# Data source to get Route53 hosted zone
data "aws_route53_zone" "main" {
  count        = var.create_route53_records ? 1 : 0
  name         = var.domain_name
  private_zone = false
}

# ACM Certificate for CloudFront (must be in us-east-1) - conditional
resource "aws_acm_certificate" "main" {
  count                     = var.create_acm_certificate ? 1 : 0
  provider                  = aws.us_east_1
  domain_name               = var.domain_name
  subject_alternative_names = ["*.${var.domain_name}"]
  validation_method         = var.certificate_domain_validation_options

  lifecycle {
    create_before_destroy = true
  }

  tags = {
    Name = "${var.project_name}-${var.environment}-certificate"
  }
}

# Route53 records for ACM certificate validation
resource "aws_route53_record" "cert_validation" {
  provider = aws.us_east_1
  for_each = var.create_route53_records && var.create_acm_certificate ? {
    for dvo in aws_acm_certificate.main[0].domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  } : {}

  zone_id         = data.aws_route53_zone.main[0].zone_id
  name            = each.value.name
  type            = each.value.type
  records         = [each.value.record]
  ttl             = 60
  allow_overwrite = true
}

# ACM Certificate validation
resource "aws_acm_certificate_validation" "main" {
  count                   = var.create_acm_certificate ? 1 : 0
  provider                = aws.us_east_1
  certificate_arn         = aws_acm_certificate.main[0].arn
  validation_record_fqdns = var.create_route53_records ? [for record in aws_route53_record.cert_validation : record.fqdn] : null

  timeouts {
    create = "10m"
  }
}

# Route53 A record for main domain (CloudFront alias)
resource "aws_route53_record" "main" {
  count   = var.create_route53_records ? 1 : 0
  zone_id = data.aws_route53_zone.main[0].zone_id
  name    = var.domain_name
  type    = "A"

  alias {
    name                   = aws_cloudfront_distribution.main.domain_name
    zone_id                = aws_cloudfront_distribution.main.hosted_zone_id
    evaluate_target_health = false
  }
}

# Route53 A record for www subdomain (CloudFront alias)
resource "aws_route53_record" "www" {
  count   = var.create_route53_records ? 1 : 0
  zone_id = data.aws_route53_zone.main[0].zone_id
  name    = "www.${var.domain_name}"
  type    = "A"

  alias {
    name                   = aws_cloudfront_distribution.main.domain_name
    zone_id                = aws_cloudfront_distribution.main.hosted_zone_id
    evaluate_target_health = false
  }
}