Merge pull request #225 from mcagov/terraform_ssl_update

Switched ALBs to use terraform managed ACM certificate. Removed hardc…
mcagov · Sep 18, 2024 · 3ebd1b0 · 3ebd1b0
2 parents 454379d + 4e59379
commit 3ebd1b0
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 17 deletions.
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -64,9 +64,8 @@ module "backoffice-alb" {
   public_subnets  = module.vpc.public_subnets
   private_subnets = module.vpc.private_subnets
 
-  lb_ssl_policy = var.lb_ssl_policy
-  #  ssl_certificate_arn = module.acm.ssl_certificate_arn
-  ssl_certificate_arn = var.current_ssl_certificate_arn
+  lb_ssl_policy       = var.lb_ssl_policy
+  ssl_certificate_arn = module.acm.ssl_certificate_arn
 
   port             = var.backoffice_port
   protocol         = "HTTP"
@@ -84,9 +83,8 @@ module "webapp-alb" {
   public_subnets  = module.vpc.public_subnets
   private_subnets = module.vpc.private_subnets
 
-  lb_ssl_policy = var.lb_ssl_policy
-  #  ssl_certificate_arn = module.acm.ssl_certificate_arn
-  ssl_certificate_arn = var.current_ssl_certificate_arn
+  lb_ssl_policy       = var.lb_ssl_policy
+  ssl_certificate_arn = module.acm.ssl_certificate_arn
 
 
   port             = var.webapp_port

diff --git a/terraform/tfvars/dev.tfvars b/terraform/tfvars/dev.tfvars
@@ -30,8 +30,7 @@ ssl_domains = [
   "dev.backoffice.report-wreck-material.service.gov.uk"
 ]
 
-current_ssl_certificate_arn = "arn:aws:acm:eu-west-2:842544458664:certificate/24e37f5d-35cb-46ff-a087-4085764ca82c"
-lb_ssl_policy               = "ELBSecurityPolicy-FS-1-2-2019-08"
+lb_ssl_policy = "ELBSecurityPolicy-FS-1-2-2019-08"
 
 enable_alerts                                      = true
 percentage_cpu_utilization_high_threshold          = 90

diff --git a/terraform/tfvars/production.tfvars b/terraform/tfvars/production.tfvars
@@ -65,8 +65,7 @@ delegated_hosted_zones = {
   ]
 }
 
-current_ssl_certificate_arn = "arn:aws:acm:eu-west-2:257298404318:certificate/b53f260b-bdb1-416f-80df-7c558e1ddb73"
-lb_ssl_policy               = "ELBSecurityPolicy-FS-1-2-2019-08"
+lb_ssl_policy = "ELBSecurityPolicy-FS-1-2-2019-08"
 
 enable_alerts                                      = false
 percentage_cpu_utilization_high_threshold          = 90

diff --git a/terraform/tfvars/staging.tfvars b/terraform/tfvars/staging.tfvars
@@ -30,8 +30,7 @@ ssl_domains = [
   "staging.backoffice.report-wreck-material.service.gov.uk"
 ]
 
-current_ssl_certificate_arn = "arn:aws:acm:eu-west-2:703203758589:certificate/85df4513-01ad-45b2-8520-50e7c56f6bf5"
-lb_ssl_policy               = "ELBSecurityPolicy-FS-1-2-2019-08"
+lb_ssl_policy = "ELBSecurityPolicy-FS-1-2-2019-08"
 
 enable_alerts                                      = false
 percentage_cpu_utilization_high_threshold          = 90

diff --git a/terraform/variables.tf b/terraform/variables.tf
@@ -89,11 +89,6 @@ variable "ssl_domains" {
   description = "List of domains for SSL certificate"
 }
 
-variable "current_ssl_certificate_arn" {
-  type        = string
-  description = "SSL certificate arn for the existing cert"
-}
-
 variable "lb_ssl_policy" {
   type        = string
   description = "Security policy for the SSL certificate"