-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathroute53_records.tf
91 lines (75 loc) · 3.2 KB
/
route53_records.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
module "github_verification" {
# see https://developer.hashicorp.com/terraform/language/meta-arguments/for_each
for_each = aws_route53_zone.domains
# see https://registry.terraform.io/modules/ksatirli/route53-github-verification/aws/2.0.0
source = "ksatirli/route53-github-verification/aws"
version = "3.0.0"
# GitHub Organizations require `-o` suffix, personal accounts do not
github_owner = "${var.project_identifier}-o"
validation_code = var.domains[each.key].github_challenge
zone_id = aws_route53_zone.domains[each.key].zone_id
}
module "keybase_domain_proofs" {
# see https://developer.hashicorp.com/terraform/language/meta-arguments/for_each
for_each = aws_route53_zone.domains
# see https://registry.terraform.io/modules/ksatirli/route53-keybase-domain-proof/aws/2.1.0
source = "ksatirli/route53-keybase-domain-proof/aws"
version = "2.1.0"
domain_proof = var.domains[each.key].keybase_proof
zone_id = aws_route53_zone.domains[each.key].zone_id
}
module "workmail_records" {
# see https://developer.hashicorp.com/terraform/language/meta-arguments/for_each
for_each = toset([
"workloads_app",
"workloads_fm",
"workloads_io",
"workloads_run",
])
# see https://registry.terraform.io/modules/ksatirli/route53-workmail-records/aws/2.1.0
source = "ksatirli/route53-workmail-records/aws"
version = "2.1.0"
workmail_zone = "us-west-2"
zone_id = aws_route53_zone.domains[each.key].zone_id
apex_txt_record_append = [
# see https://support.1password.com/breach-report/
"1password-site-verification=${var.domains[each.key].onepassword_challenge}",
# see https://support.google.com/webmasters/answer/9008080
"google-site-verification=${var.domains[each.key].google_site_verification}"
]
}
# Special Record for Let's Encrypt DNS Challenge
# see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record
resource "aws_route53_record" "svcs_dev_txt" {
zone_id = aws_route53_zone.domains["svcs_dev"].zone_id
name = aws_route53_zone.domains["svcs_dev"].name
type = "TXT"
ttl = var.record_ttl
# see https://developer.hashicorp.com/terraform/language/functions/concat
records = [
"1password-site-verification=${var.domains["svcs_dev"].onepassword_challenge}",
"google-site-verification=${var.domains["svcs_dev"].google_site_verification}"
]
}
# Special Record for HTTP interface of https://github.com/ksatirli/breakpoint
# see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record
resource "aws_route53_record" "svcs_dev_breakpoint_a" {
zone_id = aws_route53_zone.domains["svcs_dev"].zone_id
name = "breakpoint.${aws_route53_zone.domains["svcs_dev"].name}"
type = "A"
ttl = 300
records = [
"127.0.0.1"
]
}
# Special Record for HTTP interface of https://github.com/ksatirli/breakpoint
# see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record
resource "aws_route53_record" "svcs_dev_breakpoint_aaaa" {
zone_id = aws_route53_zone.domains["svcs_dev"].zone_id
name = "breakpoint.${aws_route53_zone.domains["svcs_dev"].name}"
type = "AAAA"
ttl = 300
records = [
"::1"
]
}