Piers Karsenbarg

Setting Up HTTPS

Posted at — Apr 27, 2019

.dev domains require SSL certificates to run in Chrome, and since AWS gives free certificates for use in CloudFront it makes sense to use this rather than something like Lets Encrypt.

I’m also doing domain validation rather than email because it means I don’t have to have email set up for the domain (which I don’t).

resource "aws_acm_certificate" "default" {
  domain_name       = "${aws_route53_zone.primary.name}"
  validation_method = "DNS"
  subject_alternative_names = ["*.${var.root_domain_name}"]
}

resource "aws_route53_record" "validation" {
  name    = "${aws_acm_certificate.default.domain_validation_options.0.resource_record_name}"
  type    = "${aws_acm_certificate.default.domain_validation_options.0.resource_record_type}"
  zone_id = "${aws_route53_zone.primary.zone_id}"
  records = ["${aws_acm_certificate.default.domain_validation_options.0.resource_record_value}"]
  ttl     = "3600"
}

resource "aws_acm_certificate_validation" "default" {
  certificate_arn = "${aws_acm_certificate.default.arn}"

  validation_record_fqdns = [
    "${aws_route53_record.validation.*.fqdn}",
  ]
}