diff --git a/aws/dns/dev.notification.cdssandbox.xyz.tf b/aws/dns/dev.notification.cdssandbox.xyz.tf index 92f9cda3c..04bed3955 100644 --- a/aws/dns/dev.notification.cdssandbox.xyz.tf +++ b/aws/dns/dev.notification.cdssandbox.xyz.tf @@ -76,4 +76,5 @@ resource "aws_route53_record" "bounce-dev-notification-sandbox-TXT" { type = "TXT" ttl = "300" records = ["v=spf1 include:amazonses.com ~all"] -} \ No newline at end of file +} + diff --git a/aws/dns/dev.notification.internal.tf b/aws/dns/dev.notification.internal.tf new file mode 100644 index 000000000..ba09a01af --- /dev/null +++ b/aws/dns/dev.notification.internal.tf @@ -0,0 +1,31 @@ +#checkov:skip=CKV2_AWS_38:This is an internal DNS and thus DNSSEC not required +#checkov:skip=CKV2_AWS_39:DNS Query Logging is not supported for internal DNS +resource "aws_route53_zone" "dev_internal_dns" { + count = var.env == "dev" ? 1 : 0 + name = "dev.notification.internal" + + vpc { + vpc_id = var.vpc_id + } +} + +# Dev Tools DNS + +resource "aws_route53_record" "pgadmin_internal_CNAME" { + count = var.env == "dev" ? 1 : 0 + zone_id = aws_route53_zone.dev_internal_dns[0].zone_id + name = "pgadmin.dev.notification.internal" + type = "CNAME" + ttl = "60" + records = ["internal-a83839c0acb264ff7b00f69e94dc3ca3-2136659269.ca-central-1.elb.amazonaws.com"] +} + +resource "aws_route53_record" "graylog_internal_CNAME" { + count = var.env == "dev" ? 1 : 0 + zone_id = aws_route53_zone.dev_internal_dns[0].zone_id + name = "graylog.dev.notification.internal" + type = "CNAME" + ttl = "60" + records = ["internal-a82ca1c11dea44ac5a264c3615f1b2cf-1155384976.ca-central-1.elb.amazonaws.com"] +} + diff --git a/aws/dns/variables.tf b/aws/dns/variables.tf index 81ea069b5..820c6a1ee 100644 --- a/aws/dns/variables.tf +++ b/aws/dns/variables.tf @@ -20,4 +20,9 @@ variable "route_53_zone_arn" { type = string description = "Used by the scratch environment to reference cdssandbox in staging" default = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" +} + +variable "vpc_id" { + type = string + description = "Used to associate the internal DNS with the VPC" } \ No newline at end of file diff --git a/env/dev/dns/.terraform.lock.hcl b/env/dev/dns/.terraform.lock.hcl index 103ef59b6..94243d752 100644 --- a/env/dev/dns/.terraform.lock.hcl +++ b/env/dev/dns/.terraform.lock.hcl @@ -23,3 +23,23 @@ provider "registry.terraform.io/hashicorp/aws" { "zh:dccca1090e4054d6558218406385fb0421ab4ac3b75e121641973be481a81f01", ] } + +provider "registry.terraform.io/hashicorp/tls" { + version = "4.0.5" + constraints = "~> 4.0" + hashes = [ + "h1:yLqz+skP3+EbU3yyvw8JqzflQTKDQGsC9QyZAg+S4dg=", + "zh:01cfb11cb74654c003f6d4e32bbef8f5969ee2856394a96d127da4949c65153e", + "zh:0472ea1574026aa1e8ca82bb6df2c40cd0478e9336b7a8a64e652119a2fa4f32", + "zh:1a8ddba2b1550c5d02003ea5d6cdda2eef6870ece86c5619f33edd699c9dc14b", + "zh:1e3bb505c000adb12cdf60af5b08f0ed68bc3955b0d4d4a126db5ca4d429eb4a", + "zh:6636401b2463c25e03e68a6b786acf91a311c78444b1dc4f97c539f9f78de22a", + "zh:76858f9d8b460e7b2a338c477671d07286b0d287fd2d2e3214030ae8f61dd56e", + "zh:a13b69fb43cb8746793b3069c4d897bb18f454290b496f19d03c3387d1c9a2dc", + "zh:a90ca81bb9bb509063b736842250ecff0f886a91baae8de65c8430168001dad9", + "zh:c4de401395936e41234f1956ebadbd2ed9f414e6908f27d578614aaa529870d4", + "zh:c657e121af8fde19964482997f0de2d5173217274f6997e16389e7707ed8ece8", + "zh:d68b07a67fbd604c38ec9733069fbf23441436fecf554de6c75c032f82e1ef19", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/env/dev/dns/terragrunt.hcl b/env/dev/dns/terragrunt.hcl index 7874b7d8e..007d24fc0 100644 --- a/env/dev/dns/terragrunt.hcl +++ b/env/dev/dns/terragrunt.hcl @@ -32,6 +32,7 @@ include { inputs = { notification_canada_ca_ses_callback_arn = dependency.common.outputs.notification_canada_ca_ses_callback_arn + vpc_id = dependency.common.outputs.vpc_id ses_custom_sending_domains = ["custom-sending-domain.dev.notification.cdssandbox.xyz"] lambda_ses_receiving_emails_image_arn = dependency.ses_receiving_emails.outputs.lambda_ses_receiving_emails_image_arn } diff --git a/env/production/dns/terragrunt.hcl b/env/production/dns/terragrunt.hcl index 904ceec72..b81726354 100644 --- a/env/production/dns/terragrunt.hcl +++ b/env/production/dns/terragrunt.hcl @@ -36,6 +36,7 @@ include { inputs = { notification_canada_ca_ses_callback_arn = dependency.common.outputs.notification_canada_ca_ses_callback_arn + vpc_id = dependency.common.outputs.vpc_id ses_custom_sending_domains = ["notification.gov.bc.ca", "notify.novascotia.ca"] lambda_ses_receiving_emails_image_arn = dependency.ses_receiving_emails.outputs.lambda_ses_receiving_emails_image_arn } diff --git a/env/scratch/dns/terragrunt.hcl b/env/scratch/dns/terragrunt.hcl index 645f5fcb5..46c57c7a6 100644 --- a/env/scratch/dns/terragrunt.hcl +++ b/env/scratch/dns/terragrunt.hcl @@ -32,6 +32,7 @@ include { inputs = { notification_canada_ca_ses_callback_arn = dependency.common.outputs.notification_canada_ca_ses_callback_arn + vpc_id = dependency.common.outputs.vpc_id ses_custom_sending_domains = ["custom-sending-domain.scratch.notification.cdssandbox.xyz"] lambda_ses_receiving_emails_image_arn = dependency.ses_receiving_emails.outputs.lambda_ses_receiving_emails_image_arn } diff --git a/env/staging/dns/terragrunt.hcl b/env/staging/dns/terragrunt.hcl index fd35c9323..e5542f387 100644 --- a/env/staging/dns/terragrunt.hcl +++ b/env/staging/dns/terragrunt.hcl @@ -32,6 +32,7 @@ include { inputs = { notification_canada_ca_ses_callback_arn = dependency.common.outputs.notification_canada_ca_ses_callback_arn + vpc_id = dependency.common.outputs.vpc_id ses_custom_sending_domains = ["custom-sending-domain.staging.notification.cdssandbox.xyz"] lambda_ses_receiving_emails_image_arn = dependency.ses_receiving_emails.outputs.lambda_ses_receiving_emails_image_arn }