Terraform provider for Common Short Domain product
The Common Short Domain product gives you cool short domains (AWS Hosted Zones) in your AWS account so you can manage them yourself, without the hassle of a third party.
Keep in mind that your FQDN shouldn't exceed 64 characters (including the final dot) to retrieve a TLS certificate.
You can find our Terraform provider in the Terraform registry.
Online documentation can also be found here.
- Comment all old
csd_zone
resources - Run
terraform apply
, this will delete your old zone delegation - Update provider version to
~>2.0
- Uncomment and rename old
csd_zone
resources tocsd_zone_delegation
- Run
terraform init --upgrade
to install the new version - Run
terraform apply
to put the zone delegations back in place
❗Note: Your zone delegation will not work between steps 2 and 6. The DNS systems caches should cover this short downtime.
terraform {
required_version = "~>1.3"
required_providers {
csd = {
source = "idealo/csd"
version = "~>2.0"
}
aws = {
source = "hashicorp/aws"
version = "~>4.8"
}
}
backend "s3" {
bucket = "<ENTER_BUCKET_NAME>"
key = "global/s3/terraform.tfstate"
region = "eu-central-1"
dynamodb_table = "terraform-locks"
encrypt = true
}
}
# Setup AWS provider
provider "aws" {
region = "eu-central-1"
allowed_account_ids = ["<ENTER_ACCOUNT_ID>"]
}
# Setup csd provider
# It will use the AWS credentials provided by environment variables or parameters
# The OIDC provider sets up the neccessary environment variables by default
provider "csd" {}
# Setup OIDC provider
# https://confluence.idealo.cloud/pages/viewpage.action?spaceKey=PTN&title=How+to+authenticate+from+GitHub+to+AWS
module "terraform_execution_role" {
source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc"
version = "~>4.3"
create_role = true
role_name = "<ENTER_ROLE_NAME>"
max_session_duration = 6 * 60 * 60
provider_url = "token.actions.githubusercontent.com"
oidc_subjects_with_wildcards = [
"repo:idealo/<ENTER_REPO_NAME>:*",
]
role_policy_arns = [
"arn:aws:iam::aws:policy/<ENTER_POLICY_NAME>",
]
number_of_role_policy_arns = 1
}
# Create a Route53 Hosted Zone.
# sample-app is a placeholder for the subdomain for your application.
# example.net is a placeholder for a domain which is supported in the CSD product.
resource "aws_route53_zone" "sample-app" {
name = "sample-app.example.net"
}
# Create zone delegation in example.net zone via CSD provider
# example.net is a placeholder for a domain which is supported in the CSD product.
resource "csd_zone_delegation" "sample-app" {
name = aws_route53_zone.sample-app.name
name_servers = aws_route53_zone.sample-app.name_servers
}
resource "csd_record" "sample-app_example_net_cname" {
name = "sample-app.example.net"
rrtype = "cname"
value = "sample-app.edgekey.net"
ttl = 3600
}
resource "csd_record" "_acme_challenge_sample-app_example_net_txt" {
name = "_acme_challenge.sample-app.example.net"
rrtype = "txt"
value = "LeisahxaiQu8ayah2aiwe9Que5saiy4o"
ttl = 60
}
Follow the detailed documentation on how to setup the Akamai property here. If you have any security related questions about the property, please ask the SECURITY team. They will gladly help you with that. If you have questions regarding bot detection, the User Insights team might help too. For anything else you can ask the Transport team.
If you see the following error message, you accidentally updated from version 1.x to version 2.x:
│ Error: Invalid resource type
│
│ on main.tf line 42, in resource "csd_zone" "my_zone_delegation":
│ 27: resource "csd_zone" "my_zone_delegation" {}
│
│ The provider idealo/csd does not support resource type "csd_zone".
To fix this issue downgrade to version 1.x like this:
terraform {
required_providers {
csd = {
source = "idealo/csd"
version = "~>1.0"
}
}
}
Now follow the proper upgrade procedure described here.
For development notes see DEV.md.
Made with ❤️ and ✨ by 🌐 Team Transport.