Remove notification canada ca (#409)

* Removing references to notification-canada-ca * comment * formatting * locals * updating role * updating role * removing cname * removing zone
cds-snc · Jul 24, 2024 · 6deb427 · 6deb427
1 parent 89d1549
commit 6deb427
Show file tree

Hide file tree

Showing 3 changed files with 181 additions and 266 deletions.
diff --git a/terraform/notification.alpha.canada.ca.tf b/terraform/notification.alpha.canada.ca.tf
@@ -1,3 +1,12 @@
+locals {
+  notification_alb                              = "notification-production-alb-1685085140.ca-central-1.elb.amazonaws.com"
+  notification_zone_id                          = "ZQSVJUPU6J1EY"
+  api_gateway_regional_zone_id                  = "Z19DQILCV0OWEC" # ca-central-1
+  api_lambda_gateway_domain_name_api_lambda     = "d-0jho4qbdqi.execute-api.ca-central-1.amazonaws.com"
+  api_lambda_gateway_domain_name_alt_api_lambda = "d-f9v7fu3260.execute-api.ca-central-1.amazonaws.com"
+  api_lambda_gateway_domain_name_api            = "d-jwtzdgd9qg.execute-api.ca-central-1.amazonaws.com"
+}
+
 resource "aws_route53_record" "notification-alpha-canada-ca-ALIAS" {
   zone_id = aws_route53_zone.alpha-canada-ca-public.zone_id
   name    = "notification.alpha.canada.ca"

diff --git a/terraform/notification.canada.ca-role.tf b/terraform/notification.canada.ca-role.tf
@@ -39,12 +39,19 @@ resource "aws_iam_policy" "notify_prod_dns_manager_policy" {
         Action = [
           "route53:ListResourceRecordSets",
           "route53:ChangeResourceRecordSets",
-          "route53:GetChange",
-          "route53:ListTagsForResource"
+          "route53:ListTagsForResource",
+          "route53:UpdateHostedZoneComment"
         ],
         Effect   = "Allow",
         Resource = "arn:aws:route53:::hostedzone/Z1XG153PQF3VV5"
       },
+      {
+        Action = [
+          "route53:GetChange"
+        ],
+        Effect   = "Allow",
+        Resource = "arn:aws:route53:::change/*"
+      },
       {
         Action = [
           "route53:GetHostedZone",
@@ -63,4 +70,4 @@ resource "aws_iam_policy" "notify_prod_dns_manager_policy" {
 resource "aws_iam_role_policy_attachment" "prod_dns_manager_policy_attachment" {
   role       = aws_iam_role.notify_prod_dns_manager.name
   policy_arn = aws_iam_policy.notify_prod_dns_manager_policy.arn
-}
+}