redo cert logic

LeoDiazL · LeoDiazL · commit 4e4c4f4cdff0 · 2025-12-12T15:08:37.000-03:00
diff --git a/operations/deployment/terraform/aws/bitovi_main.tf b/operations/deployment/terraform/aws/bitovi_main.tf
@@ -62,7 +62,7 @@ module "efs_to_ec2_sg" {
 
 module "aws_certificates" {
   source = "../modules/aws/certificates"
-  count  = (var.aws_ec2_instance_create || var.aws_ecs_enable || var.aws_r53_cert_arn != "") && var.aws_r53_enable_cert ? 1 : 0 # && var.aws_r53_enable && var.aws_r53_domain_name != "" ? 1 : 0
+  count  = (var.aws_ec2_instance_create || var.aws_ecs_enable ) && var.aws_r53_enable_cert && var.aws_r53_cert_arn == "" ? 1 : 0
   # Cert
   aws_r53_cert_arn         = var.aws_r53_cert_arn
   aws_r53_create_root_cert = var.aws_r53_create_root_cert
@@ -90,7 +90,7 @@ module "aws_route53" {
   aws_elb_dns_name = try(module.aws_lb[0].aws_alb_dns_name, module.aws_elb[0].aws_elb_dns_name, module.ec2[0].instance_public_ip, "")
   aws_elb_zone_id  = try(module.aws_lb[0].aws_alb_zone_id, module.aws_elb[0].aws_elb_zone_id, "", "")
   # Certs
-  aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : ""
+  aws_certificates_selected_arn = var.aws_r53_enable_cert ? try(module.aws_certificates[0].selected_arn, var.aws_r53_cert_arn) : ""
   # Others
   fqdn_provided = local.fqdn_provided
 
@@ -118,7 +118,7 @@ module "aws_elb" {
   aws_instance_server_id  = module.ec2[0].aws_instance_server_id
   aws_elb_target_sg_id    = module.ec2[0].aws_security_group_ec2_sg_id
   # Certs
-  aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : ""
+  aws_certificates_selected_arn = var.aws_r53_enable_cert ? try(module.aws_certificates[0].selected_arn, var.aws_r53_cert_arn) : ""
   # Others
   aws_resource_identifier            = var.aws_resource_identifier
   aws_resource_identifier_supershort = var.aws_resource_identifier_supershort
@@ -155,13 +155,13 @@ module "aws_lb" {
   aws_alb_target_sg_id    = module.ec2[0].aws_security_group_ec2_sg_id
   aws_r53_domain_name     = var.aws_r53_domain_name
   # Certs
-  aws_certificate_enabled       = var.aws_r53_enable_cert && length(module.aws_certificates) > 0 ? true : false
-  aws_certificates_selected_arn = try(module.aws_certificates[0].selected_arn, "")
+  aws_certificate_enabled       = var.aws_r53_enable_cert
+  aws_certificates_selected_arn = var.aws_r53_enable_cert ? try(module.aws_certificates[0].selected_arn, var.aws_r53_cert_arn) : ""
   # Others
   aws_resource_identifier            = var.aws_resource_identifier
   aws_resource_identifier_supershort = var.aws_resource_identifier_supershort
   # Module dependencies
-  depends_on = [module.aws_certificates]
+  #depends_on = [module.aws_certificates]
 
   providers = {
     aws = aws.lb
@@ -597,8 +597,8 @@ module "aws_ecs" {
   aws_selected_subnets              = module.vpc.aws_selected_vpc_subnets
   # Others
   aws_r53_domain_name                = var.aws_r53_enable && var.aws_r53_domain_name != "" ? var.aws_r53_domain_name : ""
-  aws_certificate_enabled            = var.aws_r53_enable_cert && length(module.aws_certificates) > 0 ? true : false
-  aws_certificates_selected_arn      = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : ""
+  aws_certificate_enabled            = var.aws_r53_enable_cert
+  aws_certificates_selected_arn      = var.aws_r53_enable_cert ? try(module.aws_certificates[0].selected_arn, var.aws_r53_cert_arn) : ""
   aws_resource_identifier            = var.aws_resource_identifier
   aws_resource_identifier_supershort = var.aws_resource_identifier_supershort
   app_repo_name                      = var.app_repo_name
@@ -621,7 +621,7 @@ module "aws_route53_ecs" {
   aws_elb_dns_name = module.aws_ecs[0].load_balancer_dns
   aws_elb_zone_id  = module.aws_ecs[0].load_balancer_zone_id
   # Certs
-  aws_certificates_selected_arn = var.aws_r53_enable_cert && var.aws_r53_domain_name != "" ? module.aws_certificates[0].selected_arn : ""
+  aws_certificates_selected_arn = var.aws_r53_enable_cert ? try(module.aws_certificates[0].selected_arn, var.aws_r53_cert_arn) : ""
   # Others
   fqdn_provided = local.fqdn_provided
   depends_on    = [module.aws_certificates]
@@ -812,7 +812,7 @@ locals {
     ) :
     false
   )
-  protocol             = var.aws_r53_enable_cert ? try(module.aws_certificates[0].selected_arn, "") != "" ? "https://" : "http://" : "http://"
+  protocol             = var.aws_r53_enable_cert ? try(module.aws_certificates[0].selected_arn,  var.aws_r53_cert_arn, "") != "" ? "https://" : "http://" : "http://"
   create_efs           = var.aws_efs_create == true ? true : (var.aws_efs_create_ha == true ? true : false)
   ec2_public_endpoint  = var.aws_ec2_instance_create ? (module.ec2[0].instance_public_dns != null ? module.ec2[0].instance_public_dns : module.ec2[0].instance_public_ip) : null
   ec2_private_endpoint = var.aws_ec2_instance_create ? (module.ec2[0].instance_private_dns != null ? module.ec2[0].instance_private_dns : module.ec2[0].instance_private_ip) : null
diff --git a/operations/deployment/terraform/modules/aws/certificates/aws_certificates.tf b/operations/deployment/terraform/modules/aws/certificates/aws_certificates.tf
@@ -1,6 +1,5 @@
 # Lookup for main domain.
 data "aws_route53_zone" "selected" {
-  count        = var.aws_r53_domain_name != "" ? 1 : 0
   name         = "${var.aws_r53_domain_name}."
   private_zone = false
 }
@@ -32,7 +31,7 @@ resource "aws_route53_record" "root_domain" {
   name            = tolist(aws_acm_certificate.root_domain[0].domain_validation_options)[0].resource_record_name
   records         = [tolist(aws_acm_certificate.root_domain[0].domain_validation_options)[0].resource_record_value]
   type            = tolist(aws_acm_certificate.root_domain[0].domain_validation_options)[0].resource_record_type
-  zone_id         = data.aws_route53_zone.selected[0].zone_id
+  zone_id         = data.aws_route53_zone.selected.zone_id
   ttl             = 60
 }
 
@@ -59,7 +58,7 @@ resource "aws_route53_record" "sub_domain" {
   name            = tolist(aws_acm_certificate.sub_domain[0].domain_validation_options)[0].resource_record_name
   records         = [tolist(aws_acm_certificate.sub_domain[0].domain_validation_options)[0].resource_record_value]
   type            = tolist(aws_acm_certificate.sub_domain[0].domain_validation_options)[0].resource_record_type
-  zone_id         = data.aws_route53_zone.selected[0].zone_id
+  zone_id         = data.aws_route53_zone.selected.zone_id
   ttl             = 60
 }
 
