Skip to content

CCM-11056 adding custom DNS #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aidenvaines-cgi merged 6 commits into from
Jul 11, 2025
Merged

CCM-11056 adding custom DNS #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
c904271
CCM-11056 adding custom DNS
aidenvaines-cgi Jul 10, 2025
00572af
CCM-11056 adding custom DNS
aidenvaines-cgi Jul 10, 2025
e3378d1
CCM-11056 adding custom DNS
aidenvaines-cgi Jul 10, 2025
1cc2794
CCM-11056 adding custom DNS
aidenvaines-cgi Jul 10, 2025
8a2e6f2
CCM-11056 map API and custom domain
aidenvaines-cgi Jul 10, 2025
881a95f
CCM-11056 map API and custom domain
aidenvaines-cgi Jul 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .tool-versions
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
act 0.2.64
gitleaks 8.24.0
jq 1.6
nodejs 22.11.0
nodejs 22.15.0
pre-commit 3.6.0
python 3.13.2
terraform 1.9.2
Expand Down
13 changes: 13 additions & 0 deletions infrastructure/terraform/components/api/acm_certificate.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
resource "aws_acm_certificate" "main" {
domain_name = local.root_domain_name
validation_method = "DNS"

lifecycle {
create_before_destroy = true
}
}

resource "aws_acm_certificate_validation" "main" {
certificate_arn = aws_acm_certificate.main.arn
validation_record_fqdns = [for record in aws_route53_record.acm_validation : record.fqdn]
}
5 changes: 5 additions & 0 deletions infrastructure/terraform/components/api/api_gateway_base_path_mapping.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resource "aws_api_gateway_base_path_mapping" "main" {
api_id = aws_api_gateway_rest_api.main.id
stage_name = aws_api_gateway_stage.main.stage_name
domain_name = aws_api_gateway_domain_name.main.domain_name
}
9 changes: 9 additions & 0 deletions infrastructure/terraform/components/api/api_gateway_domain.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resource "aws_api_gateway_domain_name" "main" {
regional_certificate_arn = aws_acm_certificate_validation.main.certificate_arn
domain_name = local.root_domain_name
security_policy = "TLS_1_2"

endpoint_configuration {
types = ["REGIONAL"]
}
}
3 changes: 3 additions & 0 deletions infrastructure/terraform/components/api/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
locals {
aws_lambda_functions_dir_path = "../../../../lambdas"
root_domain_name = "${var.environment}.${local.acct.route53_zone_names["supplier-api"]}" # e.g. [main|dev|abxy0].supplier-api.[dev|nonprod|prod].nhsnotify.national.nhs.uk
root_domain_id = local.acct.route53_zone_ids["supplier-api"]
root_domain_nameservers = local.acct.route53_zone_nameservers["supplier-api"]

openapi_spec = templatefile("${path.module}/resources/spec.tmpl.json", {
APIG_EXECUTION_ROLE_ARN = aws_iam_role.api_gateway_execution_role.arn
Expand Down
12 changes: 12 additions & 0 deletions infrastructure/terraform/components/api/route53_record.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
resource "aws_route53_record" "main" {
name = aws_api_gateway_domain_name.main.domain_name
type = "A"
zone_id = local.root_domain_id

alias {
name = aws_api_gateway_domain_name.main.regional_domain_name
zone_id = aws_api_gateway_domain_name.main.regional_zone_id

evaluate_target_health = true
}
}
17 changes: 17 additions & 0 deletions infrastructure/terraform/components/api/route53_record_acm_validation.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
resource "aws_route53_record" "acm_validation" {
for_each = {
for dvo in aws_acm_certificate.main.domain_validation_options :
dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
} if dvo.domain_name == local.root_domain_name
}

allow_overwrite = true
name = each.value.name
records = [each.value.record]
type = each.value.type
zone_id = local.root_domain_id
ttl = 60
}
Loading