Merge pull request #47 from Hestia-Homes/main

Getting custom domain working for lambdas
2026-06-08 11:17:27 +00:00 · 2023-07-17 15:12:53 +01:00 · 2023-07-17 15:12:53 +01:00 · 7dd608f9ac
commit 7dd608f9ac
parent 48c2c40e81 f43e8fd5c5
8 changed files with 4622 additions and 5 deletions
--- a/.github/workflows/deploy_fastapi_backend.yml
+++ b/.github/workflows/deploy_fastapi_backend.yml
@ -51,5 +51,5 @@ jobs:
          SECRET_KEY: ${{ secrets.NEXTAUTH_SECRET }}
          ALGORITHM: 'HS256'
          PLAN_TRIGGER_BUCKET: 'retrofit-plan-inputs-${{ github.ref_name }}'
-          DOMAIN_NAME: ${{ secrets.DOMAIN_NAME }}
+          DOMAIN_NAME: "${{ toUpper(github.ref_name) }}_${{ secrets.DOMAIN_NAME }}"
        run: cd backend && sls deploy --stage ${{ github.ref_name }} --verbose
--- a/backend/README.md
+++ b/backend/README.md
@ -106,6 +106,29 @@ Remember, the dummy JWT is meant for testing purposes only and should not be
 used in production environments. The /dummy-token endpoint is not available 
 in non-local environments.

+# Custom Domain Setup for AWS API Gateway
+Before you deploy your Serverless application for the first time, you need to set up a custom domain for AWS API Gateway. This is done using the sls create_domain command, which creates a custom domain in API Gateway that your services can use.
+
+To set up a custom domain, use the following command:
+
+```bash
+sls create_domain --stage dev --aws-profile DevAdmin --verbose
+```
+
+Replace dev with the name of the stage you're deploying to. This command only needs to be run once per custom domain, 
+and not every time you deploy your application. After running this command, 
+you can associate your AWS Lambda functions with this domain using the customDomain 
+configuration in your serverless.yml file.
+
+This command requires the Serverless Domain Manager plugin, 
+so make sure you have it installed and properly configured in your serverless.yml file.
+
+Please note that the process of creating and associating a custom domain can take up to 40 minutes. 
+Once the custom domain is created, it's immediately available for use in your Serverless applications.
+
+Remember to replace DevAdmin with the profile that has appropriate permissions in your AWS account. 
+The --verbose flag is optional and is used to print detailed logs to the console.
+
 ### Thoughts for authenticating the frontend with the backend
 To provide secure communication between your frontend Next.js application and your backend FastAPI service, you have several options. Here are a few popular approaches:

--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@ -1,5 +1,6 @@
 {
  "devDependencies": {
+    "serverless-domain-manager": "^7.0.4",
    "serverless-offline": "^12.0.4",
    "serverless-python-requirements": "^6.0.0"
  }
--- a/backend/serverless.yml
+++ b/backend/serverless.yml
@ -12,6 +12,7 @@ provider:
    PLAN_TRIGGER_BUCKET: ${env:PLAN_TRIGGER_BUCKET}
    DOMAIN_NAME: ${env:DOMAIN_NAME}

+
 package:
  individually: true
  include:
@ -29,7 +30,7 @@ custom:
    dockerSsh: true
    fileName: requirements/base.txt
  customDomain:
-    domainName: api-${self:provider.environment.ENVIRONMENT}.${self:provider.environment.DOMAIN_NAME}
+    domainName: api.${self:provider.environment.DOMAIN_NAME}
    createRoute53Record: true
    certificateArn: ${ssm:/ssl_certificate_arn}

--- a/infrastructure/terraform/dev.tfvars
+++ b/infrastructure/terraform/dev.tfvars
@ -4,8 +4,8 @@ region = "eu-west-2"

 # Domain
 # Remember to create a production url in Google domains before deploying
-domain_name = "hestia.homes"
-api_url_prefix = "api-dev"
+domain_name = "dev.hestia.homes"
+api_url_prefix = "api"

 # Database
 allocated_storage = 20
--- a/infrastructure/terraform/main.tf
+++ b/infrastructure/terraform/main.tf
@ -20,6 +20,12 @@ provider "aws" {
  region  = var.region
 }

+# Additional provider for resources that need to be in us-east-1, specifically the SSL certificate
+provider "aws" {
+  alias   = "aws_use1"
+  region  = "us-east-1"
+}
+
 # Assuming the secret is already created and the name is "<stage>/assessment_model/db_credentials"
 data "aws_secretsmanager_secret" "db_credentials" {
  name = "${var.stage}/assessment_model/db_credentials"
@ -89,5 +95,7 @@ module "route53" {
  source = "./modules/route53"
  domain_name = var.domain_name
  api_url_prefix = var.api_url_prefix
-  
+  providers = {
+    aws.aws_use1 = aws.aws_use1
+  }
 }
--- a/infrastructure/terraform/modules/route53/main.tf
+++ b/infrastructure/terraform/modules/route53/main.tf
@ -4,6 +4,7 @@ resource "aws_route53_zone" "my_hosted_zone" {

 # Request an SSL certificate for the domain
 resource "aws_acm_certificate" "my_certificate_request" {
+  provider                  = aws.aws_use1
  domain_name               = "*.${var.domain_name}"
  validation_method         = "DNS"

@ -35,6 +36,7 @@ resource "aws_route53_record" "my_validation_record" {
 }

 resource "aws_acm_certificate_validation" "my_certificate_validation" {
+  provider            = aws.aws_use1
  certificate_arn         = aws_acm_certificate.my_certificate_request.arn
  validation_record_fqdns = [for record in aws_route53_record.my_validation_record: record.fqdn]
 }