refactor: make the acm certificate specific to the sub domain

Rahul-4480 · Rahul-4480 · commit f367bce8b060 · 2024-08-05T12:24:11.000+05:30
diff --git a/locals.tf b/locals.tf
@@ -19,9 +19,9 @@ locals {
   ecs_task_assume_policy_actions               = ["sts:AssumeRole"]
   ecs_task_assume_policy_principal_type        = "Service"
   ecs_task_assume_policy_principal_identifiers = ["ecs-tasks.amazonaws.com"]
-  acm_certificate_statuses                     = ["ISSUED"]
   default_desired_count                        = 1
   target_group_name                            = "atlantis-target-group"
+  acm_certificate_name                         = "atlantis-domain"
   target_group_protocol                        = "HTTP"
   listener_protocol                            = "HTTPS"
   listener_port                                = 443
diff --git a/main.tf b/main.tf
@@ -21,18 +21,13 @@ data "aws_iam_policy_document" "ecs_task_assume_policy" {
   }
 }
 
-data "aws_acm_certificate" "base_domain_certificate" {
-  domain   = local.base_domain
-  statuses = local.acm_certificate_statuses
-}
-
 data "aws_route53_zone" "zone" {
   name = local.base_domain
 }
 
 module "ecs_deployment" {
   source  = "infraspecdev/ecs-deployment/aws"
-  version = "3.0.1"
+  version = "4.0.4"
 
   cluster_name = data.aws_ecs_cluster.default.cluster_name
   vpc_id       = var.vpc_id
@@ -82,7 +77,7 @@ module "ecs_deployment" {
     security_groups_ids = [aws_security_group.alb.id]
 
     target_groups = {
-      atlantis-target-group = {
+      (local.target_group_name) = {
         name        = format("%s-%s-ip", local.alb_system_name, terraform.workspace)
         port        = local.container_port
         protocol    = local.target_group_protocol
@@ -92,9 +87,9 @@ module "ecs_deployment" {
 
     listeners = {
       https-listener = {
-        protocol        = local.listener_protocol
-        port            = local.listener_port
-        certificate_arn = data.aws_acm_certificate.base_domain_certificate.arn
+        protocol    = local.listener_protocol
+        port        = local.listener_port
+        certificate = local.acm_certificate_name
 
         default_action = [
           {
@@ -178,4 +173,16 @@ module "ecs_deployment" {
   }
 
   create_capacity_provider = local.create_capacity_provider
+
+  create_acm = true
+  acm_certificates = {
+    (local.acm_certificate_name) = {
+      domain_name = var.atlantis_url
+      validation_option = {
+        domain_name       = var.atlantis_url
+        validation_domain = var.atlantis_url
+      }
+      record_zone_id = data.aws_route53_zone.zone.zone_id
+    }
+  }
 }
