def a_aaaa(__name__, **kwargs):
assert 'type' not in kwargs
if 'zone_id' not in kwargs:
kwargs['zone_id'] = find_zone(kwargs['name'])
a = route53.Record(f"{__name__}-a", type='A', **kwargs)
aaaa = route53.Record(f"{__name__}-aaaa", type='AAAA', **kwargs)
return a, aaaa
def add_mx_record(self, zone: route53.Zone):
"""
Adds MX record to route 53 zone for inbound emails
"""
mx_record = route53.Record(
resource_name=format_resource_name("mx-record"),
name=self.domain_name,
records=[f'10 inbound-smtp.{config.region}.amazonaws.com'],
ttl=300,
type="MX",
zone_id=zone.zone_id)
return mx_record
def create_alias_record(alias_domain, distribution):
zone_id = route53.get_zone(name=alias_domain).id
return route53.Record(alias_domain,
name="",
zone_id=zone_id,
type='A',
aliases=[
route53.RecordAliasArgs(
name=distribution.domain_name,
zone_id=distribution.hosted_zone_id,
evaluate_target_health=True,
)
])
def Certificate(self, name, domain, zone_id=None, __opts__=None):
"""
Gets a TLS certifcate for the given domain, using ACM and DNS validation.
This will be in us-east-1, suitable for CloudFront
"""
cert = acm.Certificate(
f"{name}-certificate",
domain_name=domain,
validation_method="DNS",
**opts(parent=self),
)
if zone_id is None:
zone_id = find_zone(domain).id
# TOOD: Multiple DVOs
dvo = cert.domain_validation_options[0]
record = route53.Record(
f"{name}-validation-record",
name=dvo['resourceRecordName'],
zone_id=zone_id,
type=dvo['resourceRecordType'],
records=[dvo['resourceRecordValue']],
ttl=10*60, # 10 minutes
**opts(parent=self),
)
validation = acm.CertificateValidation(
f"{name}-validation",
certificate_arn=cert.arn,
validation_record_fqdns=[record.fqdn],
**opts(parent=self),
)
return {
'cert': cert,
'cert_arn': validation.certificate_arn,
}
def verify_domain(self, zone: route53.Zone):
"""
Verifies the domain nam with SES
"""
# Add TXT record to route53 zone to verify domain
ses_domain = ses.DomainIdentity(
resource_name=format_resource_name("domain-id"),
domain=self.domain_name)
ses_verification_record = route53.Record(
resource_name=format_resource_name("verification-record"),
name=pulumi.Output.concat('_amazonses.', ses_domain.id),
records=[ses_domain.verification_token],
ttl=600,
type="TXT",
zone_id=zone.zone_id)
ses_domain_verification = ses.DomainIdentityVerification(
resource_name=format_resource_name("domain-verification"),
domain=ses_domain.id,
opts=pulumi.ResourceOptions(depends_on=[ses_verification_record]))
return ses_domain
def Record(self):
resource_specs = ParseYAML(resource_type).getSpecs()
for r53_record_name, r53_record_configuration in resource_specs[
"record"].items():
# Route53 Record Dynamic Variables
resource_name = r53_record_name
# Resetting all optional variables
# with the default value None
resource_record_type = \
resource_record_zone_id = \
resource_record_target = \
resource_record_ttl = None
# Cheking the documents content, if present
# we will be assigning their values to our variables,
# otherwise we'll set them to None
resource_record_type = r53_record_configuration[
"type"] if "type" in r53_record_configuration else None
resource_record_zone_type = r53_record_configuration[
"zone_type"] if "zone_type" in r53_record_configuration else None
resource_record_zone_id = r53_record_configuration[
"zone_name"] if "zone_name" in r53_record_configuration else None
resource_record_target = r53_record_configuration[
"target"] if "target" in r53_record_configuration else None
resource_record_ttl = r53_record_configuration[
"ttl"] if "ttl" in r53_record_configuration else None
# Check record value type
for each_record_target_type, each_record_target_value in resource_record_target.items(
):
# print(each_record_target_type)
if each_record_target_type.lower() == "cname":
resource_record_value = each_record_target_value
elif each_record_target_type.lower() == "a":
resource_record_value = each_record_target_value
elif each_record_target_type.lower() == "eip":
resource_record_value = each_record_target_value
elif each_record_target_type.lower() == "ec2":
resource_record_value = each_record_target_value
elif each_record_target_type.lower() == "efs":
efs_dns = EFS.DNSName()
resource_record_target_name = efs_dns[str(
resource_record_target["efs"])]
resource_record_value = resource_record_target_name
# Get ZoneId being Public or Private
if resource_record_zone_type.lower() == "public":
route53_zone_id = Route53.PublicZoneId()
this_route53_zone_id = route53_zone_id[str(
resource_record_zone_id)]
elif resource_record_zone_type.lower() == "private":
route53_zone_id = Route53.PrivateZoneId()
this_route53_zone_id = route53_zone_id[str(
resource_record_zone_id)]
# Create Route53 Record
route53_record = route53.Record(resource_name,
name=resource_name,
type=resource_record_type,
zone_id=this_route53_zone_id,
records=[resource_record_value],
ttl=resource_record_ttl)
pulumi.export(resource_name, [{
"ID": route53_record.id,
"FQDN": route53_record.fqdn
}])
route53_record_ids_dict.update(
{route53_record._name: route53_record.id})
parent_domain = ".".join(names[1:])
return (subdomain, parent_domain)
(subdomain, parent_domain) = get_domain_and_subdomain(domain_name)
# zone = route53.Zone("route53_zone", name=parent_domain)
# create ACM certificate
cert = acm.Certificate('certificate', domain_name=domain_name, validation_method='DNS')
domain_validation_options = cert.domain_validation_options[0]
# Create a DNS record to prove that we _own_ the domain we're requesting a certificate for.
cert_validation_dns_record = route53.Record(
'cert-validation-record',
name=domain_validation_options['resourceRecordName'],
zone_id=dns_zone_id,
type=domain_validation_options['resourceRecordType'],
records=[domain_validation_options['resourceRecordValue']],
ttl=600)
# This is a _special_ resource that waits for ACM to complete validation via the DNS record
# checking for a status of "ISSUED" on the certificate itself. No actual resources are
# created (or updated or deleted).
cert_validation_completion = acm.CertificateValidation('cert-validation-completion',
certificate_arn=cert.arn,
validation_record_fqdns=[cert_validation_dns_record.fqdn])
cert_arn = cert_validation_completion.certificate_arn
# Create S3 bucket that will contain the CDN's request logs.
log_bucket = s3.Bucket('cdn-log-bucket', acl='private')
def __init__(
self,
name: str,
stack: str,
issue: str,
zones: Dict[str, List[str]],
viewer_certificate: config.ViewerCertificate,
lambda_function_associations: [config.LambdaFunctionAssociation
] = None,
logging_config: config.LoggingConfig = None,
additional_buckets_mapping: Dict[str, str] = None,
default_cache_behavior: config.CacheBehavior = None,
custom_error_responses: List[config.CustomErrorResponse] = None,
opts: pulumi.ResourceOptions = None):
"""
Constructs a WebSite.
:param stack: Stack name, prod or staging for example
:param issue: Issue tracker ID
:param additional_buckets_mapping: Map bucket to CloudFront origin path_pattern for example {"docs": "/docs/*"},
cache behavior for additional origin will be copied from default_cache_behavior
:param logging_config: CloudFrond S3 bucket for logging configuration
:param zones: Map of zone_id: to domains names, for example {'12345ABCDE': ['example.com', 'www.example.com']}
zone_id will use to create DNS alias to CloudFront Distribution
:param default_cache_behavior: Default cache behavior configuration
"""
super().__init__('WebSite', name, None, opts)
self.name = name
self.stack = stack
self.issue = issue
self.zones = zones
self.logging_config = logging_config
self.viewer_certificate = viewer_certificate
self.tags = {
'website': f'{self.name}-{self.stack}',
'stack': self.stack,
'issue': self.issue,
}
self.aliases = []
for _, domains_list in self.zones.items():
self.aliases += domains_list
if default_cache_behavior is None:
behavior = config.CacheBehavior()
behavior.allowed_methods = ['GET', 'HEAD']
behavior.cached_methods = ['GET', 'HEAD']
behavior.compress = True
behavior.forwarded_values_cookies = 'none'
behavior.forwarded_values_headers = None
behavior.forwarded_values_query_string = True
behavior.path_pattern = None
behavior.min_ttl = 0
behavior.default_ttl = 3600
behavior.max_ttl = 86400
behavior.target_origin_id = DEFAULT_ORIGIN_ID
behavior.viewer_protocol_policy = config.VIEWER_PROTOCOL_POLICY_REDIRECT_TO_HTTPS
behavior.lambda_function_associations = []
self.default_cache_behavior = behavior
else:
self.default_cache_behavior = default_cache_behavior
if lambda_function_associations is None:
self.lambda_function_associations = []
else:
self.lambda_function_associations = lambda_function_associations
if custom_error_responses is None:
self.custom_error_responses = []
else:
self.custom_error_responses = custom_error_responses
oai = cloudfront.OriginAccessIdentity(
f'website-{self.name}-{self.stack}-origin-access-identity',
opts=pulumi.ResourceOptions(parent=self))
self.default_bucket = self._create_bucket('default', oai)
default_origin = config.Origin(
domain_name=self.default_bucket.bucket_regional_domain_name,
origin_id=pulumi.Output.from_input(DEFAULT_ORIGIN_ID),
s3_origin_access_identity=oai.cloudfront_access_identity_path)
self.cache_behaviors = []
self.origins = [default_origin]
if additional_buckets_mapping is not None:
for b, path in additional_buckets_mapping.items():
bucket = self._create_bucket(b, oai)
cb = deepcopy(self.default_cache_behavior)
cb.lambda_function_associations = self.lambda_function_associations
cb.path_pattern = path
cb.target_origin_id = bucket.id
self.cache_behaviors.append(cb)
self.origins.append(
config.Origin(
domain_name=bucket.bucket_regional_domain_name,
origin_id=bucket.id,
s3_origin_access_identity=oai.
cloudfront_access_identity_path))
self.default_cache_behavior.lambda_function_associations = self.lambda_function_associations
self._create_cloudfront()
record_aliases = [{
'evaluateTargetHealth': False,
'name': self.distribution.domain_name,
'zone_id': self.distribution.hosted_zone_id,
}]
i = 0
for zone_id, domains_list in self.zones.items():
for name in domains_list:
route53.Record(f'{name}-record-{i}',
zone_id=zone_id,
type='A',
name=name,
aliases=record_aliases,
opts=pulumi.ResourceOptions(parent=self))
i += 1