From e99f503052517e882af8e466be1c0d2c72f8839a Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Mon, 11 Apr 2022 20:57:25 +0300
Subject: [PATCH] aws.shore.co.il subdomain.

New AWS subdomain. The point is having it in AWS so Terraform can manage
it and then it I can do cool things, like requesting certificates from
AWS and validate ownership using DNS all inside the comfort of
Terraform.
---
 Ansible/roles/router/files/nsd/shore.co.il |  7 ++-
 Terraform/AWS/route53.tf                   | 52 ++++++++++++++++++++++
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 Terraform/AWS/route53.tf

diff --git a/Ansible/roles/router/files/nsd/shore.co.il b/Ansible/roles/router/files/nsd/shore.co.il
index 6b987f3..ffae98d 100644
--- a/Ansible/roles/router/files/nsd/shore.co.il
+++ b/Ansible/roles/router/files/nsd/shore.co.il
@@ -2,7 +2,7 @@
 $TTL 1h
 $ORIGIN shore.co.il.
 @               IN      SOA     ns1     hostmaster (
-        2021051901
+        2022041003
         1h
         5m
         4w
@@ -85,3 +85,8 @@ host01._domainkey IN    TXT     ("v=DKIM1\; k=rsa\;"
 
 _adsp._domainkey        IN      TXT     "dkim=all;"
 _dmarc  IN      TXT     "v=DMARC1;p=quarantine;pct=100;sp=reject;fo=1;rua=mailto:postmaster@shore.co.il;ruf=mailto:postmaster@shore.co.il;adkim=s;aspf=s"
+
+aws     IN      NS      ns-117.awsdns-14.com.
+aws     IN      NS      ns-1352.awsdns-41.org.
+aws     IN      NS      ns-1664.awsdns-16.co.uk.
+aws     IN      NS      ns-750.awsdns-29.net.
diff --git a/Terraform/AWS/route53.tf b/Terraform/AWS/route53.tf
new file mode 100644
index 0000000..fc772ab
--- /dev/null
+++ b/Terraform/AWS/route53.tf
@@ -0,0 +1,52 @@
+resource "aws_route53_zone" "zone" {
+  name = "aws.shore.co.il"
+}
+
+locals {
+  dns_zone_arn          = aws_route53_zone.zone.arn
+  dns_zone_id           = aws_route53_zone.zone.zone_id
+  dns_zone_name         = aws_route53_zone.zone.name
+  dns_zone_name_servers = aws_route53_zone.zone.name_servers
+}
+
+output "dns_zone_arn" {
+  description = "ARN of the Route53 DNS zone."
+  value       = local.dns_zone_arn
+}
+
+output "dns_zone_id" {
+  description = "ID of the Route53 DNS zone."
+  value       = local.dns_zone_id
+}
+
+output "dns_zone_name" {
+  description = "Name of the Router53 DNS zone."
+  value       = local.dns_zone_name
+}
+
+output "dns_zone_name_servers" {
+  description = "List of name servers of the Route53 DNS zone."
+  value       = local.dns_zone_name_servers
+}
+
+locals {
+  aws_caa_domain_names = [
+    "amazon.com",
+    "amazontrust.com",
+    "awstrust.com",
+    "amazonaws.com",
+  ]
+}
+
+resource "aws_route53_record" "caa" {
+  name = local.dns_zone_name
+  records = [
+    "0 issue \"amazon.com\"",
+    "0 issue \"amazontrust.com\"",
+    "0 issue \"awstrust.com\"",
+    "0 issue \"amazonaws.com\"",
+  ]
+  ttl     = 86400
+  type    = "CAA"
+  zone_id = local.dns_zone_id
+}
-- 
GitLab