search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
683 stars 291 forks source link

Rename DNS Hosted Zone domain names #767

Closed zuriguardiola closed 3 years ago

zuriguardiola commented 3 years ago

Expected Behavior

Domain names for hosted zones have a limit of 64 characters. The current domain for the Performance Hub preproduction hosted zone exceeds that limit and it is blocking the infrastructure build.

Example domain name: .hmpps-preproduction.modernisation-platform.service.justice.gov.uk

New proposed domain name: .hmpps-preprod.modernisation-platform.service.justice.gov.uk

davidkelliott commented 3 years ago

We've changed the way we validate certificates to resolve this:

Because of a 64 character limit on the domain name on a public certificate, we've had to change the domain name to be modernisation-platform.service.gov.uk, and have the SubjectAlternativeNames as eg platforms-development.modernisation-platform.service...

https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html#ACM-RequestCertificate-request-DomainName

By doing this it means when a user creates a certificate it needs to be validated from the modernisation-platform domain level. This is created in the core-network-services account so we need to give user pipelines a role to be able to create these records without being able to do anything else in this account.

Permission set taken from here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/r53-api-permissions-ref.html#required-permissions-resource-record-sets

https://github.com/ministryofjustice/modernisation-platform/pull/769