There is a step in the deployment process that requires Ansible variables to be updated so that they point to the appropriate instance (blue/green) of OTP. We should attempt to use a consistent DNS endpoint for OTP such that we don't need this variable to change across deployments.

(This may require extending the existing deployment steps so that DNS records for OTP are updated for the most recent stack automatically.)

I do not think that I have fully satisfied the requirements of this issue, but as incremental improvements:

• I created a wildcard ACM certificate for *.otp.gophillygo.org
• I associated with both the blue and green CloudFront distributions
• I updated the production group vars to reference human-readable OTP FQDNs

# Uncomment one of the following depending on which color stack is to be launched
# otp_host: "https://blue.otp.gophillygo.org" # Blue
otp_host: "https://green.otp.gophillygo.org"  # Green

Previously, these were *****.cloudfront.net FQDNs, which made it slightly more difficult to map to stack colors.

The main challenge I ran into with trying to use otp.gophillygo.org consistently across stacks is that the otp.gophillygo.org domain alias can only be associated with one CloudFront distribution at a time. This means that we'd have to manipulate distribution origin DNS configuration to facilitate stack switching.

In this particular context, making those types of changes felt like a significant departure with how things work/are understood now. It seemed better to cut losses and focus on the minimal FQDN improvement outlined above.

cc: @rbreslow

These are nice improvements.

In this particular context, making those types of changes felt like a significant departure with how things work/are understood now. It seemed better to cut losses and focus on the minimal FQDN improvement outlined above.

Yeah, I agree. I think those types of changes would require us to have a mechanism for threading through environment variables via CloudFormation (e.g. stateless AMIs) or via the user data approach we take in Model My Watershed.

I think these types of changes will generate less immediate value compared to things like automating the OTP graph generation process. Also, we could delegate the group vars to the Jenkins build configuration which would be a huge lift.