From 55df32dae1e5929133c61f9deffc8eb0b94984a0 Mon Sep 17 00:00:00 2001
From: hdavey-gds <129174608+hdavey-gds@users.noreply.github.com>
Date: Mon, 4 Dec 2023 14:56:39 +0000
Subject: [PATCH] Add hosted zone DNS records (#457)

Add CNAME records for DKIM configuration
Add MX and TXT records for MAIL FROM configuration
---
 iac/quicksight-access/base.yml                | 17 ++++++
 .../resources/email-configuration.yml         | 61 +++++++++++++++++++
 2 files changed, 78 insertions(+)

diff --git a/iac/quicksight-access/base.yml b/iac/quicksight-access/base.yml
index 0a63187f9..3c0623cd7 100644
--- a/iac/quicksight-access/base.yml
+++ b/iac/quicksight-access/base.yml
@@ -62,3 +62,20 @@ Globals:
     Environment:
       Variables:
         NODE_OPTIONS: '--enable-source-maps'
+
+Mappings:
+  DKIMRecordMap:
+    dev:
+      Name1: zs2dfseiiy7xvwdswfyxccyvtzqdytv3._domainkey.dap.dev.account.gov.uk
+      Name2: 4sg43w2i5nt4gbemquvgfagfldax6g4u._domainkey.dap.dev.account.gov.uk
+      Name3: ms7qqbyvkfjeoxhzjdsn3fyhqg6t5kmx._domainkey.dap.dev.account.gov.uk
+      Value1: zs2dfseiiy7xvwdswfyxccyvtzqdytv3.dkim.amazonses.com
+      Value2: 4sg43w2i5nt4gbemquvgfagfldax6g4u.dkim.amazonses.com
+      Value3: ms7qqbyvkfjeoxhzjdsn3fyhqg6t5kmx.dkim.amazonses.com
+    production:
+      Name1: o5b7hzt6in42sxz4fubsutlp4v72myre._domainkey.dap.account.gov.uk
+      Name2: 2oycgq2ysih3clrmbel4u2xa6w52k26k._domainkey.dap.account.gov.uk
+      Name3: dur4gqp5mqm63drleftnpvdjkjvofepy._domainkey.dap.account.gov.uk
+      Value1: o5b7hzt6in42sxz4fubsutlp4v72myre.dkim.amazonses.com
+      Value2: 2oycgq2ysih3clrmbel4u2xa6w52k26k.dkim.amazonses.com
+      Value3: dur4gqp5mqm63drleftnpvdjkjvofepy.dkim.amazonses.com
diff --git a/iac/quicksight-access/resources/email-configuration.yml b/iac/quicksight-access/resources/email-configuration.yml
index 27b794804..fd04eb483 100644
--- a/iac/quicksight-access/resources/email-configuration.yml
+++ b/iac/quicksight-access/resources/email-configuration.yml
@@ -5,3 +5,64 @@ HostedZone:
   UpdateReplacePolicy: Retain
   Properties:
     Name: !If [IsDev, dap.dev.account.gov.uk, dap.account.gov.uk]
+
+DKIMRecords:
+  Type: AWS::Route53::RecordSetGroup
+  Condition: IsDevOrProd
+  Properties:
+    HostedZoneId: !Ref HostedZone
+    RecordSets:
+      - Type: CNAME
+        TTL: 3600
+        Name: !FindInMap
+          - DKIMRecordMap
+          - !Ref Environment
+          - Name1
+        ResourceRecords:
+          - !FindInMap
+            - DKIMRecordMap
+            - !Ref Environment
+            - Value1
+      - Type: CNAME
+        TTL: 3600
+        Name: !FindInMap
+          - DKIMRecordMap
+          - !Ref Environment
+          - Name2
+        ResourceRecords:
+          - !FindInMap
+            - DKIMRecordMap
+            - !Ref Environment
+            - Value2
+      - Type: CNAME
+        TTL: 3600
+        Name: !FindInMap
+          - DKIMRecordMap
+          - !Ref Environment
+          - Name3
+        ResourceRecords:
+          - !FindInMap
+            - DKIMRecordMap
+            - !Ref Environment
+            - Value3
+
+MAILFROMRecords:
+  Type: AWS::Route53::RecordSetGroup
+  Condition: IsDevOrProd
+  Properties:
+    HostedZoneId: !Ref HostedZone
+    RecordSets:
+      - Type: MX
+        TTL: 3600
+        Name: !Sub
+          - 'noreply.${Domain}'
+          - Domain: !If [IsDev, dap.dev.account.gov.uk, dap.account.gov.uk]
+        ResourceRecords:
+          - '10 feedback-smtp.eu-west-2.amazonses.com'
+      - Type: TXT
+        TTL: 3600
+        Name: !Sub
+          - 'noreply.${Domain}'
+          - Domain: !If [IsDev, dap.dev.account.gov.uk, dap.account.gov.uk]
+        ResourceRecords:
+          - '"v=spf1 include:amazonses.com ~all!"' # the double quotation marks are a needed part of the TXT record