labadmin/proyectosacc-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(dns): simplify PROD Route 53 by using prod-sacc.ccsoft.mx directly

Browse Source 
Switch PROD DNS from cross-account Route 53 management to a delegated
subdomain in the PROD AWS account (523761210517).

Changes:
- prod.tfvars: domain_name changed to prod-sacc.ccsoft.mx
- provider.tf: removed aws.route53 cross-account provider
- main.tf: removed prod-specific Route 53 resources and data sources;
  cert_validation and main records now use default provider for all envs
- outputs.tf: removed indexed references to main_prod resource
This commit is contained in:
Evert Daniel Romero Garrido
2026-04-16 10:33:13 -06:00
parent b31323bb49
commit ce22f776ff
4 changed files with 4 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
terraform/environments/prod.tfvars
+1 -1
View File
@@ -21,5 +21,5 @@ db_username = "sacc_admin_prod"
db_password = "<cambiar-por-secret-real>" db_password = "<cambiar-por-secret-real>"
s3_frontend_bucket = "ccsoft-proyectosacc-frontend-prod" s3_frontend_bucket = "ccsoft-proyectosacc-frontend-prod"
s3_artifacts_bucket = "ccsoft-proyectosacc-artifacts-prod" s3_artifacts_bucket = "ccsoft-proyectosacc-artifacts-prod"
domain_name = "sacc.ccsoft.mx" domain_name = "prod-sacc.ccsoft.mx"
cloudfront_price_class = "PriceClass_100" cloudfront_price_class = "PriceClass_100"
terraform/main.tf
+2 -46
View File
@@ -445,18 +445,6 @@ resource "aws_acm_certificate" "main" {
} }
resource "aws_route53_record" "cert_validation" { resource "aws_route53_record" "cert_validation" {
count = var.environment != "prod" ? 1 : 0
allow_overwrite = true
name = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_name
records = [tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_value]
ttl = 60
type = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_type
zone_id = local.route53_zone_id
}
resource "aws_route53_record" "cert_validation_prod" {
provider = aws.route53
count = var.environment == "prod" ? 1 : 0
allow_overwrite = true allow_overwrite = true
name = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_name name = tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_name
records = [tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_value] records = [tolist(aws_acm_certificate.main.domain_validation_options)[0].resource_record_value]
@@ -468,40 +456,22 @@ resource "aws_route53_record" "cert_validation_prod" {
resource "aws_acm_certificate_validation" "main" { resource "aws_acm_certificate_validation" "main" {
provider = aws.us_east_1 provider = aws.us_east_1
certificate_arn = aws_acm_certificate.main.arn certificate_arn = aws_acm_certificate.main.arn
validation_record_fqdns = local.cert_validation_fqdns validation_record_fqdns = [aws_route53_record.cert_validation.fqdn]
} }
# ------------------------------------------------------------------------------- # -------------------------------------------------------------------------------
# Route 53 # Route 53
# ------------------------------------------------------------------------------- # -------------------------------------------------------------------------------
data "aws_route53_zone" "main" { data "aws_route53_zone" "main" {
count = var.environment != "prod" ? 1 : 0
name = var.domain_name
private_zone = false
}
data "aws_route53_zone" "main_prod" {
provider = aws.route53
count = var.environment == "prod" ? 1 : 0
name = var.domain_name name = var.domain_name
private_zone = false private_zone = false
} }
locals { locals {
route53_zone_id = coalesce( route53_zone_id = data.aws_route53_zone.main.zone_id
try(data.aws_route53_zone.main[0].zone_id, ""),
try(data.aws_route53_zone.main_prod[0].zone_id, "")
)
cert_validation_fqdns = compact(try(
[aws_route53_record.cert_validation[0].fqdn],
[aws_route53_record.cert_validation_prod[0].fqdn],
[]
))
} }
resource "aws_route53_record" "main" { resource "aws_route53_record" "main" {
count = var.environment != "prod" ? 1 : 0
zone_id = local.route53_zone_id zone_id = local.route53_zone_id
name = var.domain_name name = var.domain_name
type = "A" type = "A"
@@ -513,20 +483,6 @@ resource "aws_route53_record" "main" {
} }
} }
resource "aws_route53_record" "main_prod" {
provider = aws.route53
count = var.environment == "prod" ? 1 : 0
zone_id = local.route53_zone_id
name = var.domain_name
type = "A"
alias {
name = aws_cloudfront_distribution.main.domain_name
zone_id = aws_cloudfront_distribution.main.hosted_zone_id
evaluate_target_health = false
}
}
# ------------------------------------------------------------------------------- # -------------------------------------------------------------------------------
# CloudFront Distribution # CloudFront Distribution
# ------------------------------------------------------------------------------- # -------------------------------------------------------------------------------
terraform/outputs.tf
+1 -1
View File
@@ -43,7 +43,7 @@ output "cloudfront_distribution_id" {
output "route53_record" { output "route53_record" {
description = "Registro DNS creado en Route 53" description = "Registro DNS creado en Route 53"
value = try(aws_route53_record.main[0].name, aws_route53_record.main_prod[0].name, "") value = aws_route53_record.main.name
} }
output "acm_certificate_arn" { output "acm_certificate_arn" {
terraform/provider.tf
-17
View File
@@ -50,21 +50,4 @@ provider "aws" {
} }
} }
# Provider para Route 53 en cuenta cross-account (262270938827)
# Solo se usa en PROD mediante count condicional en los recursos de Route 53.
provider "aws" {
alias = "route53"
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::262270938827:role/Route53ProyectosaccCrossAccountRole"
}
default_tags {
tags = {
Project = var.project_name
ManagedBy = "terraform"
Environment = var.environment
}
}
}