Skip to content

Instantly share code, notes, and snippets.

@billmetangmo

billmetangmo/cfn-patches.yml

Last active January 4, 2024 11:42
Show Gist options
  • Save billmetangmo/73515a8da376638d4b2cf6fdbfae6be6 to your computer and use it in GitHub Desktop.
Save billmetangmo/73515a8da376638d4b2cf6fdbfae6be6 to your computer and use it in GitHub Desktop.
Download ZIP
Code to add a new domain to aws copilot
Raw
cfn-patches.yml
- op: add
path: /Resources/HTTPSRulePriorityAction1
value:
Metadata:
'aws:copilot:description': 'Custom resource assigning priority for the first HTTPS listener rule'
DependsOn: HTTPSListenerRule
Type: Custom::RulePriorityFunction
Properties:
ServiceToken: !GetAtt RulePriorityFunction.Arn
RulePath: ["/"]
ListenerArn: !GetAtt EnvControllerAction.HTTPSListenerArn
- op: add
path: /Resources/HTTPSRulePriorityAction2
value:
Metadata:
'aws:copilot:description': 'Custom resource assigning priority for the second HTTPS listener rule'
DependsOn: HTTPSListenerRule1
Type: Custom::RulePriorityFunction
Properties:
ServiceToken: !GetAtt RulePriorityFunction.Arn
RulePath: ["/"]
ListenerArn: !GetAtt EnvControllerAction.HTTPSListenerArn
- op: add
path: /Resources/HTTPRuleWithDomainPriorityAction1
value:
Metadata:
'aws:copilot:description': 'Custom resource assigning priority for the first HTTP listener rule'
DependsOn: HTTPListenerRuleWithDomain
Type: Custom::RulePriorityFunction
Properties:
ServiceToken: !GetAtt RulePriorityFunction.Arn
RulePath: ["/"]
ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
- op: add
path: /Resources/HTTPRuleWithDomainPriorityAction2
value:
Metadata:
'aws:copilot:description': 'Custom resource assigning priority for the second HTTP listener rule'
DependsOn: HTTPListenerRuleWithDomain1
Type: Custom::RulePriorityFunction
Properties:
ServiceToken: !GetAtt RulePriorityFunction.Arn
RulePath: ["/"]
ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
- op: add
path: /Resources/LoadBalancerDNSAlias1
value:
Metadata:
'aws:copilot:description': 'The default alias record for the application load balancer'
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: Z08468952PYKAAF30AWL1
Comment: !Sub "LoadBalancer alias for service ${WorkloadName}"
RecordSets:
- Name: !Join
- '.'
- - !Ref WorkloadName
- !Sub "${EnvName}.${AppName}.staging.company.it"
- ""
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- op: add
path: /Resources/LoadBalancerDNSAlias2
value:
Metadata:
'aws:copilot:description': 'The default alias record for the application load balancer'
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: Z08461922PT33WBA75MXM
Comment: !Sub "LoadBalancer alias for service ${WorkloadName}"
RecordSets:
- Name: !Join
- '.'
- - !Ref WorkloadName
- !Sub "${EnvName}.${AppName}.staging.company.fr"
- ""
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- op: add
path: /Resources/HTTPListenerRuleWithDomain1
value:
Metadata:
'aws:copilot:description': 'An HTTP listener rule for path `/` that redirects HTTP to HTTPS'
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
Host: "#{host}"
Path: "/#{path}"
Query: "#{query}"
StatusCode: HTTP_301
Conditions:
- Field: 'host-header'
HostHeaderConfig:
Values:
- Fn::Join:
- '.'
- - !Ref WorkloadName
- !Sub "${EnvName}.${AppName}.staging.company.it"
- Field: 'path-pattern'
PathPatternConfig:
Values:
- /*
ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
Priority: !GetAtt HTTPRuleWithDomainPriorityAction1.Priority
- op: add
path: /Resources/HTTPListenerRuleWithDomain2
value:
Metadata:
'aws:copilot:description': 'An HTTP listener rule for path `/` that redirects HTTP to HTTPS'
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
Host: "#{host}"
Path: "/#{path}"
Query: "#{query}"
StatusCode: HTTP_301
Conditions:
- Field: 'host-header'
HostHeaderConfig:
Values:
- Fn::Join:
- '.'
- - !Ref WorkloadName
- !Sub "${EnvName}.${AppName}.staging.homeexchange.fr"
- Field: 'path-pattern'
PathPatternConfig:
Values:
- /*
ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
Priority: !GetAtt HTTPRuleWithDomainPriorityAction2.Priority
- op: add
path: /Resources/HTTPSListenerRule1
value:
Metadata:
'aws:copilot:description': 'An HTTPS listener rule for path `/` that forwards HTTPS traffic to your tasks'
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- TargetGroupArn: !Ref TargetGroup
Type: forward
Conditions:
- Field: 'host-header'
HostHeaderConfig:
Values:
- Fn::Join:
- '.'
- - !Ref WorkloadName
- !Sub "${EnvName}.${AppName}.staging.company.it"
- Field: 'path-pattern'
PathPatternConfig:
Values:
- /*
ListenerArn: !GetAtt EnvControllerAction.HTTPSListenerArn
Priority: !GetAtt HTTPSRulePriorityAction1.Priority
- op: add
path: /Resources/HTTPSListenerRule2
value:
Metadata:
'aws:copilot:description': 'An HTTPS listener rule for path `/` that forwards HTTPS traffic to your tasks'
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn: !Ref TargetGroup
Conditions:
- Field: host-header
HostHeaderConfig:
Values:
- !Join
- '.'
- - !Ref WorkloadName
- !Sub "${EnvName}.${AppName}.staging.company.fr"
- Field: path-pattern
PathPatternConfig:
Values:
- '/*'
ListenerArn: !GetAtt EnvControllerAction.HTTPSListenerArn
Priority: !GetAtt HTTPSRulePriorityAction2.Priority
Raw
main.tf
data "aws_route53_zone" "staging-company-it" {
name = "staging.company.it" # Replace with your domain name
}
resource "aws_route53_zone" "new-frontend-staging-company-it" {
comment = "Hosted zone for copilot application new-frontend: new-frontend.staging.company.it"
force_destroy = "false"
name = "new-frontend.staging.company.it"
}
resource "aws_route53_record" "new-frontend-staging-company-it" {
name = "new-frontend.staging.company.it"
records = aws_route53_zone.new-frontend-staging-company-it.name_servers
ttl = "60"
type = "NS"
zone_id = data.aws_route53_zone.staging-company-it.zone_id
depends_on = [aws_route53_zone.new-frontend-staging-company-it]
}
resource "aws_route53_zone" "dev-new-frontend-staging-company-it" {
comment = "HostedZone for environment dev - dev.new-frontend.staging.company.it"
force_destroy = "false"
name = "dev.new-frontend.staging.company.it"
}
resource "aws_route53_record" "dev-new-frontend-staging-company-it" {
name = "dev.new-frontend.staging.company.it"
records = aws_route53_zone.dev-new-frontend-staging-company-it.name_servers
ttl = "60"
type = "NS"
zone_id = "${aws_route53_zone.new-frontend-staging-company-it.zone_id}"
depends_on = [aws_route53_zone.dev-new-frontend-staging-company-it]
}
resource "aws_acm_certificate" "dev-new-frontend-staging-company-it" {
domain_name = "dev.new-frontend.staging.company.it"
key_algorithm = "RSA_2048"
options {
certificate_transparency_logging_preference = "ENABLED"
}
subject_alternative_names = ["*.dev.new-frontend.staging.company.it", "dev.new-frontend.staging.company.it"]
validation_method = "DNS"
depends_on = [ aws_route53_record.dev-new-frontend-staging-company-it ]
}
@billmetangmo
Copy link
Author

main.tf -> configure app and env subdomains for new tld
cfn-patches -> add tld support for each service

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment