Wire enrollment checker module into dev-co environment

spokenbird · spokenbird · commit 6b4dd8e5b701 · 2026-04-10T13:45:42.000-07:00
diff --git a/tofu/config/dev-co/main.tf b/tofu/config/dev-co/main.tf
@@ -139,3 +139,16 @@ module "app" {
     OIDC_COMPLETE_LOGIN_SIGNING_KEY = "${module.state_secrets.secrets["oidc"].secret_arn}:complete_login_signing_key"
   }
 }
+
+# Deploy the enrollment checker as a static site behind CloudFront.
+module "enrollment_checker" {
+  source = "../../modules/sebt_enrollment_checker"
+
+  project     = var.project
+  state       = var.state
+  environment = var.environment
+  domain      = "dev.co.sebt-enrollment.codeforamerica.app"
+  hosted_zone_id             = aws_route53_zone.enrollment_checker.zone_id
+  logging_bucket_domain_name = module.logging.bucket_domain_name
+  force_delete               = true
+}
diff --git a/tofu/config/dev-co/outputs.tf b/tofu/config/dev-co/outputs.tf
@@ -8,6 +8,26 @@ output "api_repository_url" {
   value       = module.app.api_repository_url
 }
 
+output "enrollment_checker_distribution_id" {
+  description = "CloudFront distribution ID for the enrollment checker (used for cache invalidation)."
+  value       = module.enrollment_checker.cloudfront_distribution_id
+}
+
+output "enrollment_checker_nameservers" {
+  description = "NS records for the enrollment checker hosted zone."
+  value       = aws_route53_zone.enrollment_checker.name_servers
+}
+
+output "enrollment_checker_s3_bucket" {
+  description = "S3 bucket name for the enrollment checker static site."
+  value       = module.enrollment_checker.s3_bucket_id
+}
+
+output "enrollment_checker_url" {
+  description = "Public URL of the enrollment checker."
+  value       = module.enrollment_checker.site_url
+}
+
 output "web_endpoint_url" {
   description = "URL of the Web service endpoint."
   value       = module.app.web_endpoint_url
@@ -17,8 +37,3 @@ output "web_repository_url" {
   description = "ECR repository URL for the Web service."
   value       = module.app.web_repository_url
 }
-
-output "enrollment_checker_nameservers" {
-  description = "NS records for the enrollment checker hosted zone."
-  value       = aws_route53_zone.enrollment_checker.name_servers
-}
diff --git a/tofu/modules/sebt_enrollment_checker/variables.tf b/tofu/modules/sebt_enrollment_checker/variables.tf
@@ -1,21 +1,17 @@
-variable "project" {
-  type        = string
-  description = "Project name used for resource naming."
-}
-
-variable "state" {
+variable "domain" {
   type        = string
-  description = "State abbreviation (e.g. co, dc)."
+  description = "Fully qualified domain name for the enrollment checker (e.g. dev.co.sebt-enrollment.codeforamerica.app)."
 }
 
 variable "environment" {
   type        = string
   description = "Deployment environment (e.g. development, production)."
 }
 
-variable "domain" {
-  type        = string
-  description = "Fully qualified domain name for the enrollment checker (e.g. dev.co.sebt-enrollment.codeforamerica.app)."
+variable "force_delete" {
+  type        = bool
+  description = "Allow destruction of the S3 bucket even if it contains objects."
+  default     = false
 }
 
 variable "hosted_zone_id" {
@@ -28,8 +24,12 @@ variable "logging_bucket_domain_name" {
   description = "Domain name of the S3 logging bucket for access logs."
 }
 
-variable "force_delete" {
-  type        = bool
-  description = "Allow destruction of the S3 bucket even if it contains objects."
-  default     = false
+variable "project" {
+  type        = string
+  description = "Project name used for resource naming."
+}
+
+variable "state" {
+  type        = string
+  description = "State abbreviation (e.g. co, dc)."
 }
