Add hosted zone DNS records (#457)

Add CNAME records for DKIM configuration Add MX and TXT records for MAIL FROM configuration
govuk-one-login · Dec 4, 2023 · 55df32d · 55df32d
1 parent f484f66
commit 55df32d
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/iac/quicksight-access/base.yml b/iac/quicksight-access/base.yml
@@ -62,3 +62,20 @@ Globals:
     Environment:
       Variables:
         NODE_OPTIONS: '--enable-source-maps'
+
+Mappings:
+  DKIMRecordMap:
+    dev:
+      Name1: zs2dfseiiy7xvwdswfyxccyvtzqdytv3._domainkey.dap.dev.account.gov.uk
+      Name2: 4sg43w2i5nt4gbemquvgfagfldax6g4u._domainkey.dap.dev.account.gov.uk
+      Name3: ms7qqbyvkfjeoxhzjdsn3fyhqg6t5kmx._domainkey.dap.dev.account.gov.uk
+      Value1: zs2dfseiiy7xvwdswfyxccyvtzqdytv3.dkim.amazonses.com
+      Value2: 4sg43w2i5nt4gbemquvgfagfldax6g4u.dkim.amazonses.com
+      Value3: ms7qqbyvkfjeoxhzjdsn3fyhqg6t5kmx.dkim.amazonses.com
+    production:
+      Name1: o5b7hzt6in42sxz4fubsutlp4v72myre._domainkey.dap.account.gov.uk
+      Name2: 2oycgq2ysih3clrmbel4u2xa6w52k26k._domainkey.dap.account.gov.uk
+      Name3: dur4gqp5mqm63drleftnpvdjkjvofepy._domainkey.dap.account.gov.uk
+      Value1: o5b7hzt6in42sxz4fubsutlp4v72myre.dkim.amazonses.com
+      Value2: 2oycgq2ysih3clrmbel4u2xa6w52k26k.dkim.amazonses.com
+      Value3: dur4gqp5mqm63drleftnpvdjkjvofepy.dkim.amazonses.com
diff --git a/iac/quicksight-access/resources/email-configuration.yml b/iac/quicksight-access/resources/email-configuration.yml
@@ -5,3 +5,64 @@ HostedZone:
   UpdateReplacePolicy: Retain
   Properties:
     Name: !If [IsDev, dap.dev.account.gov.uk, dap.account.gov.uk]
+
+DKIMRecords:
+  Type: AWS::Route53::RecordSetGroup
+  Condition: IsDevOrProd
+  Properties:
+    HostedZoneId: !Ref HostedZone
+    RecordSets:
+      - Type: CNAME
+        TTL: 3600
+        Name: !FindInMap
+          - DKIMRecordMap
+          - !Ref Environment
+          - Name1
+        ResourceRecords:
+          - !FindInMap
+            - DKIMRecordMap
+            - !Ref Environment
+            - Value1
+      - Type: CNAME
+        TTL: 3600
+        Name: !FindInMap
+          - DKIMRecordMap
+          - !Ref Environment
+          - Name2
+        ResourceRecords:
+          - !FindInMap
+            - DKIMRecordMap
+            - !Ref Environment
+            - Value2
+      - Type: CNAME
+        TTL: 3600
+        Name: !FindInMap
+          - DKIMRecordMap
+          - !Ref Environment
+          - Name3
+        ResourceRecords:
+          - !FindInMap
+            - DKIMRecordMap
+            - !Ref Environment
+            - Value3
+
+MAILFROMRecords:
+  Type: AWS::Route53::RecordSetGroup
+  Condition: IsDevOrProd
+  Properties:
+    HostedZoneId: !Ref HostedZone
+    RecordSets:
+      - Type: MX
+        TTL: 3600
+        Name: !Sub
+          - 'noreply.${Domain}'
+          - Domain: !If [IsDev, dap.dev.account.gov.uk, dap.account.gov.uk]
+        ResourceRecords:
+          - '10 feedback-smtp.eu-west-2.amazonses.com'
+      - Type: TXT
+        TTL: 3600
+        Name: !Sub
+          - 'noreply.${Domain}'
+          - Domain: !If [IsDev, dap.dev.account.gov.uk, dap.account.gov.uk]
+        ResourceRecords:
+          - '"v=spf1 include:amazonses.com ~all!"' # the double quotation marks are a needed part of the TXT record