From edbd8e4f9446dc26bc93ab18450ea4f2ab61c48a Mon Sep 17 00:00:00 2001
From: Namiki Asuka <asuka0708japan@gmail.com>
Date: Sat, 22 Jun 2024 07:23:15 +0000
Subject: [PATCH 1/2] =?UTF-8?q?web.ts=E3=81=ABssl=E3=81=AE=E8=A8=AD?=
 =?UTF-8?q?=E5=AE=9A=E3=82=92=E8=BF=BD=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/backend/lib/constructs/web.ts | 21 ++++++++++++++++++++-
 src/backend/package.json          |  2 +-
 src/backend/tsconfig.json         |  1 +
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/backend/lib/constructs/web.ts b/src/backend/lib/constructs/web.ts
index d718d448..d01eec74 100644
--- a/src/backend/lib/constructs/web.ts
+++ b/src/backend/lib/constructs/web.ts
@@ -7,6 +7,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as waf from 'aws-cdk-lib/aws-wafv2';
 import * as cognito from 'aws-cdk-lib/aws-cognito';
 import * as idPool from '@aws-cdk/aws-cognito-identitypool-alpha';
+import * as acm from 'aws-cdk-lib/aws-certificatemanager';
 
 
 export interface WebProps {
@@ -21,6 +22,23 @@ export class Web extends Construct {
   constructor(scope: Construct, id: string, props: WebProps) {
     super(scope, id);
 
+   // 環境変数に基づいて条件を設定
+    const isProd = process.env.ENVIRONMENT === 'prod';
+    let certificateArn: acm.ICertificate | undefined = undefined;
+    let domainNames: string[] | undefined = undefined;
+
+    if (isProd) {
+      // 既存の証明書のARNを指定
+      const existingCertificateArn = process.env.CERTIFICATE_ARN;
+      if (typeof existingCertificateArn === 'string') { // ここでstring型であることを確認
+        const certificate = acm.Certificate.fromCertificateArn(this, 'Certificate', existingCertificateArn);
+        certificateArn = certificate;
+        domainNames = ['bouquet-note.com', '*.bouquet-note.com'];
+      } else {
+        console.error('CERTIFICATE_ARN environment variable is undefined.');
+      }
+    }
+
     const { cloudFrontWebDistribution, s3BucketInterface } = new CloudFrontToS3(this, 'Web', {
       insertHttpSecurityHeaders: false,
       bucketProps: {
@@ -43,6 +61,8 @@ export class Web extends Construct {
         serverAccessLogsPrefix: 'logs',
       },
       cloudFrontDistributionProps: {
+        certificate: certificateArn, // 条件に基づいてSSL証明書を設定
+        domainNames: domainNames, // 条件に基づいてドメイン名を設定
         geoRestriction: cloudfront.GeoRestriction.allowlist('JP'),
         errorResponses: [
           {
@@ -70,7 +90,6 @@ export class Web extends Construct {
         'npm run build -w src/frontend',
       ],
       buildEnvironment: {
-        // REACT_APP_IDENTITY_POOL_ID: props.identityPool.identityPoolId,
         VITE_COGNITO_REGION: cdk.Stack.of(this).region,
         VITE_COGNITO_USER_POOL_ID: props.userPool.userPoolId,
         VITE_COGNITO_APP_USER_POOL_CLIENT_ID: props.userPoolClient.userPoolClientId,
diff --git a/src/backend/package.json b/src/backend/package.json
index 48cc2a5f..b2a27e05 100644
--- a/src/backend/package.json
+++ b/src/backend/package.json
@@ -12,7 +12,7 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.11",
-    "@types/node": "20.11.5",
+    "@types/node": "^20.11.5",
     "aws-cdk": "2.122.0",
     "jest": "^29.7.0",
     "ts-jest": "^29.1.1",
diff --git a/src/backend/tsconfig.json b/src/backend/tsconfig.json
index aaa7dc51..311aad61 100644
--- a/src/backend/tsconfig.json
+++ b/src/backend/tsconfig.json
@@ -20,6 +20,7 @@
     "inlineSources": true,
     "experimentalDecorators": true,
     "strictPropertyInitialization": false,
+    "types": ["node"],
     "typeRoots": [
       "./node_modules/@types"
     ]

From 29a97fb043a70b712d46770344c56aab87af83be Mon Sep 17 00:00:00 2001
From: Namiki Asuka <asuka0708japan@gmail.com>
Date: Sat, 22 Jun 2024 07:24:46 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=E3=83=AF=E8=A8=BC=E6=98=8E=E6=9B=B8ARN?=
 =?UTF-8?q?=E5=8F=96=E5=BE=97=E3=82=92=E8=BF=BD=E8=A8=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/backend.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml
index fefdffe0..3584c3b3 100644
--- a/.github/workflows/backend.yml
+++ b/.github/workflows/backend.yml
@@ -52,6 +52,7 @@ jobs:
           echo aws region: ${{ secrets.AWS_REGION }}
           echo aws account: ${{ secrets.AWS_ACCOUNT }}
           echo actions role: ${{ secrets.ACTIONS_ROLE}}
+          echo certificate ARN: ${{ secrets.certificateArn }}
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -66,5 +67,8 @@ jobs:
 
       - name: CDK Deploy
         if: startsWith(github.ref, 'refs/heads/feature/') ||  github.ref == 'refs/heads/main'
+        env:
+          CERTIFICATE_ARN: ${{ secrets.certificateArn }}
+          ENVIRONMENT: ${{ needs.set-environment.outputs.environment }}
         run: npm run cdk deploy --all
         working-directory: src/backend