# Copyright 2016-2021, Pulumi Corporation. import pulumi from pulumi.resource import ResourceOptions import pulumi_aws as aws def configure_dns(domain: str, zone_id: pulumi.Input): # SSL Cert must be created in us-east-1 unrelated to where the API is deployed. aws_us_east_1 = aws.Provider("aws-provider-us-east-1", region="us-east-1") # Request ACM certificate ssl_cert = aws.acm.Certificate("ssl-cert", domain_name=domain, validation_method="DNS", opts=ResourceOptions(provider=aws_us_east_1)) # Create DNS record to prove to ACM that we own the domain ssl_cert_validation_dns_record = aws.route53.Record("ssl-cert-validation-dns-record", zone_id=zone_id, name=ssl_cert.domain_validation_options.apply( lambda options: options[0].resource_record_name), type=ssl_cert.domain_validation_options.apply( lambda options: options[0].resource_record_type), records=[ssl_cert.domain_validation_options.apply( lambda options: options[0].resource_record_value)], ttl=10*60) # Wait for the certificate validation to succeed validated_ssl_certificate = aws.acm.CertificateValidation("ssl-cert-validation", certificate_arn=ssl_cert.arn, validation_record_fqdns=[ssl_cert_validation_dns_record.fqdn], opts=ResourceOptions(provider=aws_us_east_1)) # Configure API Gateway to be able to use domain name & certificate api_domain_name = aws.apigateway.DomainName("api-domain-name", certificate_arn=validated_ssl_certificate.certificate_arn, domain_name=domain) # Create DNS record aws.route53.Record("api-dns", zone_id=zone_id, type="A", name=domain, aliases=[aws.route53.RecordAliasArgs( name=api_domain_name.cloudfront_domain_name, evaluate_target_health=False, zone_id=api_domain_name.cloudfront_zone_id)]) return api_domain_name