Don't create the default HTTP listener if we're creating the HTTPS

brtrvn · brtrvn · commit 0da25d25c5f7 · 2022-04-19T18:49:57.000-07:00
redirect listener on port 80. Fix IAM permissions when deleting a
tenant.
diff --git a/resources/saas-boost-svc-onboarding.yaml b/resources/saas-boost-svc-onboarding.yaml
@@ -652,6 +652,7 @@ Resources:
               - rds:DescribeDBClusterSnapshots
             Resource:
               - !Sub arn:aws:rds:${AWS::Region}:${AWS::AccountId}:db:*
+              - !Sub arn:aws:rds:${AWS::Region}:${AWS::AccountId}:cluster:sb-${Environment}-*tenant*
               - !Sub arn:aws:rds:${AWS::Region}:${AWS::AccountId}:cluster-snapshot:*
           - Effect: Allow
             Action:
diff --git a/resources/tenant-onboarding.yaml b/resources/tenant-onboarding.yaml
@@ -46,6 +46,7 @@ Conditions:
   HasHostedZone: !Not [!Equals [!Ref HostedZoneId, '']]
   HasSubDomainName: !Not [!Equals [!Ref TenantSubDomain, '']]
   HasCertificate: !Not [!Equals [!Ref SSLCertificateArn, '']]
+  NoCertificate: !Equals [!Ref SSLCertificateArn, '']
   CreateSubDomainAlias: !And 
     - !Condition HasDomainName
     - !Condition HasHostedZone
@@ -300,6 +301,7 @@ Resources:
       Protocol: HTTP
   HttpListener:
     Type: AWS::ElasticLoadBalancingV2::Listener
+    Condition: NoCertificate
     Properties:
       LoadBalancerArn: !Ref ApplicationLoadBalancer
       Port: 80
