[DPE-1500] Add CNAME setup for mcp-dev.synapse.org for DNS forwarding (#1505)

BryanFauble · web-flow · commit 48c6d6db72ef · 2025-11-17T13:17:15.000-08:00
* Add CNAME setup for mcp-dev.synapse.org for DNS forwarding

* Fix TargetHostName format for Synapse MCP Dev DNS forwarding

* Add wildcard certificate for '*.synapse.org' in shared DNS configuration

* Update TargetHostName for Synapse MCP Dev DNS forwarding to use dynamic value

* Update Synapse MCP Dev DNS forward configuration for clarity and accuracy
diff --git a/org-formation/100-shared-dns/_tasks.yaml b/org-formation/100-shared-dns/_tasks.yaml
@@ -102,3 +102,19 @@ SagebioApiZoneAcmCertificate:
       - !Ref GenieProdAccount
   Parameters:
     DnsDomainName: "api.sagebionetworks.org"
+
+# Wildcard certificate for '*.synapse.org'
+SynapseOrgZoneAcmCertificate:
+  Type: update-stacks
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.6.8/templates/acm-certificate.yaml
+  StackName: !Sub '${resourcePrefix}-synapse-org-cert'
+  StackDescription: Create a wildcard certificate for synapse org domains
+  DefaultOrganizationBindingRegion: !Ref primaryRegion
+  DefaultOrganizationBinding:
+    # We need a copy of this certificate in every account where it will be used
+    # Each certificate needs to be manually verified
+    Account:
+      - !Ref DnTDevAccount
+      - !Ref DpeProdAccount
+  Parameters:
+    DnsDomainName: "synapse.org"
diff --git a/org-formation/800-redirects/_tasks.yaml b/org-formation/800-redirects/_tasks.yaml
@@ -241,6 +241,22 @@ SynapseDockerRegistryProdDnsForward:
     # the value of the CNAME record
     TargetHostName: !CopyValue ['registry-prod-DockerFargateStack-LoadBalancerDNS', !Ref SynapseProdAccount]
 
+# forward `mcp-dev.synapse.org` Synapse MCP server ALB
+SynapseMCPDevDnsForward:
+  Type: update-stacks
+  Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.6.9/templates/R53/cname.yaml
+  StackName: !Sub '${resourcePrefix}-synapse-mcp-dev-cname'
+  StackDescription: Setup a CNAME for synapse-mcp-server dev ALB
+  DefaultOrganizationBindingRegion: !Ref primaryRegion
+  DefaultOrganizationBinding:
+    Account: !Ref SynapseProdAccount
+  Parameters:
+    # the name of the CNAME record
+    SourceHostName: "mcp-dev.synapse.org"
+    # ID of the synapse.org zone (in Synapse prod account)
+    SourceHostedZoneId: ZHAU99KV4A1WU
+    # the value of the CNAME record
+    TargetHostName: !CopyValue ['synapse-mcp-dev-load-balancer-dns', !Ref DnTDevAccount]
 
 # forward dev.sagedpe.org to dev EKS stack ALB in org-sagebase-dnt-dev
 # apps are setup with terraform at https://github.com/Sage-Bionetworks-Workflows/eks-stack
