Skip to content

Commit 3d01cbd

Browse files
magulmagul
authored
Sprzątanie zon DNS (#116)
* SOA i NS są automatycznie tworzone podczas tworzenia zony - nie ma potrzeby śledzić ich w Terraformie * import zony codefor.pl z OVH (obecnie w OVH jest dużo więcej rekordów, ale są to auto-śmieci dodawane przez OVH) * przeniesienie zone (i niezwiązanych z śledzoną infrastrukturą rekordów) do dedykowanych domenom plików (z prefiksem `domains-`)
1 parent aab4653 commit 3d01cbd

9 files changed

+287
-257
lines changed

alinka_website.tf

Lines changed: 0 additions & 26 deletions
This file was deleted.

codeforpoznan_pl.tf

Lines changed: 0 additions & 200 deletions
This file was deleted.

codeforpoznan_pl_v2.tf

Lines changed: 111 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,111 @@
1+
# That's not working properly right now, will be fixed in CodeForPoznan/Infrastructure#51
2+
resource "aws_route53_record" "www_codeforpoznan_pl" {
3+
zone_id = aws_route53_zone.codeforpoznan_pl.zone_id
4+
name = "www.codeforpoznan.pl."
5+
type = "CNAME"
6+
ttl = "300"
7+
records = [
8+
"codeforpoznan.pl.",
9+
]
10+
}
11+
12+
module "codeforpoznan_pl_ssl_certificate" {
13+
source = "./ssl_certificate"
14+
15+
domain = "codeforpoznan.pl"
16+
route53_zone = aws_route53_zone.codeforpoznan_pl
17+
18+
providers = {
19+
aws = aws.north_virginia
20+
}
21+
}
22+
23+
module "codeforpoznan_pl_mailing_identity" {
24+
source = "./mailing_identity"
25+
26+
domain = "codeforpoznan.pl"
27+
route53_zone = aws_route53_zone.codeforpoznan_pl
28+
}
29+
30+
// shared public bucket (we will push here all static assets in separate directories)
31+
resource "aws_s3_bucket" "codeforpoznan_public" {
32+
bucket = "codeforpoznan-public"
33+
34+
lifecycle {
35+
ignore_changes = [
36+
cors_rule,
37+
]
38+
}
39+
}
40+
41+
resource "aws_s3_bucket_cors_configuration" "codeforpoznan_public_cors" {
42+
bucket = aws_s3_bucket.codeforpoznan_public.bucket
43+
44+
cors_rule {
45+
allowed_methods = ["GET", "HEAD"]
46+
allowed_origins = ["*"]
47+
}
48+
}
49+
50+
data "aws_iam_policy_document" "codeforpoznan_public_policy" {
51+
version = "2012-10-17"
52+
53+
statement {
54+
sid = "PublicListBucket"
55+
effect = "Allow"
56+
principals {
57+
identifiers = ["*"]
58+
type = "*"
59+
}
60+
actions = ["s3:ListBucket"]
61+
resources = ["arn:aws:s3:::codeforpoznan-public"]
62+
}
63+
64+
statement {
65+
sid = "PublicGetObject"
66+
effect = "Allow"
67+
principals {
68+
identifiers = ["*"]
69+
type = "*"
70+
}
71+
actions = ["s3:GetObject"]
72+
resources = ["arn:aws:s3:::codeforpoznan-public/*"]
73+
}
74+
}
75+
76+
resource "aws_s3_bucket_policy" "codeforpoznan_public_policy" {
77+
bucket = aws_s3_bucket.codeforpoznan_public.bucket
78+
policy = data.aws_iam_policy_document.codeforpoznan_public_policy.json
79+
}
80+
81+
// shared private bucket for storing zipped projects and lambdas code
82+
resource "aws_s3_bucket" "codeforpoznan_lambdas" {
83+
bucket = "codeforpoznan-lambdas"
84+
85+
lifecycle {
86+
ignore_changes = [
87+
grant,
88+
]
89+
}
90+
}
91+
92+
resource "aws_s3_bucket_acl" "codeforpoznan_lambdas_acl" {
93+
bucket = aws_s3_bucket.codeforpoznan_lambdas.bucket
94+
acl = "private"
95+
}
96+
97+
// shared private bucket for storing terraform state in one place
98+
resource "aws_s3_bucket" "codeforpoznan_tfstate" {
99+
bucket = "codeforpoznan-tfstate"
100+
101+
lifecycle {
102+
ignore_changes = [
103+
grant,
104+
]
105+
}
106+
}
107+
108+
resource "aws_s3_bucket_acl" "codeforpoznan_tfstate_acl" {
109+
bucket = aws_s3_bucket.codeforpoznan_tfstate.id
110+
acl = "private"
111+
}

dev_alinka_website.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ module "dev_alinka_website_ssl_certificate" {
88
source = "./ssl_certificate"
99

1010
domain = "dev.alinka.io"
11-
route53_zone = aws_route53_zone.alinka_website
11+
route53_zone = aws_route53_zone.alinka_io
1212

1313
providers = {
1414
aws = aws.north_virginia
@@ -29,7 +29,7 @@ module "dev_alinka_website_cloudfront_distribution" {
2929
name = "dev_alinka_website"
3030
domain = "dev.alinka.io"
3131
s3_bucket = aws_s3_bucket.codeforpoznan_public
32-
route53_zone = aws_route53_zone.alinka_website
32+
route53_zone = aws_route53_zone.alinka_io
3333
iam_user = module.dev_alinka_website_user.user
3434
acm_certificate = module.dev_alinka_website_ssl_certificate.certificate
3535

domains-alinka.io.tf

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
// Domain registered in OVH by magul
2+
resource "aws_route53_zone" "alinka_io" {
3+
name = "alinka.io"
4+
}
5+
6+
moved {
7+
from = aws_route53_zone.alinka_website
8+
to = aws_route53_zone.alinka_io
9+
}
10+
11+
removed {
12+
from = aws_route53_record.ns_alinka_website
13+
14+
lifecycle {
15+
destroy = false
16+
}
17+
}
18+
19+
removed {
20+
from = aws_route53_record.soa_alinka_website
21+
22+
lifecycle {
23+
destroy = false
24+
}
25+
}

0 commit comments

Comments
 (0)