magnificent-soccer-44287
11/01/2023, 10:15 AMconst rootZone = new aws.route53.Zone(tldName, {
name: tldName,
comment: 'HostedZone created by Route53 Registrar'
}, {
import: tldZoneId
});
const allowedTargetArns = [
rootZone.arn
]
const allowedActions = [
"route53:ChangeResourceRecordSets",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:GetChange",
"route53:GetHostedZone",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53:UpdateHostedZoneComment"
]
const allowedSourceArns = adminStack.getOutput('crossAccountPermissionPolicyTargets');
const crossAccountAccessRole = new aws.iam.Role(pre('cross-acct-role'), {
assumeRolePolicy: allowedSourceArns.apply(sourceArns => {
return JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: {
AWS: sourceArns
},
Action: "sts:AssumeRole"
}]
})
})});
const crossAccountAccessPolicy = new aws.iam.Policy(pre('cross-acct-policy'), {
policy: pulumi.all(allowedTargetArns).apply(targetArns => {
return JSON.stringify({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": allowedActions,
"Resource": targetArns
}
]
})
})
});
const policyAttachment = new aws.iam.RolePolicyAttachment(pre('cross-acct-attach'), {
role: crossAccountAccessRole.name,
policyArn: crossAccountAccessPolicy.arn
});
const rootZone = new aws.route53.Zone(pre('dns-zone'), {
name: tldName,
comment: 'HostedZone created by Route53 Registrar'
}, rootZoneArn.apply(zoneArn => {
return { import: zoneArn, provider: sharedAccountProvider }
}) as unknown as { import: string, provider: aws.Provider });
if (!subDomainName) { // If it's the TLD, add an A record to our ALB and we're done!
const aliasRecord = new aws.route53.Record(pre('dns-alias'), {
name: tldName, // Replace with your domain/subdomain
type: "A",
zoneId: rootZone.id,
aliases: [{
name: applicationLoadBalancer.loadBalancer.dnsName,
zoneId: applicationLoadBalancer.loadBalancer.zoneId,
evaluateTargetHealth: true,
}],
}, );
} else {
const subDomainZone = new aws.route53.Zone(pre('dns-zone'), {
name: `${subDomainName}.${tldName}`
});
const aliasRecord = new aws.route53.Record(pre('alias-record'), {
name: `${subDomainName}.${tldName}`,
type: "A",
ttl: 60,
zoneId: subDomainZone.id,
aliases: [{
name: applicationLoadBalancer.loadBalancer.dnsName,
zoneId: applicationLoadBalancer.loadBalancer.zoneId,
evaluateTargetHealth: true,
}],
});
const nsRecord = new aws.route53.Record(pre('dns-record'), {
zoneId: rootZone.id,
name: `${subDomainName}.${tldName}`,
type: "NS",
ttl: 86400,
records: subDomainZone.nameServers,
}, {
provider: sharedAccountProvider
})
}