Skip to content

Commit

Permalink
Add ability to define a custom MX record
Browse files Browse the repository at this point in the history 
* Small formatting bug fix.
* Changed string handling to use format() so that the string changes are more obvious.
* DRYed the Skype for Business and MDM record creation.
* Added the ability to create a custom MX record rather than the Office 365 default.
* Updated the README appropriately.
  • Loading branch information
@mccanney
mccanney committed Jun 7, 2018
1 parent c41b3c0 commit 0a7a868
Show file tree
Hide file tree
Showing 3 changed files with 86 additions and 72 deletions.
32 changes: 17 additions & 15 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,26 @@ A terraform module which creates, in AWS Route53, the [DNS records](https://supp
module "route53_o365" {
source = "tiguard/route53-o365/aws"
domain = "example.com"
zone_id = "${data.aws_route53_zone.zone_name.zone_id}"
ms_txt = "ms12345678"
enable_exchange = false
enable_sfb = false
enable_mdm = false
enable_dkim = false
enable_dmarc = false
domain = "example.com"
zone_id = "${data.aws_route53_zone.zone_name.zone_id}"
ms_txt = "ms12345678"
enable_exchange = false
enable_sfb = false
enable_mdm = false
enable_dkim = false
enable_dmarc = false
enable_custom_mx = true
custom_mx_record = "5 mx.custom.example.com"
}
```

* `enable_exchange` controls whether the required DNS records for Exchange Online should be created or not.
* `enable_sfb` controls whether the required DNS records for Skype for Business should be created or not.
* `enable_mdm` controls whether the DNS for Mobile Device Management should be created or not.
* `enable_dkim` controls whether the required DNS records for DKIM signing for the custom domain should be created or not.
* `enable_dmarc` controls whether a DMARC DNS record for the custom domain should be created or not.

By default, all DNS records for Exchange Online, Skype for Business and MDM are set to `true`, DKIM and DMARC are set to `false`.
* `enable_exchange` controls whether the required DNS records for Exchange Online should be created or not. Defaults to `true`.
* `enable_sfb` controls whether the required DNS records for Skype for Business should be created or not. Defaults to `true`.
* `enable_mdm` controls whether the DNS for Mobile Device Management should be created or not. Defaults to `true`.
* `enable_dkim` controls whether the required DNS records for DKIM signing for the custom domain should be created or not. Defaults to `false`.
* `enable_dmarc` controls whether a DMARC DNS record for the custom domain should be created or not. Defaults to `false`.
* `enable_custom_mx` controls whether the standard Office 365 MX record or a custom MX record is created. Defaults to `false`.
* `custom_mx_record` contains the value of the custom MX record to create if `enable_custom_mx` is set to `true`.

## Examples

Expand Down
116 changes: 59 additions & 57 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,31 +3,63 @@ provider "template" {
}

data "template_file" "domain_guid" {
template = "${replace("${var.domain}", ".", "-")}"
template = "${replace(var.domain, ".", "-")}"
}

locals {
o365_mx = "10 ${data.template_file.domain_guid.rendered}.mail.protection.outlook.com"
o365_mx = "${format("10 %s.mail.protection.outlook.com", data.template_file.domain_guid.rendered)}"
o365_spf = "v=spf1 include:spf.protection.outlook.com -all"
dkim_dom = "${data.template_file.domain_guid.rendered}._domainkey.${var.tenant_name}.onmicrosoft.com"
dkim_dom = "${format("%s._domainkey.%s.onmicrosoft.com", data.template_file.domain_guid.rendered, var.tenant_name)}"
dkim = [
{
name = "selector1._domainkey.${var.domain}"
value = "selector1-${local.dkim_dom}"
name = "${format("selector1._domainkey.%s", var.domain)}"
value = "${format("selector1-%s", local.dkim_dom)}"
},
{
name = "selector2._domainkey.${var.domain}"
value = "selector2-${local.dkim_dom}"
name = "${format("selector2._domainkey.%s", var.domain)}"
value = "${format("selector2-%s", local.dkim_dom)}"
},
]
sfb = [
{
name = "lyncdiscover"
record = "webdir.online.lync.com"
type = "CNAME"
},
{
name = "sip"
record = "sipdir.online.lync.com"
type = "CNAME"
},
{
name = "_sipfederationtls._tcp"
record = "100 1 5061 sipfed.online.lync.com"
type = "SRV"
},
{
name = "_sip._tls"
record = "100 1 443 sipdir.online.lync.com"
type = "SRV"
}
]
mdm = [
{
name = "enterpriseregistration"
record = "enterpriseregistration.windows.net"
},
{
name = "enterpriseenrollment"
record = "enterpriseenrollment.manage.microsoft.com"
}
]
}

#################
# Exchange Online
#################

resource "aws_route53_record" "mx" {
count = "${var.enable_exchange ? 1 : 0}"
count = "${var.enable_exchange && var.enable_custom_mx < 1 ? 1 : 0}"

zone_id = "${var.zone_id}"
name = ""
Expand All @@ -36,6 +68,16 @@ resource "aws_route53_record" "mx" {
ttl = "${var.ttl}"
}

resource "aws_route53_record" "custom_mx" {
count = "${var.enable_exchange && var.enable_custom_mx && length(var.custom_mx_record) > 0 ? 1 : 0}"

zone_id = "${var.zone_id}"
name = ""
records = ["${var.custom_mx_record}"]
type = "MX"
ttl = "${var.ttl}"
}

resource "aws_route53_record" "autodiscover" {
count = "${var.enable_exchange ? 1 : 0}"

Expand Down Expand Up @@ -80,66 +122,26 @@ resource "aws_route53_record" "dkim" {
# Skype for Business
####################

resource "aws_route53_record" "lyncdiscover" {
count = "${var.enable_sfb ? 1 : 0}"
resource "aws_route53_record" "sfb" {
count = "${var.enable_sfb ? length(local.sfb) : 0}"

zone_id = "${var.zone_id}"
name = "lyncdiscover"
records = ["webdir.online.lync.com"]
type = "CNAME"
ttl = "${var.ttl}"
}

resource "aws_route53_record" "sip" {
count = "${var.enable_sfb ? 1 : 0}"

zone_id = "${var.zone_id}"
name = "sip"
records = ["sipdir.online.lync.com"]
type = "CNAME"
ttl = "${var.ttl}"
}

resource "aws_route53_record" "sipfed" {
count = "${var.enable_sfb ? 1 : 0}"

zone_id = "${var.zone_id}"
name = "_sipfederationtls._tcp"
records = ["100 1 5061 sipfed.online.lync.com"]
type = "SRV"
ttl = "${var.ttl}"
}

resource "aws_route53_record" "sipdir" {
count = "${var.enable_sfb ? 1 : 0}"

zone_id = "${var.zone_id}"
name = "_sip._tls"
records = ["100 1 443 sipdir.online.lync.com"]
type = "SRV"
name = "${lookup(local.sfb[count.index], "name")}"
records = ["${lookup(local.sfb[count.index], "record")}"]
type = "${lookup(local.sfb[count.index], "type")}"
ttl = "${var.ttl}"
}

##########################
# Mobile Device Management
##########################

resource "aws_route53_record" "enterpriseregistration" {
count = "${var.enable_mdm ? 1 : 0}"

zone_id = "${var.zone_id}"
name = "enterpriseregistration"
records = ["enterpriseregistration.windows.net"]
type = "CNAME"
ttl = "${var.ttl}"
}

resource "aws_route53_record" "enterpriseenrollment" {
count = "${var.enable_mdm ? 1 : 0}"
resource "aws_route53_record" "mdm" {
count = "${var.enable_mdm ? length(local.mdm) : 0}"

zone_id = "${var.zone_id}"
name = "enterpriseenrollment"
records = ["enterpriseenrollment.manage.microsoft.com"]
name = "${lookup(local.mdm[count.index], "name")}"
records = ["${lookup(local.mdm[count.index], "record")}"]
type = "CNAME"
ttl = "${var.ttl}"
}
10 changes: 10 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,3 +52,13 @@ variable "dmarc_record" {
description = "The value of the DMARC record."
default = ""
}

variable "enable_custom_mx" {
description = "Controls whether a custom MX record should be created instead of the O365 default."
default = false
}

variable "custom_mx_record" {
description = "The value of the custom MX record to create."
default = ""
}

0 comments on commit 0a7a868

Please sign in to comment.