Remove hardcoded cert (#533)

* converted ssl cert to a variable * update ssl cert in validate workflow
thunderbird · Jul 10, 2024 · 3f8fb3a · 3f8fb3a
1 parent 1882e2d
commit 3f8fb3a
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 10 deletions.
diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml
@@ -35,6 +35,7 @@ jobs:
       TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
       TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
       TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
+      TF_VAR_ssl_cert_arn: ${{ vars.SSL_CERT_ARN }}
 
     steps:
       - name: Get Artifact from Release
@@ -169,6 +170,7 @@ jobs:
       TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
       TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
       TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
+      TF_VAR_ssl_cert_arn: ${{ vars.SSL_CERT_ARN }}
 
     steps:
       - name: Get IaC from Release

diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml
@@ -54,6 +54,7 @@ jobs:
       TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
       TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
       TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
+      TF_VAR_ssl_cert_arn: ${{ vars.SSL_CERT_ARN }}
 
     steps:
       - uses: actions/checkout@v4
@@ -255,6 +256,7 @@ jobs:
       TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
       TF_VAR_zoom_secret: ${{ vars.ZOOM_SECRET }}
       TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
+      TF_VAR_ssl_cert_arn: ${{ vars.SSL_CERT_ARN }}
 
     steps:
       - uses: actions/checkout@v4

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -59,6 +59,7 @@ jobs:
       TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
       TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
       TF_VAR_sentry_dsn: ${{ vars.SENTRY_DSN }}
+      TF_VAR_ssl_cert_arn: ${{ vars.SSL_CERT_ARN }}
     steps:
       - uses: actions/checkout@v4
 

diff --git a/tofu/environments/prod/services/backend-infra/terragrunt.hcl b/tofu/environments/prod/services/backend-infra/terragrunt.hcl
@@ -47,7 +47,7 @@ inputs = {
   secrets_endpoint_security_group = dependency.vpc.outputs.secrets_endpoint_security_group
   logs_endpoint_security_group    = dependency.vpc.outputs.logs_endpoint_security_group
   database_subnet_cidrs           = dependency.vpc.outputs.database_subnet_cidrs
-  ssl_cert                        = "arn:aws:acm:us-east-1:768512802988:certificate/4a53e27b-0cd3-4855-a13f-5bac50015e43"
+  ssl_cert                        = get_env("TF_VAR_ssl_cert_arn")
   frontend_url                    = get_env("TF_VAR_frontend_url")
   tags                            = local.tags
 }
diff --git a/tofu/environments/prod/services/frontend-infra/terragrunt.hcl b/tofu/environments/prod/services/frontend-infra/terragrunt.hcl
@@ -31,17 +31,14 @@ locals {
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags
   tags             = "${merge(local.project_tags, local.environment_tags)}"
-
-
-  ssl_cert = "arn:aws:acm:us-east-1:768512802988:certificate/4a53e27b-0cd3-4855-a13f-5bac50015e43"
 }
 
 inputs = {
   environment      = local.environment
   name_prefix      = local.name_prefix
   region           = local.region
   tags             = local.tags
-  ssl_cert         = local.ssl_cert
+  ssl_cert         = get_env("TF_VAR_ssl_cert_arn")
   backend_id       = dependency.backend.outputs.alb_id
   backend_dns_name = dependency.backend.outputs.dns_name
   x_allow_secret   = dependency.backend.outputs.x_allow_secret

diff --git a/tofu/environments/stage/services/backend-infra/terragrunt.hcl b/tofu/environments/stage/services/backend-infra/terragrunt.hcl
@@ -47,7 +47,7 @@ inputs = {
   secrets_endpoint_security_group = dependency.vpc.outputs.secrets_endpoint_security_group
   logs_endpoint_security_group    = dependency.vpc.outputs.logs_endpoint_security_group
   database_subnet_cidrs           = dependency.vpc.outputs.database_subnet_cidrs
-  ssl_cert                        = "arn:aws:acm:us-east-1:768512802988:certificate/4a53e27b-0cd3-4855-a13f-5bac50015e43"
+  ssl_cert                        = get_env("TF_VAR_ssl_cert_arn")
   frontend_url                    = get_env("TF_VAR_frontend_url")
   tags                            = local.tags
 }
diff --git a/tofu/environments/stage/services/frontend-infra/terragrunt.hcl b/tofu/environments/stage/services/frontend-infra/terragrunt.hcl
@@ -31,17 +31,14 @@ locals {
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags
   tags             = "${merge(local.project_tags, local.environment_tags)}"
-
-
-  ssl_cert = "arn:aws:acm:us-east-1:768512802988:certificate/4a53e27b-0cd3-4855-a13f-5bac50015e43"
 }
 
 inputs = {
   environment      = local.environment
   name_prefix      = local.name_prefix
   region           = local.region
   tags             = local.tags
-  ssl_cert         = local.ssl_cert
+  ssl_cert         = get_env("TF_VAR_frontend_url")
   backend_id       = dependency.backend.outputs.alb_id
   backend_dns_name = dependency.backend.outputs.dns_name
   x_allow_secret   = dependency.backend.outputs.x_allow_secret