Exemple #1
0
def a_aaaa(__name__, **kwargs):
    assert 'type' not in kwargs
    if 'zone_id' not in kwargs:
        kwargs['zone_id'] = find_zone(kwargs['name'])
    a = route53.Record(f"{__name__}-a", type='A', **kwargs)
    aaaa = route53.Record(f"{__name__}-aaaa", type='AAAA', **kwargs)
    return a, aaaa
 def add_mx_record(self, zone: route53.Zone):
     """
     Adds MX record to route 53 zone for inbound emails
     """
     mx_record = route53.Record(
         resource_name=format_resource_name("mx-record"),
         name=self.domain_name,
         records=[f'10 inbound-smtp.{config.region}.amazonaws.com'],
         ttl=300,
         type="MX",
         zone_id=zone.zone_id)
     return mx_record
Exemple #3
0
def create_alias_record(alias_domain, distribution):
    zone_id = route53.get_zone(name=alias_domain).id
    return route53.Record(alias_domain,
                          name="",
                          zone_id=zone_id,
                          type='A',
                          aliases=[
                              route53.RecordAliasArgs(
                                  name=distribution.domain_name,
                                  zone_id=distribution.hosted_zone_id,
                                  evaluate_target_health=True,
                              )
                          ])
Exemple #4
0
def Certificate(self, name, domain, zone_id=None, __opts__=None):
    """
    Gets a TLS certifcate for the given domain, using ACM and DNS validation.

    This will be in us-east-1, suitable for CloudFront
    """
    cert = acm.Certificate(
        f"{name}-certificate",
        domain_name=domain,
        validation_method="DNS",
        **opts(parent=self),
    )

    if zone_id is None:
        zone_id = find_zone(domain).id

    # TOOD: Multiple DVOs
    dvo = cert.domain_validation_options[0]
    record = route53.Record(
        f"{name}-validation-record",
        name=dvo['resourceRecordName'],
        zone_id=zone_id,
        type=dvo['resourceRecordType'],
        records=[dvo['resourceRecordValue']],
        ttl=10*60,  # 10 minutes
        **opts(parent=self),
    )

    validation = acm.CertificateValidation(
        f"{name}-validation",
        certificate_arn=cert.arn,
        validation_record_fqdns=[record.fqdn],
        **opts(parent=self),
    )

    return {
        'cert': cert,
        'cert_arn': validation.certificate_arn,
    }
    def verify_domain(self, zone: route53.Zone):
        """
        Verifies the domain nam with SES
        """

        # Add TXT record to route53 zone to verify domain
        ses_domain = ses.DomainIdentity(
            resource_name=format_resource_name("domain-id"),
            domain=self.domain_name)

        ses_verification_record = route53.Record(
            resource_name=format_resource_name("verification-record"),
            name=pulumi.Output.concat('_amazonses.', ses_domain.id),
            records=[ses_domain.verification_token],
            ttl=600,
            type="TXT",
            zone_id=zone.zone_id)

        ses_domain_verification = ses.DomainIdentityVerification(
            resource_name=format_resource_name("domain-verification"),
            domain=ses_domain.id,
            opts=pulumi.ResourceOptions(depends_on=[ses_verification_record]))
        return ses_domain
Exemple #6
0
    def Record(self):

        resource_specs = ParseYAML(resource_type).getSpecs()

        for r53_record_name, r53_record_configuration in resource_specs[
                "record"].items():

            # Route53 Record Dynamic Variables
            resource_name = r53_record_name

            # Resetting all optional variables
            # with the default value None
            resource_record_type    = \
            resource_record_zone_id = \
            resource_record_target  = \
            resource_record_ttl     = None

            # Cheking the documents content, if present
            # we will be assigning their values to our variables,
            # otherwise we'll set them to None
            resource_record_type = r53_record_configuration[
                "type"] if "type" in r53_record_configuration else None
            resource_record_zone_type = r53_record_configuration[
                "zone_type"] if "zone_type" in r53_record_configuration else None
            resource_record_zone_id = r53_record_configuration[
                "zone_name"] if "zone_name" in r53_record_configuration else None
            resource_record_target = r53_record_configuration[
                "target"] if "target" in r53_record_configuration else None
            resource_record_ttl = r53_record_configuration[
                "ttl"] if "ttl" in r53_record_configuration else None

            # Check record value type
            for each_record_target_type, each_record_target_value in resource_record_target.items(
            ):

                # print(each_record_target_type)

                if each_record_target_type.lower() == "cname":
                    resource_record_value = each_record_target_value

                elif each_record_target_type.lower() == "a":
                    resource_record_value = each_record_target_value

                elif each_record_target_type.lower() == "eip":
                    resource_record_value = each_record_target_value

                elif each_record_target_type.lower() == "ec2":
                    resource_record_value = each_record_target_value

                elif each_record_target_type.lower() == "efs":
                    efs_dns = EFS.DNSName()
                    resource_record_target_name = efs_dns[str(
                        resource_record_target["efs"])]
                    resource_record_value = resource_record_target_name

            # Get ZoneId being Public or Private
            if resource_record_zone_type.lower() == "public":

                route53_zone_id = Route53.PublicZoneId()
                this_route53_zone_id = route53_zone_id[str(
                    resource_record_zone_id)]

            elif resource_record_zone_type.lower() == "private":

                route53_zone_id = Route53.PrivateZoneId()
                this_route53_zone_id = route53_zone_id[str(
                    resource_record_zone_id)]

            # Create Route53 Record
            route53_record = route53.Record(resource_name,
                                            name=resource_name,
                                            type=resource_record_type,
                                            zone_id=this_route53_zone_id,
                                            records=[resource_record_value],
                                            ttl=resource_record_ttl)

            pulumi.export(resource_name, [{
                "ID": route53_record.id,
                "FQDN": route53_record.fqdn
            }])

            route53_record_ids_dict.update(
                {route53_record._name: route53_record.id})
Exemple #7
0
    parent_domain = ".".join(names[1:])
    return (subdomain, parent_domain)


(subdomain, parent_domain) = get_domain_and_subdomain(domain_name)
# zone = route53.Zone("route53_zone", name=parent_domain)

# create ACM certificate
cert = acm.Certificate('certificate', domain_name=domain_name, validation_method='DNS')
domain_validation_options = cert.domain_validation_options[0]

# Create a DNS record to prove that we _own_ the domain we're requesting a certificate for.
cert_validation_dns_record = route53.Record(
    'cert-validation-record',
    name=domain_validation_options['resourceRecordName'],
    zone_id=dns_zone_id,
    type=domain_validation_options['resourceRecordType'],
    records=[domain_validation_options['resourceRecordValue']],
    ttl=600)

# This is a _special_ resource that waits for ACM to complete validation via the DNS record
# checking for a status of "ISSUED" on the certificate itself. No actual resources are
# created (or updated or deleted).
cert_validation_completion = acm.CertificateValidation('cert-validation-completion',
                                                       certificate_arn=cert.arn,
                                                       validation_record_fqdns=[cert_validation_dns_record.fqdn])

cert_arn = cert_validation_completion.certificate_arn

# Create S3 bucket that will contain the CDN's request logs.
log_bucket = s3.Bucket('cdn-log-bucket', acl='private')
    def __init__(
            self,
            name: str,
            stack: str,
            issue: str,
            zones: Dict[str, List[str]],
            viewer_certificate: config.ViewerCertificate,
            lambda_function_associations: [config.LambdaFunctionAssociation
                                           ] = None,
            logging_config: config.LoggingConfig = None,
            additional_buckets_mapping: Dict[str, str] = None,
            default_cache_behavior: config.CacheBehavior = None,
            custom_error_responses: List[config.CustomErrorResponse] = None,
            opts: pulumi.ResourceOptions = None):
        """
        Constructs a WebSite.
        :param stack: Stack name, prod or staging for example
        :param issue: Issue tracker ID
        :param additional_buckets_mapping: Map bucket to CloudFront origin path_pattern for example {"docs": "/docs/*"},
            cache behavior for additional origin will be copied from default_cache_behavior
        :param logging_config: CloudFrond S3 bucket for logging configuration
        :param zones: Map of zone_id: to domains names, for example {'12345ABCDE': ['example.com', 'www.example.com']}
            zone_id will use to create DNS alias to CloudFront Distribution
        :param default_cache_behavior: Default cache behavior configuration
        """
        super().__init__('WebSite', name, None, opts)
        self.name = name
        self.stack = stack
        self.issue = issue
        self.zones = zones
        self.logging_config = logging_config
        self.viewer_certificate = viewer_certificate
        self.tags = {
            'website': f'{self.name}-{self.stack}',
            'stack': self.stack,
            'issue': self.issue,
        }

        self.aliases = []
        for _, domains_list in self.zones.items():
            self.aliases += domains_list

        if default_cache_behavior is None:
            behavior = config.CacheBehavior()
            behavior.allowed_methods = ['GET', 'HEAD']
            behavior.cached_methods = ['GET', 'HEAD']
            behavior.compress = True
            behavior.forwarded_values_cookies = 'none'
            behavior.forwarded_values_headers = None
            behavior.forwarded_values_query_string = True
            behavior.path_pattern = None
            behavior.min_ttl = 0
            behavior.default_ttl = 3600
            behavior.max_ttl = 86400
            behavior.target_origin_id = DEFAULT_ORIGIN_ID
            behavior.viewer_protocol_policy = config.VIEWER_PROTOCOL_POLICY_REDIRECT_TO_HTTPS
            behavior.lambda_function_associations = []
            self.default_cache_behavior = behavior
        else:
            self.default_cache_behavior = default_cache_behavior

        if lambda_function_associations is None:
            self.lambda_function_associations = []
        else:
            self.lambda_function_associations = lambda_function_associations

        if custom_error_responses is None:
            self.custom_error_responses = []
        else:
            self.custom_error_responses = custom_error_responses

        oai = cloudfront.OriginAccessIdentity(
            f'website-{self.name}-{self.stack}-origin-access-identity',
            opts=pulumi.ResourceOptions(parent=self))

        self.default_bucket = self._create_bucket('default', oai)
        default_origin = config.Origin(
            domain_name=self.default_bucket.bucket_regional_domain_name,
            origin_id=pulumi.Output.from_input(DEFAULT_ORIGIN_ID),
            s3_origin_access_identity=oai.cloudfront_access_identity_path)

        self.cache_behaviors = []
        self.origins = [default_origin]

        if additional_buckets_mapping is not None:
            for b, path in additional_buckets_mapping.items():
                bucket = self._create_bucket(b, oai)
                cb = deepcopy(self.default_cache_behavior)
                cb.lambda_function_associations = self.lambda_function_associations
                cb.path_pattern = path
                cb.target_origin_id = bucket.id
                self.cache_behaviors.append(cb)
                self.origins.append(
                    config.Origin(
                        domain_name=bucket.bucket_regional_domain_name,
                        origin_id=bucket.id,
                        s3_origin_access_identity=oai.
                        cloudfront_access_identity_path))

        self.default_cache_behavior.lambda_function_associations = self.lambda_function_associations
        self._create_cloudfront()
        record_aliases = [{
            'evaluateTargetHealth': False,
            'name': self.distribution.domain_name,
            'zone_id': self.distribution.hosted_zone_id,
        }]
        i = 0
        for zone_id, domains_list in self.zones.items():
            for name in domains_list:
                route53.Record(f'{name}-record-{i}',
                               zone_id=zone_id,
                               type='A',
                               name=name,
                               aliases=record_aliases,
                               opts=pulumi.ResourceOptions(parent=self))
                i += 1