locals { # I decided to get fancy here. For the list of domains, if any are parents of the others, I create the associated NS records # to delegate it. # Grabs the parent domains parent_domains_all = { for domain in local.hosted_public_dns_zones : domain => regex("^[^\\.]*\\.(.+)$", domain)[0] } # filters out those that aren't in our list domains_with_parents = { for domain, parent in local.parent_domains_all : domain => parent if contains(local.hosted_public_dns_zones, parent) } # delegated parent domains delegated_parent_domains_all = { for domain, value in local.delegated_public_dns_zones : domain => regex("^[^\\.]*\\.(.+)$", domain)[0] } # filters out those that aren't in our list delegated_domain_parents = { for domain, parent in local.delegated_parent_domains_all : domain => parent if contains(local.hosted_public_dns_zones, parent) } } # These outputs are useful for debugging, but commenting them out for now. #output parent_domains { # value = local.parent_domains_all #} #output domains_with_parents { # value = local.domains_with_parents #} #output delegated_parent_domains { # value = local.delegated_parent_domains_all #} #output delegated_domain_parents { # value = local.delegated_domain_parents #} # Create the public zones resource "aws_route53_zone" "public" { for_each = toset(local.hosted_public_dns_zones) name = each.value tags = merge(local.standard_tags, var.tags) } #output "domains" { # value = aws_route53_zone.public #} resource "aws_route53_record" "soa" { for_each = local.domains_with_parents allow_overwrite = true name = each.key ttl = 60 type = "NS" zone_id = aws_route53_zone.public[each.value].id records = aws_route53_zone.public[each.key].name_servers } # At this point, I don't know where to point these websites, so these are dummy addresses. But the below is # tested and functional when we have a web presence. #resource "aws_route53_record" "at" { # for_each = toset(local.hosted_public_dns_zones) # zone_id = aws_route53_zone.public[each.value].id # name = "" # type = "A" # ttl = "300" # records = [ "1.1.1.1" ] #} # #resource "aws_route53_record" "www" { # for_each = toset(local.hosted_public_dns_zones) # zone_id = aws_route53_zone.public[each.value].id # name = "www" # type = "CNAME" # ttl = "300" # records = [ each.value ] #} # Create delegations for domains hosted in other accounts resource "aws_route53_record" "soa_for_delegated" { for_each = local.delegated_public_dns_zones allow_overwrite = true name = each.key ttl = 60 type = "NS" zone_id = aws_route53_zone.public[local.delegated_domain_parents[each.key]].id records = each.value } resource "aws_route53_record" "dnstest" { for_each = toset(local.hosted_public_dns_zones) zone_id = aws_route53_zone.public[each.value].id name = "dnstest" type = "A" ttl = "300" # Non-routable Test IP: https://tools.ietf.org/html/rfc5737 records = ["203.0.113.1"] } resource "aws_route53_record" "dmarc" { for_each = toset(local.hosted_public_dns_zones) zone_id = aws_route53_zone.public[each.value].id name = "_dmarc" type = "TXT" ttl = "600" records = ["v=DMARC1; p=quarantine; sp=quarantine; pct=100; fo=1; ruf=mailto:DmarcRUF@AccentureFederal.com; rua=mailto:DmarcRUA@AccentureFederal.com,mailto:reports@dmarc.cyber.dhs.gov; aspf=s; adkim=s"] }