| | |
| | | HostedZoneConfig: |
| | | Comment: "{{ aws_comment }}" |
| | | |
| | | DnsZonePublic: |
| | | Type: "AWS::Route53::HostedZone" |
| | | Properties: |
| | | Name: "{{ aws_dns_zone_public }}" |
| | | HostedZoneConfig: |
| | | Comment: "{{ aws_comment }}" |
| | | |
| | | DnsPublicDelegation: |
| | | Type: "AWS::Route53::RecordSetGroup" |
| | | DependsOn: |
| | | - DnsZonePublic |
| | | Properties: |
| | | HostedZoneName: "{{ aws_dns_zone_root }}" |
| | | RecordSets: |
| | | - Name: "{{ aws_dns_zone_public }}" |
| | | Type: NS |
| | | TTL: {{ aws_dns_ttl_public }} |
| | | ResourceRecords: |
| | | "Fn::GetAtt": |
| | | - DnsZonePublic |
| | | - NameServers |
| | | |
| | | {% for instance in instances %} |
| | | {% if instance['dns_loadbalancer'] | d(false) | bool |
| | |
| | | {% endif %} |
| | | {% endfor %} |
| | | Properties: |
| | | HostedZoneName: {{ aws_dns_zone_root }} |
| | | HostedZoneId: |
| | | Ref: DnsZonePublic |
| | | RecordSets: |
| | | - Name: "{{instance['name']}}.{{ guid }}.{{ aws_dns_zone_root }}" |
| | | - Name: "{{instance['name']}}.{{ aws_dns_zone_public }}" |
| | | Type: A |
| | | TTL: {{ aws_dns_ttl_public }} |
| | | ResourceRecords: |
| | |
| | | DependsOn: |
| | | - {{instance['name']}}{{loop.index}}EIP |
| | | Properties: |
| | | HostedZoneName: "{{ aws_dns_zone_root }}" |
| | | HostedZoneId: |
| | | Ref: DnsZonePublic |
| | | RecordSets: |
| | | {% if instance['unique'] | d(false) | bool %} |
| | | - Name: "{{instance['name']}}.{{subdomain_base}}." |
| | |
| | | {% endfor %} |
| | | {% endfor %} |
| | | |
| | | Route53User: |
| | | Type: AWS::IAM::User |
| | | Properties: |
| | | Policies: |
| | | - PolicyName: Route53Access |
| | | PolicyDocument: |
| | | Statement: |
| | | - Effect: Allow |
| | | Action: route53:GetHostedZone |
| | | Resource: arn:aws:route53:::change/* |
| | | |
| | | - Effect: Allow |
| | | Action: route53:ListHostedZones |
| | | Resource: "*" |
| | | |
| | | - Effect: Allow |
| | | Action: |
| | | - route53:ChangeResourceRecordSets |
| | | - route53:ListResourceRecordSets |
| | | - route53:GetHostedZone |
| | | Resource: |
| | | Fn::Join: |
| | | - "" |
| | | - - "arn:aws:route53:::hostedzone/" |
| | | - Ref: DnsZonePublic |
| | | |
| | | - Effect: Allow |
| | | Action: route53:GetChange |
| | | Resource: arn:aws:route53:::change/* |
| | | |
| | | Route53UserAccessKey: |
| | | DependsOn: Route53User |
| | | Type: AWS::IAM::AccessKey |
| | | Properties: |
| | | UserName: |
| | | Ref: Route53User |
| | | |
| | | Outputs: |
| | | Route53internalzoneOutput: |
| | | Description: The ID of the internal route 53 zone |
| | | Value: |
| | | Ref: DnsZonePrivate |
| | | Route53User: |
| | | Value: |
| | | Ref: Route53User |
| | | Description: IAM User for Route53 (Let's Encrypt) |
| | | Route53UserAccessKey: |
| | | Value: |
| | | Ref: Route53UserAccessKey |
| | | Description: IAM User for Route53 (Let's Encrypt) |
| | | Route53UserSecretAccessKey: |
| | | Value: |
| | | Fn::GetAtt: |
| | | - Route53UserAccessKey |
| | | - SecretAccessKey |
| | | Description: IAM User for Route53 (Let's Encrypt) |