fix: revert certificate changes including ELB DNS (#536)

cds-snc · Nov 16, 2023 · a4e41a1 · a4e41a1
1 parent 85b8ea5
commit a4e41a1
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 12 deletions.
diff --git a/aws/load_balancer/certificates.tf b/aws/load_balancer/certificates.tf
@@ -2,15 +2,11 @@
 # Domain certificate
 #
 
-locals {
-  domains = concat(var.domains, [aws_lb.form_viewer.dns_name])
-}
-
 resource "aws_acm_certificate" "form_viewer" {
   # First entry in domain list is the primary domain
-  domain_name               = local.domains[0]
+  domain_name               = var.domains[0]
   validation_method         = "DNS"
-  subject_alternative_names = length(local.domains) > 1 ? setsubtract(local.domains, [local.domains[0]]) : []
+  subject_alternative_names = length(var.domains) > 1 ? setsubtract(var.domains, [var.domains[0]]) : []
 
   lifecycle {
     create_before_destroy = true
@@ -24,9 +20,9 @@ resource "aws_acm_certificate" "form_viewer" {
 
 resource "aws_acm_certificate" "form_viewer_maintenance_mode" {
   # First entry in domain list is the primary domain
-  domain_name               = local.domains[0]
+  domain_name               = var.domains[0]
   validation_method         = "DNS"
-  subject_alternative_names = length(local.domains) > 1 ? setsubtract(local.domains, [local.domains[0]]) : []
+  subject_alternative_names = length(var.domains) > 1 ? setsubtract(var.domains, [var.domains[0]]) : []
 
   provider = aws.us-east-1
 

diff --git a/aws/load_balancer/route53.tf b/aws/load_balancer/route53.tf
@@ -46,7 +46,7 @@ resource "aws_route53_record" "form_viewer_maintenance" {
 # Certificate validation
 # 
 locals {
-  domain_name_to_zone_id = zipmap(concat(var.domains, [aws_lb.form_viewer.dns_name]), concat(var.hosted_zone_ids, [aws_lb.form_viewer.zone_id]))
+  domain_name_to_zone_id = zipmap(var.domains, var.hosted_zone_ids)
 }
 
 
@@ -71,8 +71,8 @@ resource "aws_route53_record" "form_viewer_certificate_validation" {
 
 resource "aws_route53_health_check" "gc_forms_application" {
   fqdn              = aws_lb.form_viewer.dns_name
-  port              = 443
-  type              = "HTTPS"
+  port              = 80
+  type              = "HTTP"
   resource_path     = "/form-builder/edit"
   failure_threshold = "2"
   request_interval  = "30"

diff --git a/aws/load_balancer/waf.tf b/aws/load_balancer/waf.tf
@@ -293,7 +293,7 @@ resource "aws_wafv2_regex_pattern_set" "forms_base_url" {
   description = "Regex matching the root domain of GCForms"
   scope       = "REGIONAL"
   dynamic "regular_expression" {
-    for_each = concat(var.domains, [aws_lb.form_viewer.dns_name])
+    for_each = var.domains
     content {
       regex_string = "^${regular_expression.value}$"
     }