ci: handle cloudflare domains

jedwards1230 · Dec 19, 2023 · 155a0e1 · 155a0e1
1 parent b223a77
commit 155a0e1
Show file tree

Hide file tree

Showing 12 changed files with 69 additions and 68 deletions.
diff --git a/terraform/dev/main.tf b/terraform/dev/main.tf
@@ -1,20 +1,16 @@
 terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.0"
-    }
-  }
-
   backend "s3" {}
 }
 
 module "infra" {
-  source       = "../shared"
-  stage        = var.stage
-  project-name = var.project-name
-  region       = var.region
-  domain_name  = var.domain_name
+  source               = "../shared"
+  stage                = var.stage
+  project-name         = var.project-name
+  region               = var.region
+  domain_name          = var.domain_name
+  cloudflare_email     = var.cloudflare_email
+  cloudflare_api_token = var.cloudflare_api_token
+  cloudflare_zone_id   = var.cloudflare_zone_id
 
   nextauth_url         = var.nextauth_url
   nextauth_secret      = var.nextauth_secret

diff --git a/terraform/dev/terraform.tfvars.example b/terraform/dev/terraform.tfvars.example
@@ -1,7 +1,14 @@
+# Infrastructure
 project-name = ""
 stage = ""
 region = ""
 domain_name = ""
+route53_zone_id = ""
+cloudflare_email = ""
+cloudflare_api_token = ""
+cloudflare_zone_id = ""
+
+# Webapp
 nextauth_url         = ""
 nextauth_secret      = ""
 next_public_url      = ""

diff --git a/terraform/dev/variables.tf b/terraform/dev/variables.tf
@@ -2,6 +2,9 @@ variable "project-name" { description = "Project name" }
 variable "stage" { description = "Stage (dev, prod)" }
 variable "region" { description = "AWS region" }
 variable "domain_name" { description = "Domain name" }
+variable "cloudflare_email" { description = "Cloudflare email" }
+variable "cloudflare_api_token" { description = "Cloudflare API token" }
+variable "cloudflare_zone_id" { description = "Cloudflare Zone ID" }
 
 /* Secrets */
 variable "nextauth_url" { description = "NEXTAUTH_URL" }

diff --git a/terraform/init-state/main.tf b/terraform/init-state/main.tf
@@ -35,14 +35,6 @@ resource "aws_resourcegroups_group" "resource_group" {
   }
 }
 
-# Route 53 Hosted Zone
-# Creates a Route 53 hosted zone for the domain name 'jedwards.cc'. This hosted zone is used to
-# manage DNS records for the domain.
-resource "aws_route53_zone" "main" {
-  name = var.domain_name
-  tags = local.common_tags
-}
-
 resource "aws_s3_bucket" "terraform_state" {
   bucket = local.bucket_name
   tags   = local.common_tags

diff --git a/terraform/init-state/terraform.tfvars.example b/terraform/init-state/terraform.tfvars.example
@@ -1,3 +1,3 @@
 project-name = ""
 region = ""
-domain_name = ""
+domain_name = ""
diff --git a/terraform/prod/main.tf b/terraform/prod/main.tf
@@ -1,20 +1,16 @@
 terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 5.0"
-    }
-  }
-
   backend "s3" {}
 }
 
 module "infra" {
-  source       = "../shared"
-  stage        = var.stage
-  project-name = var.project-name
-  region       = var.region
-  domain_name  = var.domain_name
+  source               = "../shared"
+  stage                = var.stage
+  project-name         = var.project-name
+  region               = var.region
+  domain_name          = var.domain_name
+  cloudflare_email     = var.cloudflare_email
+  cloudflare_api_token = var.cloudflare_api_token
+  cloudflare_zone_id   = var.cloudflare_zone_id
 
   nextauth_url         = var.nextauth_url
   nextauth_secret      = var.nextauth_secret

diff --git a/terraform/prod/terraform.tfvars.example b/terraform/prod/terraform.tfvars.example
@@ -1,7 +1,14 @@
+# Infrastructure
 project-name = ""
 stage = ""
 region = ""
 domain_name = ""
+route53_zone_id = ""
+cloudflare_email = ""
+cloudflare_api_token = ""
+cloudflare_zone_id = ""
+
+# Webapp
 nextauth_url         = ""
 nextauth_secret      = ""
 next_public_url      = ""

diff --git a/terraform/prod/variables.tf b/terraform/prod/variables.tf
@@ -2,6 +2,9 @@ variable "project-name" { description = "Project name" }
 variable "stage" { description = "Stage (dev, prod)" }
 variable "region" { description = "AWS region" }
 variable "domain_name" { description = "Domain name" }
+variable "cloudflare_email" { description = "Cloudflare email" }
+variable "cloudflare_api_token" { description = "Cloudflare API token" }
+variable "cloudflare_zone_id" { description = "Cloudflare Zone ID" }
 
 /* Secrets */
 variable "nextauth_url" { description = "NEXTAUTH_URL" }

diff --git a/terraform/shared/main.tf b/terraform/shared/main.tf
@@ -1,7 +1,25 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 4.2"
+    }
+  }
+}
+
 provider "aws" {
   region = var.region
 }
 
+provider "cloudflare" {
+  api_token = var.cloudflare_api_token
+}
+
 # Build Resource Group
 # Creates an AWS Resource Group to organize and manage AWS resources based on specific criteria, such as tags.
 resource "aws_resourcegroups_group" "resource_group" {

diff --git a/terraform/shared/network.tf b/terraform/shared/network.tf
@@ -1,14 +1,9 @@
-# Request a new ACM certificate
-resource "aws_acm_certificate" "cert" {
-  domain_name       = var.domain_name
-  validation_method = "DNS"
-  tags              = local.common_tags
-}
-
-# Validate the ACM certificate
-resource "aws_acm_certificate_validation" "cert" {
-  certificate_arn         = aws_acm_certificate.cert.arn
-  validation_record_fqdns = [for record in aws_acm_certificate.cert.domain_validation_options : record.resource_record_name]
+resource "cloudflare_record" "www" {
+  zone_id = var.cloudflare_zone_id
+  name    = var.domain_name
+  type    = "CNAME"
+  value   = aws_lb.main.dns_name
+  proxied = true
 }
 
 # Build VPC
@@ -139,35 +134,16 @@ resource "aws_lb_listener" "http" {
   tags              = local.common_tags
 
   default_action {
-    type = "redirect"
-
-    redirect {
-      port        = "443"
-      protocol    = "HTTPS"
-      status_code = "HTTP_301"
-    }
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.http.arn
   }
 }
 
-resource "aws_lb_target_group" "https" {
+resource "aws_lb_target_group" "http" {
   name        = local.target_group_name
-  port        = 443
+  port        = 3000
   protocol    = "HTTP"
   vpc_id      = aws_vpc.main.id
   target_type = "ip"
   tags        = local.common_tags
 }
-
-resource "aws_lb_listener" "https" {
-  load_balancer_arn = aws_lb.main.arn
-  port              = "443"
-  protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-2016-08"
-  certificate_arn   = aws_acm_certificate_validation.cert.certificate_arn
-  tags              = local.common_tags
-
-  default_action {
-    type             = "forward"
-    target_group_arn = aws_lb_target_group.https.arn
-  }
-}
diff --git a/terraform/shared/service.tf b/terraform/shared/service.tf
@@ -122,7 +122,7 @@ resource "aws_ecs_service" "main" {
   }
 
   load_balancer {
-    target_group_arn = aws_lb_target_group.https.arn
+    target_group_arn = aws_lb_target_group.http.arn
     container_name   = local.name
     container_port   = 3000
   }

diff --git a/terraform/shared/variables.tf b/terraform/shared/variables.tf
@@ -2,6 +2,9 @@ variable "project-name" { description = "Project name" }
 variable "stage" { description = "Stage (dev, prod)" }
 variable "region" { description = "AWS region" }
 variable "domain_name" { description = "Domain name" }
+variable "cloudflare_email" { description = "Cloudflare email" }
+variable "cloudflare_api_token" { description = "Cloudflare API token" }
+variable "cloudflare_zone_id" { description = "Cloudflare Zone ID" }
 
 
 /* Secrets */