From e99f503052517e882af8e466be1c0d2c72f8839a Mon Sep 17 00:00:00 2001 From: Adar Nimrod <nimrod@shore.co.il> Date: Mon, 11 Apr 2022 20:57:25 +0300 Subject: [PATCH] aws.shore.co.il subdomain. New AWS subdomain. The point is having it in AWS so Terraform can manage it and then it I can do cool things, like requesting certificates from AWS and validate ownership using DNS all inside the comfort of Terraform. --- Ansible/roles/router/files/nsd/shore.co.il | 7 ++- Terraform/AWS/route53.tf | 52 ++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Terraform/AWS/route53.tf diff --git a/Ansible/roles/router/files/nsd/shore.co.il b/Ansible/roles/router/files/nsd/shore.co.il index 6b987f3..ffae98d 100644 --- a/Ansible/roles/router/files/nsd/shore.co.il +++ b/Ansible/roles/router/files/nsd/shore.co.il @@ -2,7 +2,7 @@ $TTL 1h $ORIGIN shore.co.il. @ IN SOA ns1 hostmaster ( - 2021051901 + 2022041003 1h 5m 4w @@ -85,3 +85,8 @@ host01._domainkey IN TXT ("v=DKIM1\; k=rsa\;" _adsp._domainkey IN TXT "dkim=all;" _dmarc IN TXT "v=DMARC1;p=quarantine;pct=100;sp=reject;fo=1;rua=mailto:postmaster@shore.co.il;ruf=mailto:postmaster@shore.co.il;adkim=s;aspf=s" + +aws IN NS ns-117.awsdns-14.com. +aws IN NS ns-1352.awsdns-41.org. +aws IN NS ns-1664.awsdns-16.co.uk. +aws IN NS ns-750.awsdns-29.net. diff --git a/Terraform/AWS/route53.tf b/Terraform/AWS/route53.tf new file mode 100644 index 0000000..fc772ab --- /dev/null +++ b/Terraform/AWS/route53.tf @@ -0,0 +1,52 @@ +resource "aws_route53_zone" "zone" { + name = "aws.shore.co.il" +} + +locals { + dns_zone_arn = aws_route53_zone.zone.arn + dns_zone_id = aws_route53_zone.zone.zone_id + dns_zone_name = aws_route53_zone.zone.name + dns_zone_name_servers = aws_route53_zone.zone.name_servers +} + +output "dns_zone_arn" { + description = "ARN of the Route53 DNS zone." + value = local.dns_zone_arn +} + +output "dns_zone_id" { + description = "ID of the Route53 DNS zone." + value = local.dns_zone_id +} + +output "dns_zone_name" { + description = "Name of the Router53 DNS zone." + value = local.dns_zone_name +} + +output "dns_zone_name_servers" { + description = "List of name servers of the Route53 DNS zone." + value = local.dns_zone_name_servers +} + +locals { + aws_caa_domain_names = [ + "amazon.com", + "amazontrust.com", + "awstrust.com", + "amazonaws.com", + ] +} + +resource "aws_route53_record" "caa" { + name = local.dns_zone_name + records = [ + "0 issue \"amazon.com\"", + "0 issue \"amazontrust.com\"", + "0 issue \"awstrust.com\"", + "0 issue \"amazonaws.com\"", + ] + ttl = 86400 + type = "CAA" + zone_id = local.dns_zone_id +} -- GitLab