TF Module for creating a R53 zone with DNSSEC, should be used in conjunction with lupus-metallum/dnssec-kms to create a key. This can be looped for unique keys per zone if desired. If a var.kms_key_arn is not specified, a zone with be created without DNSSEC.
module "dnssec_key" {
source = "Lupus-Metallum/dnssec-kms/aws"
version = "1.0.4"
name = "my-dnssec-key"
}
module "r53_zone_example_net" {
source = "Lupus-Metallum/r53-zone/aws"
version = "1.7.0"
domain_name = "example.net"
dnssec = true
caa_record = {
aws = true
lets_encrypt = true
}
outlook_autodiscover = true
kms_key_arn = module.dnssec_key.key_arn
signing_key_name = "ExampleDefaultKey"
root_txt = [
"protonmail-verification=0000000000000000000000",
"v=spf1 include:_spf.protonmail.ch -all",
"stripe-verification=000000000000",
]
root_mx = [
"10 mail.protonmail.ch.",
"20 mailsec.protonmail.ch."
]
dmarc_value = ["v=DMARC1; p=quarantine; sp=quarantine; pct=100; rua=mailto:dmarc@example.net"]
protonmail_domainkey = "protonmail.domainkey.00000000000000000000000000000000000000000000000000000.domains.proton.ch."
protonmail2_domainkey = "protonmail2.domainkey.00000000000000000000000000000000000000000000000000000.domains.proton.ch."
protonmail3_domainkey = "protonmail3.domainkey.00000000000000000000000000000000000000000000000000000.domains.proton.ch."
ms_domainkey = "selector1-0000000._domainkey.0000000.onmicrosoft.com"
ms_domainkey2 = "selector2-0000000._domainkey.0000000.onmicrosoft.com"
github_verification_record = "000000000000"
github_org_name = "Lupus-Metallum"
stripe_domainkey1 = "000000000000"
stripe_domainkey2 = "000000000000"
stripe_domainkey3 = "000000000000"
stripe_domainkey4 = "000000000000"
stripe_domainkey5 = "000000000000"
stripe_domainkey6 = "000000000000"
stripe_bounce = true
atlassian_cloud_dkim = true
}
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| domain_name | The name/fqdn of the Route53 Zone. | string |
n/a | yes |
| atlassian_cloud_bounce | Should we create the Atlassian Cloud bounce cname record | bool |
false |
no |
| atlassian_cloud_fallback_dkim | Should we create the Atlassian Cloud DKIM fallback cname record | string |
"" |
no |
| atlassian_cloud_primary_dkim | Should we create the Atlassian Cloud DKIM primary cname record | string |
"" |
no |
| caa_record | Should we add a Certificate Authority Authorization Record for commonly used CA's? | object({ |
{} |
no |
| dmarc_value | Values to put in the root/apex dmarc record of the zone? | list(string) |
[] |
no |
| dnssec | Should DNSSEC be enabled for this domain | bool |
true |
no |
| github_org_name | Name of the GitHub org to add the record for? | string |
"" |
no |
| github_verification_record | Value of the GitHub verification record? | string |
"" |
no |
| kms_key_arn | The arn of the KMS key to sign this zone with. | string |
"" |
no |
| ms_domainkey | Value to use for the first Microsoft 365 DKIM CNAME Record, this is given in the https://security.microsoft.com/dkimv2 setup page. | string |
"" |
no |
| ms_domainkey2 | Value to use for the second Microsoft 365 DKIM CNAME Record, this is given in the https://security.microsoft.com/dkimv2 setup page. | string |
"" |
no |
| outlook_autodiscover | Should we create the autodiscover CNAME record that points to autodiscover.outlook.com? | bool |
false |
no |
| protonmail2_domainkey | Value to use for the second Protonmail DKIM CNAME Record, this is given in the custom domain setup page. | string |
"" |
no |
| protonmail3_domainkey | Value to use for the third Protonmail DKIM CNAME Record, this is given in the custom domain setup page | string |
"" |
no |
| protonmail_domainkey | Value to use for the first Protonmail DKIM CNAME Record, this is given in the custom domain setup page. | string |
"" |
no |
| root_mx | Values to put in the root/apex MX record of the zone? | list(string) |
[] |
no |
| root_txt | Values to put in the root/apex TXT of the zone? | list(string) |
[] |
no |
| signing_key_name | The name to use for the DNSSEC signing key, must be alphanumeric only, no -, _, or spaces. | string |
"DefaultSigningKey" |
no |
| stripe_bounce | Should we create the Stripe boune cname record | bool |
false |
no |
| stripe_domainkey1 | Value to use for the first Stripe DKIM CNAME Record, this is given in the custom domain setup page. This should be the auto-generated text prior to '._domainkey.example.com' | string |
"" |
no |
| stripe_domainkey2 | Value to use for the second Stripe DKIM CNAME Record, this is given in the custom domain setup page. This should be the auto-generated text prior to '._domainkey.example.com' | string |
"" |
no |
| stripe_domainkey3 | Value to use for the third Stripe DKIM CNAME Record, this is given in the custom domain setup page. This should be the auto-generated text prior to '._domainkey.example.com' | string |
"" |
no |
| stripe_domainkey4 | Value to use for the fourth Stripe DKIM CNAME Record, this is given in the custom domain setup page. This should be the auto-generated text prior to '._domainkey.example.com' | string |
"" |
no |
| stripe_domainkey5 | Value to use for the fifth Stripe DKIM CNAME Record, this is given in the custom domain setup page. This should be the auto-generated text prior to '._domainkey.example.com' | string |
"" |
no |
| stripe_domainkey6 | Value to use for the sixth Stripe DKIM CNAME Record, this is given in the custom domain setup page. This should be the auto-generated text prior to '._domainkey.example.com' | string |
"" |
no |
| tags | Tags to apply to tag-able resources | map(string) |
{} |
no |
| ttl | The value to use in seconds for TTL of the DS records | number |
300 |
no |
| Name | Description |
|---|---|
| name | n/a |
| name_servers | n/a |
| zone_id | n/a |
