From 118d87e1c3d7bf9a931dc541cee743765fa2bf5b Mon Sep 17 00:00:00 2001 From: Colin Saliceti Date: Thu, 25 Apr 2024 12:56:11 +0100 Subject: [PATCH] Allow adding multiple DNS zones to a single front door Each front door has a monthly cost so we can save by serving more domains instead of creating a new front door for each zone --- domains/environment_domains/README.md | 29 +++++++++++++++++++ domains/environment_domains/front_door.tf | 12 ++++---- .../environment_domains/front_door_rules.tf | 2 +- domains/environment_domains/locals.tf | 2 ++ domains/environment_domains/tfdocs.md | 5 ++-- domains/environment_domains/variables.tf | 13 ++++++++- 6 files changed, 53 insertions(+), 10 deletions(-) create mode 100644 domains/environment_domains/README.md diff --git a/domains/environment_domains/README.md b/domains/environment_domains/README.md new file mode 100644 index 0000000..353b97c --- /dev/null +++ b/domains/environment_domains/README.md @@ -0,0 +1,29 @@ +# Environment domains + +Create all domains for an environment. This includes the DNS records and the front door resources. + +By default a single frontdoor works for a single DNS zone. When adding more zones, use the add_to_front_door variable. + +## Usage + +```terraform +module "domains" { + source = "git::https://github.com/DFE-Digital/terraform-modules.git//domains/environment_domains" + zone = var.zone1 + front_door_name = var.front_door_name + resource_group_name = var.resource_group_name + domains = var.domains1 + environment = var.environment_short + host_name = var.origin_hostname1 +} + +module "additional_domains" { + source = "git::https://github.com/DFE-Digital/terraform-modules.git//domains/environment_domains" + zone = var.zone2 + add_to_front_door = var.front_door_name + resource_group_name = var.resource_group_name + domains = var.domains2 + environment = var.environment_short + host_name = var.origin_hostname2 +} +``` diff --git a/domains/environment_domains/front_door.tf b/domains/environment_domains/front_door.tf index dcaac0e..0101ed7 100644 --- a/domains/environment_domains/front_door.tf +++ b/domains/environment_domains/front_door.tf @@ -1,5 +1,5 @@ data "azurerm_cdn_frontdoor_profile" "main" { - name = var.front_door_name + name = var.add_to_front_door == null ? var.front_door_name : var.add_to_front_door resource_group_name = var.resource_group_name } @@ -16,14 +16,14 @@ resource "azurerm_cdn_frontdoor_endpoint" "main" { } resource "azurerm_cdn_frontdoor_origin_group" "main" { - name = "${var.environment}-og" + name = var.add_to_front_door == null ? "${var.environment}-og" : "${var.environment}-${local.name_suffix}-og" cdn_frontdoor_profile_id = data.azurerm_cdn_frontdoor_profile.main.id session_affinity_enabled = false load_balancing {} } resource "azurerm_cdn_frontdoor_origin" "main" { - name = "${var.environment}-org" + name = var.add_to_front_door == null ? "${var.environment}-org" : "${var.environment}-${local.name_suffix}-org" cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.main.id certificate_name_check_enabled = true enabled = true @@ -33,7 +33,7 @@ resource "azurerm_cdn_frontdoor_origin" "main" { resource "azurerm_cdn_frontdoor_custom_domain" "main" { for_each = toset(var.domains) - name = replace(each.key, ".", "-") + name = var.add_to_front_door == null ? replace(each.key, ".", "-") : "${each.key}-${local.name_suffix}" cdn_frontdoor_profile_id = data.azurerm_cdn_frontdoor_profile.main.id dns_zone_id = data.azurerm_dns_zone.main.id host_name = startswith(each.key, "apex") ? "${var.zone}" : "${each.key}.${var.zone}" @@ -46,7 +46,7 @@ resource "azurerm_cdn_frontdoor_custom_domain" "main" { resource "azurerm_cdn_frontdoor_route" "main" { depends_on = [azurerm_cdn_frontdoor_origin_group.main, azurerm_cdn_frontdoor_origin.main] for_each = toset(var.domains) - name = "${var.environment}-rt" + name = var.add_to_front_door == null ? "${var.environment}-rt" : "${var.environment}-${local.name_suffix}-rt" cdn_frontdoor_endpoint_id = azurerm_cdn_frontdoor_endpoint.main[each.key].id cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.main.id cdn_frontdoor_origin_ids = [azurerm_cdn_frontdoor_origin.main.id] @@ -64,7 +64,7 @@ resource "azurerm_cdn_frontdoor_route" "main" { resource "azurerm_cdn_frontdoor_route" "cached" { for_each = toset(local.cached_domain_list) - name = "${var.environment}-cached-rt" + name = var.add_to_front_door == null ? "${var.environment}-cached-rt" : "${var.environment}-${local.name_suffix}-cached-rt" cdn_frontdoor_endpoint_id = azurerm_cdn_frontdoor_endpoint.main[each.key].id cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.main.id cdn_frontdoor_origin_ids = [azurerm_cdn_frontdoor_origin.main.id] diff --git a/domains/environment_domains/front_door_rules.tf b/domains/environment_domains/front_door_rules.tf index 29bcbb2..cc6f37c 100644 --- a/domains/environment_domains/front_door_rules.tf +++ b/domains/environment_domains/front_door_rules.tf @@ -1,7 +1,7 @@ resource "azurerm_cdn_frontdoor_rule_set" "redirects" { count = length(var.redirect_rules) > 0 ? 1 : 0 - name = "${var.environment}Redirects" + name = var.add_to_front_door == null ? "${var.environment}Redirects" : "${var.environment}${local.name_suffix}Redirects" cdn_frontdoor_profile_id = data.azurerm_cdn_frontdoor_profile.main.id } diff --git a/domains/environment_domains/locals.tf b/domains/environment_domains/locals.tf index fdaf0f4..bee01bf 100644 --- a/domains/environment_domains/locals.tf +++ b/domains/environment_domains/locals.tf @@ -9,4 +9,6 @@ locals { cached_domain_list = length(var.cached_paths) > 0 ? var.domains : [] max_frontdoor_endpoint_name_length = 46 + + name_suffix = replace(var.zone, ".", "-") } diff --git a/domains/environment_domains/tfdocs.md b/domains/environment_domains/tfdocs.md index b2b36a9..66edd97 100644 --- a/domains/environment_domains/tfdocs.md +++ b/domains/environment_domains/tfdocs.md @@ -36,13 +36,14 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [add\_to\_front\_door](#input\_add\_to\_front\_door) | Add domains of a different zone to existing front door domains | `string` | `null` | no | | [cached\_paths](#input\_cached\_paths) | List of path patterns such as /packs/* that front door will cache | `list(string)` | `[]` | no | | [domains](#input\_domains) | List of subdomains of the zone e.g. "staging". For apex domain use "apex" or "apex" if apex is already in use | `any` | n/a | yes | | [environment](#input\_environment) | n/a | `any` | n/a | yes | | [exclude\_cnames](#input\_exclude\_cnames) | Don't create the CNAME for this record from var.domains. We set this when we want to configure front door for a services domain that we are migrating so we do not need to wait for the certificate to validate and front door to propagate the configuration. | `list` | `[]` | no | -| [front\_door\_name](#input\_front\_door\_name) | n/a | `any` | n/a | yes | +| [front\_door\_name](#input\_front\_door\_name) | Name of the front door where the domains will be created. Use var.add\_to\_front\_door if adding to existing domains. | `any` | `null` | no | | [host\_name](#input\_host\_name) | Origin host name ie domain to where front door sends the requests. It may not be used if all requests are redirected. | `string` | `"not-in-use.education.gov.uk"` | no | -| [multiple\_hosted\_zones](#input\_multiple\_hosted\_zones) | n/a | `bool` | `false` | no | +| [multiple\_hosted\_zones](#input\_multiple\_hosted\_zones) | Avoid endpoint naming clash when using multiple zones (one for each front door) | `bool` | `false` | no | | [null\_host\_header](#input\_null\_host\_header) | The origin\_host\_header for the azurerm\_cdn\_frontdoor\_origin resource will be var.host\_name (if false) or null (if true). If null then the host name from the incoming request will be used. | `bool` | `false` | no | | [redirect\_rules](#input\_redirect\_rules) | List of ordered redirect rules with format:
[
{
"from-domain": "One of the domains from var.domains to redirect from",
"to-domain": "Redirect destination domain",
"to-path": "Optional path appended to the destination URL. If not provided, the path will be the same as in the incoming request",
"to-query-string": "Optional path appended to the destination URL. If not provided, defaults to empty string"
},
{
...
}
] | `map` | `{}` | no | | [resource\_group\_name](#input\_resource\_group\_name) | n/a | `any` | n/a | yes | diff --git a/domains/environment_domains/variables.tf b/domains/environment_domains/variables.tf index 1ae115d..a4bb31b 100644 --- a/domains/environment_domains/variables.tf +++ b/domains/environment_domains/variables.tf @@ -1,5 +1,9 @@ variable "zone" {} -variable "front_door_name" {} +variable "front_door_name" { + description = "Name of the front door where the domains will be created. Use var.add_to_front_door if adding to existing domains." + default = null +} + variable "resource_group_name" {} variable "domains" { description = <