From e0ee96318d34c5f57b23f2a28a320d71e511564f Mon Sep 17 00:00:00 2001
From: James Griffiths <james@jwgsoftware.com>
Date: Wed, 15 Jan 2025 14:49:19 +0000
Subject: [PATCH] HTTPS certificate

---
 terraform/https_certificate.tf | 33 +++++++++++++++++++++++++++++++++
 terraform/route53.tf           |  5 +++++
 2 files changed, 38 insertions(+)
 create mode 100644 terraform/https_certificate.tf
 create mode 100644 terraform/route53.tf

diff --git a/terraform/https_certificate.tf b/terraform/https_certificate.tf
new file mode 100644
index 00000000..01b7358d
--- /dev/null
+++ b/terraform/https_certificate.tf
@@ -0,0 +1,33 @@
+
+resource "aws_acm_certificate" "https_certificate_for_our_domain" {
+  // This certificate is for use by CloudFront, so it has to be created in the us-east-1 region (for some reason!)
+  provider = aws.us-east-1
+
+  domain_name = "${var.dns_record_subdomain_including_dot}${data.aws_route53_zone.route_53_zone_for_our_domain.name}"
+  validation_method = "DNS"
+}
+
+resource "aws_route53_record" "example" {
+  for_each = {
+    for dvo in aws_acm_certificate.https_certificate_for_our_domain.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.route_53_zone_for_our_domain.zone_id
+}
+
+resource "aws_acm_certificate_validation" "certificate_validation_waiter" {
+  // This certificate is for use by CloudFront, so it has to be created in the us-east-1 region (for some reason!)
+  provider = aws.us-east-1
+
+  certificate_arn = aws_acm_certificate.https_certificate_for_our_domain.arn
+  validation_record_fqdns = [for record in aws_route53_record.example : record.fqdn]
+}
diff --git a/terraform/route53.tf b/terraform/route53.tf
new file mode 100644
index 00000000..3a553bba
--- /dev/null
+++ b/terraform/route53.tf
@@ -0,0 +1,5 @@
+
+data "aws_route53_zone" "route_53_zone_for_our_domain" {
+  name = "gender-pay-gap.service.gov.uk."
+}
+