labadmin/proyectosacc-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ci): integra Terraform en pipeline de Bitbucket Pipelines

Browse Source 
- Agrega paso 03_terraform para DEV y PROD con init, plan y apply
- Crea backend.dev.hcl para configuración explícita de estado DEV
- Refactoriza Route53/ACM en main.tf para soportar PROD cross-account
  usando count condicional sin romper estado de DEV
- Descomenta provider aws.route53 en provider.tf
- Añade domain_name faltante en prod.tfvars y confirma dev.tfvars
- Corrige output route53_record para recursos con count
- Elimina errored.tfstate corrupto local
- Incluye permiso sts:AssumeRole en IAM policy para Route53 cross-account
This commit is contained in:
Evert Daniel Romero Garrido
2026-04-14 19:40:57 -06:00
parent 3fe8cb1391
commit cbea3e932b
8 changed files with 128 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
terraform/main.tf
+55 -15
View File
@@ -445,38 +445,64 @@ resource "aws_acm_certificate" "main" {
}
resource "aws_route53_record" "cert_validation" {
for_each = {
for dvo in aws_acm_certificate.main.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
count = var.environment != "prod" ? 1 : 0
allow_overwrite = true
name = each.value.name
records = [each.value.record]
name = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_name
records = [tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_value]
ttl = 60
type = each.value.type
zone_id = data.aws_route53_zone.main.zone_id
type = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_type
zone_id = local.route53_zone_id
}
resource "aws_route53_record" "cert_validation_prod" {
provider = aws.route53
count = var.environment == "prod" ? 1 : 0
allow_overwrite = true
name = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_name
records = [tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_value]
ttl = 60
type = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_type
zone_id = local.route53_zone_id
}
resource "aws_acm_certificate_validation" "main" {
provider = aws.us_east_1
certificate_arn = aws_acm_certificate.main.arn
validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn]
validation_record_fqdns = local.cert_validation_fqdns
}
# -------------------------------------------------------------------------------
# Route 53
# -------------------------------------------------------------------------------
data "aws_route53_zone" "main" {
name = "ccsoft.mx"
count = var.environment != "prod" ? 1 : 0
name = var.domain_name
private_zone = false
}
data "aws_route53_zone" "main_prod" {
provider = aws.route53
count = var.environment == "prod" ? 1 : 0
name = var.domain_name
private_zone = false
}
locals {
route53_zone_id = coalesce(
try(data.aws_route53_zone.main[0].zone_id, ""),
try(data.aws_route53_zone.main_prod[0].zone_id, "")
)
cert_validation_fqdns = compact(try(
[aws_route53_record.cert_validation[0].fqdn],
[aws_route53_record.cert_validation_prod[0].fqdn],
[]
))
}
resource "aws_route53_record" "main" {
zone_id = data.aws_route53_zone.main.zone_id
count = var.environment != "prod" ? 1 : 0
zone_id = local.route53_zone_id
name = var.domain_name
type = "A"
@@ -487,6 +513,20 @@ resource "aws_route53_record" "main" {
}
}
resource "aws_route53_record" "main_prod" {
provider = aws.route53
count = var.environment == "prod" ? 1 : 0
zone_id = local.route53_zone_id
name = var.domain_name
type = "A"
alias {
name = aws_cloudfront_distribution.main.domain_name
zone_id = aws_cloudfront_distribution.main.hosted_zone_id
evaluate_target_health = false
}
}
# -------------------------------------------------------------------------------
# CloudFront Distribution
# -------------------------------------------------------------------------------