github.com/telepresenceio/telepresence/v2@v2.20.0-pro.6.0.20240517030216-236ea954e789/test-infra/aws-vpn/dns.tf (about) 1 data "aws_route53_zone" "parent_dns_zone" { 2 name = var.parent_domain 3 } 4 5 6 resource "aws_route53_zone" "child_dns_zone" { 7 name = "${var.child_subdomain}.${data.aws_route53_zone.parent_dns_zone.name}" 8 comment = var.child_subdomain_comment 9 10 tags = local.global_tags 11 } 12 13 resource "aws_route53_record" "child_dns_route" { 14 zone_id = data.aws_route53_zone.parent_dns_zone.id 15 name = var.child_subdomain 16 type = "NS" 17 ttl = 3600 18 records = aws_route53_zone.child_dns_zone.name_servers 19 } 20 21 resource "aws_acm_certificate" "vpn_server" { 22 domain_name = "${local.prefix}gateway.${aws_route53_zone.child_dns_zone.name}" 23 validation_method = "DNS" 24 25 tags = local.global_tags 26 27 lifecycle { 28 create_before_destroy = true 29 } 30 } 31 32 resource "aws_route53_record" "vpn_record" { 33 for_each = { 34 for dvo in aws_acm_certificate.vpn_server.domain_validation_options : dvo.domain_name => { 35 name = dvo.resource_record_name 36 record = dvo.resource_record_value 37 type = dvo.resource_record_type 38 } 39 } 40 41 allow_overwrite = true 42 name = each.value.name 43 records = [each.value.record] 44 ttl = 60 45 type = each.value.type 46 zone_id = aws_route53_zone.child_dns_zone.zone_id 47 } 48 49 resource "aws_acm_certificate_validation" "vpn_server" { 50 certificate_arn = aws_acm_certificate.vpn_server.arn 51 52 depends_on = [ 53 aws_route53_record.vpn_record, 54 aws_route53_record.child_dns_route, 55 ] 56 57 timeouts { 58 create = "10m" 59 } 60 }