Closed zuriguardiola closed 3 years ago
We've changed the way we validate certificates to resolve this:
Because of a 64 character limit on the domain name on a public certificate, we've had to change the domain name to be modernisation-platform.service.gov.uk, and have the SubjectAlternativeNames as eg platforms-development.modernisation-platform.service...
By doing this it means when a user creates a certificate it needs to be validated from the modernisation-platform domain level. This is created in the core-network-services account so we need to give user pipelines a role to be able to create these records without being able to do anything else in this account.
Permission set taken from here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html#required-permissions-resource-record-sets
https://github.com/ministryofjustice/modernisation-platform/pull/769
Expected Behavior
Domain names for hosted zones have a limit of 64 characters. The current domain for the Performance Hub preproduction hosted zone exceeds that limit and it is blocking the infrastructure build.
Example domain name: .hmpps-preproduction.modernisation-platform.service.justice.gov.uk
New proposed domain name: .hmpps-preprod.modernisation-platform.service.justice.gov.uk