-
Notifications
You must be signed in to change notification settings - Fork 3
/
Common-PublicSESRecordSets.yaml
128 lines (128 loc) · 4.99 KB
/
Common-PublicSESRecordSets.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
AWSTemplateFormatVersion: 2010-09-09
Description: Common-PublicSESRecordSets Template.
This creates Amazon SES Public RecordSets in a Public HostedZone.
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: Stack Dependencies
Parameters:
- PublicHostedZoneStackName
- Label:
default: RecordSet Configuration
Parameters:
- VerificationTXTValue
- DomainKey1Value
- DomainKey2Value
- DomainKey3Value
ParameterLabels:
PublicHostedZoneStackName:
default: PublicHostedZone Stack Name
VerificationTXTValue:
default: Amazon SES Verification TXT Value
DomainKey1Value:
default: Amazon SES Domain Key 1 Value
DomainKey2Value:
default: Amazon SES Domain Key 2 Value
DomainKey3Value:
default: Amazon SES Domain Key 3 Value
Parameters:
PublicHostedZoneStackName:
Description: Name of the CloudFormation Stack containing the Public HostedZone
Type: String
MaxLength: 64
Default: Production-PublicHostedZone
AllowedPattern: ^[A-Z][-a-zA-Z0-9]*$
ConstraintDescription: must begin with an upper case letter and contain alphanumeric characters and dashes.
VerificationTXTValue:
Description: Value of Amazon SES Verification TXT Record (without quotes)
Type: String
Default: ''
AllowedPattern: (^$|^[+/A-Za-z0-9]{43}=$)
ConstraintDescription: 'must be a string of 43 alphanumeric characters, plus sign or forward slash, followed by an equal sign, or be blank.'
DomainKey1Value:
Description: Value of Amazon SES Domain Key 1
Type: String
Default: ''
AllowedPattern: (^$|^[a-z0-9]{32}$)
ConstraintDescription: must be a string of 32 lower-case alphanumeric characters, or be blank.
DomainKey2Value:
Description: Value of Amazon SES Domain Key 2
Type: String
Default: ''
AllowedPattern: (^$|^[a-z0-9]{32}$)
ConstraintDescription: must be a string of 32 lower-case alphanumeric characters, or be blank.
DomainKey3Value:
Description: Value of Amazon SES Domain Key 3
Type: String
Default: ''
AllowedPattern: (^$|^[a-z0-9]{32}$)
ConstraintDescription: must be a string of 32 lower-case alphanumeric characters, or be blank.
#Rules:
# ValidateDomainKey1Value:
# RuleCondition: !Or [ !Equals [ !Ref DomainKey1Value, '' ], [ !Equals [ !Ref DomainKey2Value, '' ], !Equals [ !Ref DomainKey3Value, '' ]]
# Assertions:
# - Assert: !And [ !Equals [ !Ref DomainKey1Value, '' ], [ !Equals [ !Ref DomainKey2Value, '' ], !Equals [ !Ref DomainKey3Value, '' ]]
# AssertDescription: All 3 Domain Key Values must be blank, or non-blank.
Conditions:
ConfigureVerificationTXTRecordSet: !Not [ !Equals [ !Ref VerificationTXTValue, '' ]]
ConfigureDomainKey1CNAMERecordSet: !Not [ !Equals [ !Ref DomainKey1Value, '' ]]
ConfigureDomainKey2CNAMERecordSet: !Not [ !Equals [ !Ref DomainKey2Value, '' ]]
ConfigureDomainKey3CNAMERecordSet: !Not [ !Equals [ !Ref DomainKey3Value, '' ]]
Resources:
PublicVerificationTXTRecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicHostedZone
Name: !Sub
- _amazonses.${PublicDomain}.
- PublicDomain: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicDomain
Type: TXT
TTL: 1800
ResourceRecords:
- !Sub '"${VerificationTXTValue}"'
Condition: ConfigureVerificationTXTRecordSet
PublicDomainKey1CNAMERecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicHostedZone
Name: !Sub
- ${DomainKey1Value}._domainkey.${PublicDomain}.
- PublicDomain: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicDomain
Type: CNAME
TTL: 3600
ResourceRecords:
- !Sub ${DomainKey1Value}.dkim.amazonses.com.
Condition: ConfigureDomainKey1CNAMERecordSet
PublicDomainKey2CNAMERecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicHostedZone
Name: !Sub
- ${DomainKey2Value}._domainkey.${PublicDomain}.
- PublicDomain: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicDomain
Type: CNAME
TTL: 3600
ResourceRecords:
- !Sub ${DomainKey2Value}.dkim.amazonses.com.
Condition: ConfigureDomainKey2CNAMERecordSet
PublicDomainKey3CNAMERecordSet:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicHostedZone
Name: !Sub
- ${DomainKey3Value}._domainkey.${PublicDomain}.
- PublicDomain: !ImportValue
Fn::Sub: ${PublicHostedZoneStackName}-PublicDomain
Type: CNAME
TTL: 3600
ResourceRecords:
- !Sub ${DomainKey3Value}.dkim.amazonses.com.
Condition: ConfigureDomainKey2CNAMERecordSet