| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109 | locals {  # I decided to get fancy here. For the list of domains, if any are parents of the others, I create the associated NS records  # to delegate it.    # Grabs the parent domains  parent_domains_all = { for domain in var.hosted_public_dns_zones: domain => regex("^[^\\.]*\\.(.+)$", domain)[0] }  # filters out those that aren't in our list  domains_with_parents = {     for domain, parent in local.parent_domains_all:       domain => parent if contains(var.hosted_public_dns_zones, parent)   }  # delegated parent domains  delegated_parent_domains_all = { for domain, value in var.delegated_public_dns_zones: domain => regex("^[^\\.]*\\.(.+)$", domain)[0] }  # filters out those that aren't in our list  delegated_domain_parents = {     for domain, parent in local.delegated_parent_domains_all:       domain => parent if contains(var.hosted_public_dns_zones, parent)   }}# These outputs are useful for debugging, but commenting them out for now.#output parent_domains {#  value = local.parent_domains_all#}#output domains_with_parents {#  value = local.domains_with_parents#}#output delegated_parent_domains {#  value = local.delegated_parent_domains_all#}#output delegated_domain_parents {#  value = local.delegated_domain_parents#}# Create the public zonesresource "aws_route53_zone" "public" {  for_each = toset(var.hosted_public_dns_zones)  name = each.value  tags = merge(var.standard_tags, var.tags)}#output "domains" {#  value = aws_route53_zone.public#}resource "aws_route53_record" "soa" {  for_each = local.domains_with_parents  allow_overwrite = true  name            = each.key  ttl             = 60  type            = "NS"  zone_id         = aws_route53_zone.public[each.value].id  records = aws_route53_zone.public[each.key].name_servers}# At this point, I don't know where to point these websites, so these are dummy addresses. But the below is# tested and functional when we have a web presence.#resource "aws_route53_record" "at" {#  for_each = toset(var.hosted_public_dns_zones)#  zone_id = aws_route53_zone.public[each.value].id#  name    = ""#  type    = "A"#  ttl     = "300"#  records = [ "1.1.1.1" ]#}##resource "aws_route53_record" "www" {#  for_each = toset(var.hosted_public_dns_zones)#  zone_id = aws_route53_zone.public[each.value].id#  name    = "www"#  type    = "CNAME"#  ttl     = "300"#  records = [ each.value ]#}# Create delegations for domains hosted in other accountsresource "aws_route53_record" "soa_for_delegated" {  for_each = var.delegated_public_dns_zones  allow_overwrite = true  name            = each.key  ttl             = 60  type            = "NS"  zone_id         = aws_route53_zone.public[local.delegated_domain_parents[each.key]].id  records = each.value}resource "aws_route53_record" "dnstest" {  for_each = toset(var.hosted_public_dns_zones)  zone_id = aws_route53_zone.public[each.value].id  name    = "dnstest"  type    = "A"  ttl     = "300"  # Non-routable Test IP: https://tools.ietf.org/html/rfc5737  records = [ "203.0.113.1" ]}resource "aws_route53_record" "dmarc" {  for_each = toset(var.hosted_public_dns_zones)  zone_id = aws_route53_zone.public[each.value].id  name    = "_dmarc"  type    = "TXT"  ttl     = "600"  records = [ "v=DMARC1; p=quarantine; sp=quarantine; pct=100; fo=1; ruf=mailto:DmarcRUF@AccentureFederal.com; rua=mailto:DmarcRUA@AccentureFederal.com,mailto:reports@dmarc.cyber.dhs.gov; aspf=s; adkim=s" ]}
 |