diff --git a/alinka_website.tf b/alinka_website.tf deleted file mode 100644 index 579f2d4..0000000 --- a/alinka_website.tf +++ /dev/null @@ -1,26 +0,0 @@ -resource "aws_route53_zone" "alinka_website" { - name = "alinka.io" -} - -resource "aws_route53_record" "ns_alinka_website" { - zone_id = aws_route53_zone.alinka_website.zone_id - name = aws_route53_zone.alinka_website.name - type = "NS" - ttl = "172800" - records = [ - "${aws_route53_zone.alinka_website.name_servers.0}.", - "${aws_route53_zone.alinka_website.name_servers.1}.", - "${aws_route53_zone.alinka_website.name_servers.2}.", - "${aws_route53_zone.alinka_website.name_servers.3}.", - ] -} - -resource "aws_route53_record" "soa_alinka_website" { - zone_id = aws_route53_zone.alinka_website.zone_id - name = aws_route53_zone.alinka_website.name - type = "SOA" - ttl = "900" - records = [ - "ns-1143.awsdns-14.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400", - ] -} diff --git a/codeforpoznan_pl.tf b/codeforpoznan_pl.tf deleted file mode 100644 index afd8a87..0000000 --- a/codeforpoznan_pl.tf +++ /dev/null @@ -1,200 +0,0 @@ -resource "aws_route53_zone" "codeforpoznan_pl" { - name = "codeforpoznan.pl" -} - -resource "aws_route53_record" "ns_codeforpoznan_pl" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = aws_route53_zone.codeforpoznan_pl.name - type = "NS" - ttl = "172800" - records = [ - "${aws_route53_zone.codeforpoznan_pl.name_servers.0}.", - "${aws_route53_zone.codeforpoznan_pl.name_servers.1}.", - "${aws_route53_zone.codeforpoznan_pl.name_servers.2}.", - "${aws_route53_zone.codeforpoznan_pl.name_servers.3}.", - ] -} - -resource "aws_route53_record" "soa_codeforpoznan_pl" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = aws_route53_zone.codeforpoznan_pl.name - type = "SOA" - ttl = "900" - records = [ - "ns-1211.awsdns-23.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400", - ] -} - -resource "aws_route53_record" "mx_codeforpoznan_pl" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = aws_route53_zone.codeforpoznan_pl.name - type = "MX" - ttl = "300" - records = [ - "1 aspmx.l.google.com.", - "10 alt3.aspmx.l.google.com.", - "10 alt4.aspmx.l.google.com.", - "5 alt1.aspmx.l.google.com.", - "5 alt2.aspmx.l.google.com.", - ] -} - -resource "aws_route53_record" "txt_codeforpoznan_pl" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = aws_route53_zone.codeforpoznan_pl.name - type = "TXT" - ttl = "300" - records = [ - # https://support.google.com/a/answer/6149686?hl=en&ref_topic=4487770 - "google-site-verification=vEPDPgTFVgeXWQz0ty-fgtOEKowH44Ko8MtyDHTUHRc", - - # https://support.google.com/a/answer/60764 - # https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html - "v=spf1 include:_spf.google.com include:amazonses.com ~all", - ] -} - -# https://github.com/CodeForPoznan/Community/issues/72 -resource "aws_route53_record" "txt_github_codeforpoznan_pl" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = "_github-challenge-CodeForPoznan-organization.codeforpoznan.pl" - type = "TXT" - ttl = "300" - records = [ - "c929b5936d" - ] -} - -# https://support.google.com/a/answer/174126 -resource "aws_route53_record" "dkim_google" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = "google._domainkey.codeforpoznan.pl" - type = "TXT" - ttl = "300" - records = [ - "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnscwqK6IZsq+HPxYzLD46THJ/LYD5Pocv67zg2QJYW040zgAkDVAyYaBgNtS6mNkifWgQtpcMn5x0DfjezBf8rzPUmbXP54TjVwgc8JEqa4d5RUDO6JCvE046KNWdHMmKpia/wm2sAS80cX\"\"9+jD8eVoOkQBT01Dt8TJsisrC5gvncNpFHk1Hl254fHc/njn7opWMTMIu1i9xSzjtttR37SnxCtI7xKecG7MtjFHpG5W98C8EefI71t5BKve+AmirGVSrNyedraVbX9JQ8S0tCwnM27+/KqFDpalV9smKkBY/m/Aewm1m7OJHnqxiwDW6/w8f3CjU1dbF/LLSYABnOQIDAQAB", - ] -} - -# https://support.google.com/a/answer/2466563 -resource "aws_route53_record" "dmarc" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = "_dmarc.codeforpoznan.pl" - type = "TXT" - ttl = "300" - records = [ - "v=DMARC1; p=reject" - ] -} - -# That's not working properly right now, will be fixed in CodeForPoznan/Infrastructure#51 -resource "aws_route53_record" "www_codeforpoznan_pl" { - zone_id = aws_route53_zone.codeforpoznan_pl.zone_id - name = "www.codeforpoznan.pl." - type = "CNAME" - ttl = "300" - records = [ - "codeforpoznan.pl.", - ] -} - -module "codeforpoznan_pl_ssl_certificate" { - source = "./ssl_certificate" - - domain = "codeforpoznan.pl" - route53_zone = aws_route53_zone.codeforpoznan_pl - - providers = { - aws = aws.north_virginia - } -} - -module "codeforpoznan_pl_mailing_identity" { - source = "./mailing_identity" - - domain = "codeforpoznan.pl" - route53_zone = aws_route53_zone.codeforpoznan_pl -} - -// shared public bucket (we will push here all static assets in separate directories) -resource "aws_s3_bucket" "codeforpoznan_public" { - bucket = "codeforpoznan-public" - - lifecycle { - ignore_changes = [ - cors_rule, - ] - } -} - -resource "aws_s3_bucket_cors_configuration" "codeforpoznan_public_cors" { - bucket = aws_s3_bucket.codeforpoznan_public.bucket - - cors_rule { - allowed_methods = ["GET", "HEAD"] - allowed_origins = ["*"] - } -} - -data "aws_iam_policy_document" "codeforpoznan_public_policy" { - version = "2012-10-17" - - statement { - sid = "PublicListBucket" - effect = "Allow" - principals { - identifiers = ["*"] - type = "*" - } - actions = ["s3:ListBucket"] - resources = ["arn:aws:s3:::codeforpoznan-public"] - } - - statement { - sid = "PublicGetObject" - effect = "Allow" - principals { - identifiers = ["*"] - type = "*" - } - actions = ["s3:GetObject"] - resources = ["arn:aws:s3:::codeforpoznan-public/*"] - } -} - -resource "aws_s3_bucket_policy" "codeforpoznan_public_policy" { - bucket = aws_s3_bucket.codeforpoznan_public.bucket - policy = data.aws_iam_policy_document.codeforpoznan_public_policy.json -} - -// shared private bucket for storing zipped projects and lambdas code -resource "aws_s3_bucket" "codeforpoznan_lambdas" { - bucket = "codeforpoznan-lambdas" - - lifecycle { - ignore_changes = [ - grant, - ] - } -} - -resource "aws_s3_bucket_acl" "codeforpoznan_lambdas_acl" { - bucket = aws_s3_bucket.codeforpoznan_lambdas.bucket - acl = "private" -} - -// shared private bucket for storing terraform state in one place -resource "aws_s3_bucket" "codeforpoznan_tfstate" { - bucket = "codeforpoznan-tfstate" - - lifecycle { - ignore_changes = [ - grant, - ] - } -} - -resource "aws_s3_bucket_acl" "codeforpoznan_tfstate_acl" { - bucket = aws_s3_bucket.codeforpoznan_tfstate.id - acl = "private" -} diff --git a/codeforpoznan_pl_v2.tf b/codeforpoznan_pl_v2.tf new file mode 100644 index 0000000..49546fb --- /dev/null +++ b/codeforpoznan_pl_v2.tf @@ -0,0 +1,111 @@ +# That's not working properly right now, will be fixed in CodeForPoznan/Infrastructure#51 +resource "aws_route53_record" "www_codeforpoznan_pl" { + zone_id = aws_route53_zone.codeforpoznan_pl.zone_id + name = "www.codeforpoznan.pl." + type = "CNAME" + ttl = "300" + records = [ + "codeforpoznan.pl.", + ] +} + +module "codeforpoznan_pl_ssl_certificate" { + source = "./ssl_certificate" + + domain = "codeforpoznan.pl" + route53_zone = aws_route53_zone.codeforpoznan_pl + + providers = { + aws = aws.north_virginia + } +} + +module "codeforpoznan_pl_mailing_identity" { + source = "./mailing_identity" + + domain = "codeforpoznan.pl" + route53_zone = aws_route53_zone.codeforpoznan_pl +} + +// shared public bucket (we will push here all static assets in separate directories) +resource "aws_s3_bucket" "codeforpoznan_public" { + bucket = "codeforpoznan-public" + + lifecycle { + ignore_changes = [ + cors_rule, + ] + } +} + +resource "aws_s3_bucket_cors_configuration" "codeforpoznan_public_cors" { + bucket = aws_s3_bucket.codeforpoznan_public.bucket + + cors_rule { + allowed_methods = ["GET", "HEAD"] + allowed_origins = ["*"] + } +} + +data "aws_iam_policy_document" "codeforpoznan_public_policy" { + version = "2012-10-17" + + statement { + sid = "PublicListBucket" + effect = "Allow" + principals { + identifiers = ["*"] + type = "*" + } + actions = ["s3:ListBucket"] + resources = ["arn:aws:s3:::codeforpoznan-public"] + } + + statement { + sid = "PublicGetObject" + effect = "Allow" + principals { + identifiers = ["*"] + type = "*" + } + actions = ["s3:GetObject"] + resources = ["arn:aws:s3:::codeforpoznan-public/*"] + } +} + +resource "aws_s3_bucket_policy" "codeforpoznan_public_policy" { + bucket = aws_s3_bucket.codeforpoznan_public.bucket + policy = data.aws_iam_policy_document.codeforpoznan_public_policy.json +} + +// shared private bucket for storing zipped projects and lambdas code +resource "aws_s3_bucket" "codeforpoznan_lambdas" { + bucket = "codeforpoznan-lambdas" + + lifecycle { + ignore_changes = [ + grant, + ] + } +} + +resource "aws_s3_bucket_acl" "codeforpoznan_lambdas_acl" { + bucket = aws_s3_bucket.codeforpoznan_lambdas.bucket + acl = "private" +} + +// shared private bucket for storing terraform state in one place +resource "aws_s3_bucket" "codeforpoznan_tfstate" { + bucket = "codeforpoznan-tfstate" + + lifecycle { + ignore_changes = [ + grant, + ] + } +} + +resource "aws_s3_bucket_acl" "codeforpoznan_tfstate_acl" { + bucket = aws_s3_bucket.codeforpoznan_tfstate.id + acl = "private" +} diff --git a/dev_alinka_website.tf b/dev_alinka_website.tf index f012bd3..08f56ad 100644 --- a/dev_alinka_website.tf +++ b/dev_alinka_website.tf @@ -8,7 +8,7 @@ module "dev_alinka_website_ssl_certificate" { source = "./ssl_certificate" domain = "dev.alinka.io" - route53_zone = aws_route53_zone.alinka_website + route53_zone = aws_route53_zone.alinka_io providers = { aws = aws.north_virginia @@ -29,7 +29,7 @@ module "dev_alinka_website_cloudfront_distribution" { name = "dev_alinka_website" domain = "dev.alinka.io" s3_bucket = aws_s3_bucket.codeforpoznan_public - route53_zone = aws_route53_zone.alinka_website + route53_zone = aws_route53_zone.alinka_io iam_user = module.dev_alinka_website_user.user acm_certificate = module.dev_alinka_website_ssl_certificate.certificate diff --git a/domains-alinka.io.tf b/domains-alinka.io.tf new file mode 100644 index 0000000..f23aff9 --- /dev/null +++ b/domains-alinka.io.tf @@ -0,0 +1,25 @@ +// Domain registered in OVH by magul +resource "aws_route53_zone" "alinka_io" { + name = "alinka.io" +} + +moved { + from = aws_route53_zone.alinka_website + to = aws_route53_zone.alinka_io +} + +removed { + from = aws_route53_record.ns_alinka_website + + lifecycle { + destroy = false + } +} + +removed { + from = aws_route53_record.soa_alinka_website + + lifecycle { + destroy = false + } +} diff --git a/domains-bankempatii.pl.tf b/domains-bankempatii.pl.tf new file mode 100644 index 0000000..ad52a99 --- /dev/null +++ b/domains-bankempatii.pl.tf @@ -0,0 +1,25 @@ +// Domain registered in OVH by magul +resource "aws_route53_zone" "bankempatii_pl" { + name = "bankempatii.pl" +} + +moved { + from = aws_route53_zone.empatia + to = aws_route53_zone.bankempatii_pl +} + +removed { + from = aws_route53_record.ns_empatia + + lifecycle { + destroy = false + } +} + +removed { + from = aws_route53_record.soa_empatia + + lifecycle { + destroy = false + } +} diff --git a/domains-codefor.pl.tf b/domains-codefor.pl.tf new file mode 100644 index 0000000..f7ea8ce --- /dev/null +++ b/domains-codefor.pl.tf @@ -0,0 +1,30 @@ +// Domain registered in OVH by magul +resource "aws_route53_zone" "codefor_pl" { + name = "codefor.pl" +} + +resource "aws_route53_record" "mx_codefor_pl" { + zone_id = aws_route53_zone.codefor_pl.zone_id + name = aws_route53_zone.codefor_pl.name + type = "MX" + ttl = "300" + records = [ + "1 aspmx.l.google.com.", + "10 aspmx2.googlemail.com.", + "10 aspmx3.googlemail.com.", + "5 alt1.aspmx.l.google.com.", + "5 alt2.aspmx.l.google.com.", + ] +} + + +resource "aws_route53_record" "txt_codefor_pl" { + zone_id = aws_route53_zone.codefor_pl.zone_id + name = aws_route53_zone.codefor_pl.name + type = "TXT" + ttl = "300" + records = [ + # https://support.google.com/a/answer/6149686?hl=en&ref_topic=4487770 + "google-site-verification=M4OHmWlfMmlVgWYnR7Z7AzwvYkcrVEhRZLgsuURL9DI", + ] +} diff --git a/domains-codeforpoznan.pl.tf b/domains-codeforpoznan.pl.tf new file mode 100644 index 0000000..70a0951 --- /dev/null +++ b/domains-codeforpoznan.pl.tf @@ -0,0 +1,92 @@ +// Domain registered in OVH by magul +resource "aws_route53_zone" "codeforpoznan_pl" { + name = "codeforpoznan.pl" +} + +removed { + from = aws_route53_record.ns_codeforpoznan_pl + + lifecycle { + destroy = false + } +} + +removed { + from = aws_route53_record.soa_codeforpoznan_pl + + lifecycle { + destroy = false + } +} + +resource "aws_route53_record" "mx_codeforpoznan_pl" { + zone_id = aws_route53_zone.codeforpoznan_pl.zone_id + name = aws_route53_zone.codeforpoznan_pl.name + type = "MX" + ttl = "300" + records = [ + "1 aspmx.l.google.com.", + "10 alt3.aspmx.l.google.com.", + "10 alt4.aspmx.l.google.com.", + "5 alt1.aspmx.l.google.com.", + "5 alt2.aspmx.l.google.com.", + ] +} + +resource "aws_route53_record" "txt_codeforpoznan_pl" { + zone_id = aws_route53_zone.codeforpoznan_pl.zone_id + name = aws_route53_zone.codeforpoznan_pl.name + type = "TXT" + ttl = "300" + records = [ + # https://support.google.com/a/answer/6149686?hl=en&ref_topic=4487770 + "google-site-verification=vEPDPgTFVgeXWQz0ty-fgtOEKowH44Ko8MtyDHTUHRc", + + # https://support.google.com/a/answer/60764 + # https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html + "v=spf1 include:_spf.google.com include:amazonses.com ~all", + ] +} + +# https://github.com/CodeForPoznan/Community/issues/72 +resource "aws_route53_record" "txt_github_codeforpoznan_pl" { + zone_id = aws_route53_zone.codeforpoznan_pl.zone_id + name = "_github-challenge-CodeForPoznan-organization.codeforpoznan.pl" + type = "TXT" + ttl = "300" + records = [ + "c929b5936d" + ] +} + +moved { + from = aws_route53_record.dkim_google + to = aws_route53_record.dkim_google_codeforpoznan_pl +} + +# https://support.google.com/a/answer/174126 +resource "aws_route53_record" "dkim_google_codeforpoznan_pl" { + zone_id = aws_route53_zone.codeforpoznan_pl.zone_id + name = "google._domainkey.codeforpoznan.pl" + type = "TXT" + ttl = "300" + records = [ + "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnscwqK6IZsq+HPxYzLD46THJ/LYD5Pocv67zg2QJYW040zgAkDVAyYaBgNtS6mNkifWgQtpcMn5x0DfjezBf8rzPUmbXP54TjVwgc8JEqa4d5RUDO6JCvE046KNWdHMmKpia/wm2sAS80cX\"\"9+jD8eVoOkQBT01Dt8TJsisrC5gvncNpFHk1Hl254fHc/njn7opWMTMIu1i9xSzjtttR37SnxCtI7xKecG7MtjFHpG5W98C8EefI71t5BKve+AmirGVSrNyedraVbX9JQ8S0tCwnM27+/KqFDpalV9smKkBY/m/Aewm1m7OJHnqxiwDW6/w8f3CjU1dbF/LLSYABnOQIDAQAB", + ] +} + +moved { + from = aws_route53_record.dmarc + to = aws_route53_record.dmarc_codeforpoznan_pl +} + +# https://support.google.com/a/answer/2466563 +resource "aws_route53_record" "dmarc_codeforpoznan_pl" { + zone_id = aws_route53_zone.codeforpoznan_pl.zone_id + name = "_dmarc.codeforpoznan.pl" + type = "TXT" + ttl = "300" + records = [ + "v=DMARC1; p=reject" + ] +} diff --git a/empatia.tf b/empatia.tf index 7346007..b8b5cf0 100644 --- a/empatia.tf +++ b/empatia.tf @@ -4,38 +4,11 @@ module "empatia_user" { name = "empatia" } -resource "aws_route53_zone" "empatia" { - name = "bankempatii.pl" -} - -resource "aws_route53_record" "ns_empatia" { - zone_id = aws_route53_zone.empatia.zone_id - name = aws_route53_zone.empatia.name - type = "NS" - ttl = "172800" - records = [ - "${aws_route53_zone.empatia.name_servers.0}.", - "${aws_route53_zone.empatia.name_servers.1}.", - "${aws_route53_zone.empatia.name_servers.2}.", - "${aws_route53_zone.empatia.name_servers.3}.", - ] -} - -resource "aws_route53_record" "soa_empatia" { - zone_id = aws_route53_zone.empatia.zone_id - name = aws_route53_zone.empatia.name - type = "SOA" - ttl = "900" - records = [ - "ns-1596.awsdns-07.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400", - ] -} - module "empatia_ssl_certificate" { source = "./ssl_certificate" domain = "bankempatii.pl" - route53_zone = aws_route53_zone.empatia + route53_zone = aws_route53_zone.bankempatii_pl providers = { aws = aws.north_virginia @@ -56,7 +29,7 @@ module "empatia_cloudfront_distribution" { name = "empatia" domain = "bankempatii.pl" s3_bucket = aws_s3_bucket.codeforpoznan_public - route53_zone = aws_route53_zone.empatia + route53_zone = aws_route53_zone.bankempatii_pl iam_user = module.empatia_user.user acm_certificate = module.empatia_ssl_certificate.certificate