sparse-intern-71089
02/14/2022, 11:09 PMwitty-belgium-75866
02/15/2022, 8:47 AMproud-art-41399
02/16/2022, 8:10 PM# Create a reusable delegation set.
delegation_set = aws.route53.DelegationSet(
"infra-delegation-set", opts=pulumi.ResourceOptions(protect=True)
)
# Create public DNS zones.
for zone_name in config.require_object("public_zones"):
parts = tldextract.extract(zone_name)
domain = f"{parts.domain}.{parts.suffix}"
# Create a DNS zone.
zone = aws.route53.Zone(
f"infra-zone-{domain}",
delegation_set_id=delegation_set.id,
name=zone_name,
)
# Create a wildcard certificate in default region.
certificate = aws.acm.Certificate(
f"infra-certificate-{domain}-{aws.config.region}",
domain_name=f"*.{domain}",
subject_alternative_names=[domain],
validation_method="DNS",
)
# Create a certificate validation record.
aws.route53.Record(
f"infra-{domain}-certificate-validation",
name=certificate.domain_validation_options.apply(
lambda opts: opts[0].resource_record_name
),
type=certificate.domain_validation_options.apply(
lambda opts: opts[0].resource_record_type
),
records=[
certificate.domain_validation_options.apply(
lambda opts: opts[0].resource_record_value
)
],
zone_id=zone.id,
ttl=600,
)