From b488b1ad1dff23e1c12d4d1f3687592068505a7c Mon Sep 17 00:00:00 2001
From: thiagoclessa <80272327+thiagoclessa@users.noreply.github.com>
Date: Mon, 17 Jul 2023 16:19:50 -0300
Subject: [PATCH] ajuste tempalte site

---
 certificate/certificate.tf | 39 ++++++++++++++++++++++++++++++++++++++
 certificate/output.tf      |  3 +++
 certificate/variable.tf    |  2 ++
 cloudfront/cloudfront.tf   |  9 +++++++--
 cloudfront/variable.tf     |  2 ++
 main.tf                    |  8 +++++++-
 6 files changed, 60 insertions(+), 3 deletions(-)
 create mode 100644 certificate/certificate.tf
 create mode 100644 certificate/output.tf
 create mode 100644 certificate/variable.tf

diff --git a/certificate/certificate.tf b/certificate/certificate.tf
new file mode 100644
index 0000000..c8dbb0a
--- /dev/null
+++ b/certificate/certificate.tf
@@ -0,0 +1,39 @@
+resource "aws_acm_certificate" "certificate" {
+  domain_name       = "${var.domain}"
+  validation_method = "DNS"
+
+    tags = {
+    "Name" = "Site"
+  }
+}
+
+resource "aws_acm_certificate_validation" "certificate_validation" {
+  certificate_arn         = aws_acm_certificate.certificate.arn
+  validation_record_fqdns = [for record in aws_route53_record.certificate_records : record.fqdn]
+
+  depends_on = [
+    aws_acm_certificate.certificate
+  ]
+
+  timeouts {
+    create = "10m"
+  }
+}
+
+# Add Certificate Validation Records on Route53
+resource "aws_route53_record" "certificate_records" {
+  for_each = {
+    for dvo in aws_acm_certificate.certificate.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
+    }
+  }
+
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = data.aws_route53_zone.domain_zone.zone_id
+}
\ No newline at end of file
diff --git a/certificate/output.tf b/certificate/output.tf
new file mode 100644
index 0000000..9991629
--- /dev/null
+++ b/certificate/output.tf
@@ -0,0 +1,3 @@
+output "vca" {
+  value = "${aws_acm_certificate_validation.certificate_validation.certificate_arn}"
+}
\ No newline at end of file
diff --git a/certificate/variable.tf b/certificate/variable.tf
new file mode 100644
index 0000000..ae9f80a
--- /dev/null
+++ b/certificate/variable.tf
@@ -0,0 +1,2 @@
+variable "domain" {
+}
\ No newline at end of file
diff --git a/cloudfront/cloudfront.tf b/cloudfront/cloudfront.tf
index 9b2e779..9d11127 100644
--- a/cloudfront/cloudfront.tf
+++ b/cloudfront/cloudfront.tf
@@ -37,9 +37,14 @@ resource "aws_cloudfront_distribution" "tf" {
     }
   }
 
+  
   viewer_certificate {
-    cloudfront_default_certificate = true
-    ssl_support_method = "sni-only"
+    cloudfront_default_certificate = false
+
+    minimum_protocol_version = "TLSv1.2_2021"
+    ssl_support_method       = "sni-only"
+
+    acm_certificate_arn = "${var.vca}"
   }
 }
 #### ROUTE53 #####  
diff --git a/cloudfront/variable.tf b/cloudfront/variable.tf
index 5d28cdf..f8944b1 100644
--- a/cloudfront/variable.tf
+++ b/cloudfront/variable.tf
@@ -2,3 +2,5 @@ variable "domain" {
 }
 variable "zoneid" {
 }
+variable "vca" {
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index a4f2ac2..9548002 100644
--- a/main.tf
+++ b/main.tf
@@ -3,10 +3,16 @@ module "site" {
   domain              = local.config.domain
 }
 
+module "certificate" { 
+  source = "./certificate" 
+  domain           = local.config.domain 
+  vca = module.certificate.output.vca
+   
+} 
 
 module "cloudfront" { 
   source = "./cloudfront" 
   domain           = local.config.domain 
   zoneid           = local.config.zoneid
-   
+  vca = module.certificate.output.vca
 }