feat: Support setting no subdomain.

jamesiarmes · jamesiarmes · commit 7f2b72386918 · 2025-11-13T15:50:42.000-05:00
diff --git a/dns.tf b/dns.tf
@@ -1,6 +1,6 @@
 resource "aws_route53_record" "subdomain" {
   zone_id = data.aws_route53_zone.domain.zone_id
-  name    = "${local.subdomain}.${var.domain}"
+  name    = local.fqdn
   type    = "A"
 
   alias {
@@ -13,7 +13,7 @@ resource "aws_route53_record" "subdomain" {
 resource "aws_acm_certificate" "subdomain" {
   # Specify the name rather than referencing the resource directly. This allows
   # us to create the certificate before the DNS record exists.
-  domain_name       = "${local.subdomain}.${var.domain}"
+  domain_name       = local.fqdn
   validation_method = "DNS"
 
   lifecycle {
diff --git a/locals.tf b/locals.tf
@@ -1,12 +1,12 @@
 locals {
-  fqdn      = "${local.subdomain}.${var.domain}"
-  subdomain = var.subdomain == "" ? var.environment : var.subdomain
+  fqdn      = join(".", compact([local.subdomain, var.domain]))
+  subdomain = var.subdomain != null ? var.subdomain : var.environment
   # If an origin ALB ARN is provided, use its DNS name; otherwise, use the
   # provided origin domain or construct one.
   origin_domain = (var.origin_alb_arn != null
     ? data.aws_lb.origin["this"].dns_name
-    : (var.origin_domain != "" ? var.origin_domain : join(".", ["origin", local.subdomain, var.domain]))
+    : (var.origin_domain != "" ? var.origin_domain : join(".", compact(["origin", local.subdomain, var.domain])))
   )
   prefix = "${var.project}-${var.environment}"
-  tags   = merge(var.tags, { domain : "${local.subdomain}.${var.domain}" })
+  tags   = merge(var.tags, { domain : local.fqdn })
 }
diff --git a/main.tf b/main.tf
@@ -2,7 +2,7 @@ resource "aws_cloudfront_distribution" "waf" {
   enabled         = true
   comment         = "Pass traffic through WAF before sending to the origin."
   is_ipv6_enabled = true
-  aliases         = ["${local.subdomain}.${var.domain}"]
+  aliases         = [local.fqdn]
   price_class     = "PriceClass_100"
   web_acl_id      = aws_wafv2_web_acl.waf.arn
 
@@ -50,7 +50,7 @@ resource "aws_cloudfront_distribution" "waf" {
   logging_config {
     include_cookies = false
     bucket          = var.log_bucket
-    prefix          = "cloudfront/${local.subdomain}.${var.domain}"
+    prefix          = "cloudfront/${local.fqdn}"
   }
 
   default_cache_behavior {
@@ -88,6 +88,9 @@ resource "aws_cloudfront_distribution" "waf" {
 resource "terraform_data" "prefix" {
   input = local.prefix
 }
+resource "terraform_data" "origin_alb" {
+  input = var.origin_alb_arn
+}
 
 resource "aws_cloudfront_vpc_origin" "this" {
   for_each = var.origin_alb_arn != null ? toset(["this"]) : toset([])
@@ -108,10 +111,11 @@ resource "aws_cloudfront_vpc_origin" "this" {
   tags = local.tags
 
   lifecycle {
-    # Name changes don't force a replacement, but will fail if the origin is in
-    # use. We want to force a replacement so that the name is updated properly.
+    # Some changes don't force a replacement, but will fail if the origin is in
+    # use. We want to force a replacement so that the origin is updated
+    # properly.
     create_before_destroy = true
-    replace_triggered_by  = [terraform_data.prefix]
+    replace_triggered_by  = [terraform_data.prefix, terraform_data.origin_alb]
   }
 }
 
diff --git a/variables.tf b/variables.tf
@@ -105,7 +105,7 @@ variable "request_policy" {
 variable "subdomain" {
   type        = string
   description = "Subdomain for the distribution. Defaults to the environment."
-  default     = ""
+  default     = null
 }
 
 variable "tags" {

Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ variable "request_policy" {`
`105`	`105`	`variable "subdomain" {`
`106`	`106`	`type = string`
`107`	`107`	`description = "Subdomain for the distribution. Defaults to the environment."`
`108`		`- default = ""`
	`108`	`+ default = null`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`variable "tags" {`