns_a_record" "selfcare_cdn" {
+ name = "@"
+ resource_group_name = azurerm_dns_zone.io_selfcare_pagopa_it[0].resource_group_name
+ zone_name = azurerm_dns_zone.io_selfcare_pagopa_it[0].name
+}
+
## key vault
data "azurerm_key_vault_secret" "selfcare_apim_io_service_key" {
diff --git a/src/domains/selfcare/_modules/cdn/variables.tf b/src/domains/selfcare/_modules/cdn/variables.tf
index a7fdca59a..c353f77b6 100644
--- a/src/domains/selfcare/_modules/cdn/variables.tf
+++ b/src/domains/selfcare/_modules/cdn/variables.tf
@@ -14,11 +14,11 @@ variable "tags" {
}
variable "resource_group_name" {
- type = string
+ type = string
description = "Resource group name for the CDN"
}
variable "dns_zone_name" {
- type = string
+ type = string
description = "DNZ zone for the CDN Profile"
}
diff --git a/src/domains/selfcare/prod/westeurope/README.md b/src/domains/selfcare/prod/westeurope/README.md
index 20f42dc99..e8c5f4adf 100644
--- a/src/domains/selfcare/prod/westeurope/README.md
+++ b/src/domains/selfcare/prod/westeurope/README.md
@@ -10,6 +10,7 @@
| Name | Source | Version |
|------|--------|---------|
+| [cdn](#module\_cdn) | ../../_modules/cdn | n/a |
| [networking](#module\_networking) | ../../_modules/networking | n/a |
| [resource\_groups](#module\_resource\_groups) | ../../_modules/resource_groups | n/a |