Skip to content

Commit

Permalink
chore: adding dane tls
Browse files Browse the repository at this point in the history
  • Loading branch information
kiraum committed Oct 5, 2024
1 parent 82515ad commit ee7af51
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 16 deletions.
5 changes: 5 additions & 0 deletions environments/prod/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
data "aws_acm_certificate" "website_cert_kiraum" {
provider = aws.us_east_1
domain = "kiraum.it"
statuses = ["ISSUED"]
}
3 changes: 3 additions & 0 deletions environments/prod/locals.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
locals {
tlsa_hash_kiraum = base64encode(sha256(data.aws_acm_certificate.website_cert_kiraum.certificate))
}
8 changes: 7 additions & 1 deletion environments/prod/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ module "billing_report" {
module "route53" {
source = "../../modules/route53"

hosted_zones = {
domains = {
"kiraum_it" = {
domain_name = "kiraum.it"
comment = "kiraum.it hosted zone"
Expand Down Expand Up @@ -95,6 +95,12 @@ module "route53" {
ttl = 300
records = ["dpop20p5u4112.cloudfront.net"]
},
{
name = "_443._tcp"
type = "TXT"
ttl = 300
records = ["3 1 1 ${local.tlsa_hash_kiraum}"]
},
# MX records for email routing
{
name = ""
Expand Down
29 changes: 15 additions & 14 deletions modules/route53/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,35 +9,36 @@ terraform {
}

resource "aws_route53_zone" "zones" {
for_each = var.hosted_zones

name = each.value.domain_name
comment = each.value.comment
for_each = var.domains
name = each.value.domain_name
comment = each.value.comment
}

resource "aws_route53_record" "records" {
for_each = { for record in flatten([
for zone_key, zone in var.hosted_zones : [
for domain, zone in var.domains : [
for record in zone.records : {
zone_key = zone_key
record = record
key = "${domain}-${record.name}-${record.type}"
value = merge(record, {
zone_id = aws_route53_zone.zones[domain].zone_id
})
}
]
]) : "${record.zone_key}-${record.record.name}-${record.record.type}" => record }
]) : record.key => record.value }

zone_id = aws_route53_zone.zones[each.value.zone_key].zone_id
name = each.value.record.name
type = each.value.record.type
zone_id = each.value.zone_id
name = each.value.name
type = each.value.type

dynamic "alias" {
for_each = each.value.record.alias != null ? [each.value.record.alias] : []
for_each = each.value.alias != null ? [each.value.alias] : []
content {
name = alias.value.name
zone_id = alias.value.zone_id
evaluate_target_health = alias.value.evaluate_target_health
}
}

ttl = each.value.record.alias == null ? each.value.record.ttl : null
records = each.value.record.alias == null ? each.value.record.records : null
ttl = each.value.alias == null ? each.value.ttl : null
records = each.value.alias == null ? each.value.records : null
}
2 changes: 1 addition & 1 deletion modules/route53/variables.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
variable "hosted_zones" {
variable "domains" {
type = map(object({
domain_name = string
comment = string
Expand Down

0 comments on commit ee7af51

Please sign in to comment.