[DCMAW-11018] Update Regional Certificate ARNs to point at new certs

govuk-one-login · Jan 20, 2025 · 0a79abd · 0a79abd
1 parent fbc7e33
commit 0a79abd
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/backend-api/template.yaml b/backend-api/template.yaml
@@ -246,6 +246,10 @@ Conditions:
       - !Ref DevOverrideStsBaseUrl
       - none
 
+  UseWildcardCertificate: !And
+    - !Equals [!Ref Environment, dev]
+    - !Not [!Equals [!Ref AWS::StackName, mob-async-backend]]
+
   DeployAlarms: !Or
     - !Not
       - !Equals
@@ -659,7 +663,11 @@ Resources:
       EndpointConfiguration:
         Types:
           - REGIONAL
-      RegionalCertificateArn: !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneWildcardCertificateARN}}'
+      RegionalCertificateArn: !If
+        - UseWildcardCertificate
+        - !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneWildcardCertificateV1ARN}}'
+        - !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneProxyCertificateV1ARN}}'
+
       SecurityPolicy: TLS_1_2
     Condition: ProxyApiDeployment
 
@@ -880,7 +888,10 @@ Resources:
       EndpointConfiguration:
         Types:
           - REGIONAL
-      RegionalCertificateArn: !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneWildcardCertificateARN}}'
+      RegionalCertificateArn: !If
+        - UseWildcardCertificate
+        - !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneWildcardCertificateV1ARN}}'
+        - !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneSessionsCertificateV1ARN}}'
       SecurityPolicy: TLS_1_2
 
   SessionsApiBasePathMapping:

diff --git a/sts-mock/template.yaml b/sts-mock/template.yaml
@@ -74,6 +74,10 @@ Conditions:
       - !Ref DevOverrideAsyncBackendBaseUrl
       - none
 
+  UseWildcardCertificate: !And
+    - !Equals [!Ref Environment, dev]
+    - !Not [!Equals [!Ref AWS::StackName, mob-sts-mock]]
+
 Resources:
   StsMockApi:
     Type: AWS::Serverless::Api
@@ -119,7 +123,10 @@ Resources:
       EndpointConfiguration:
         Types:
           - REGIONAL
-      RegionalCertificateArn: !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneWildcardCertificateARN}}'
+      RegionalCertificateArn: !If
+        - UseWildcardCertificate
+        - !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneWildcardCertificateV1ARN}}'
+        - !Sub '{{resolve:ssm:/${Environment}/Platform/ACM/AsyncPrimaryZoneStsMockCertificateV1ARN}}'
       SecurityPolicy: TLS_1_2
 
   StsMockApiBasePathMapping: