From 0a7a8683f9aa4c2ba79028ff0d6ee2bae9ac9768 Mon Sep 17 00:00:00 2001 From: David McCanney Date: Thu, 7 Jun 2018 13:01:29 +0100 Subject: [PATCH] Add ability to define a custom MX record * Small formatting bug fix. * Changed string handling to use format() so that the string changes are more obvious. * DRYed the Skype for Business and MDM record creation. * Added the ability to create a custom MX record rather than the Office 365 default. * Updated the README appropriately. --- README.md | 32 +++++++------- main.tf | 116 ++++++++++++++++++++++++++------------------------- variables.tf | 10 +++++ 3 files changed, 86 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index 5f8d4d6..52c06f7 100644 --- a/README.md +++ b/README.md @@ -12,24 +12,26 @@ A terraform module which creates, in AWS Route53, the [DNS records](https://supp module "route53_o365" { source = "tiguard/route53-o365/aws" - domain = "example.com" - zone_id = "${data.aws_route53_zone.zone_name.zone_id}" - ms_txt = "ms12345678" - enable_exchange = false - enable_sfb = false - enable_mdm = false - enable_dkim = false - enable_dmarc = false + domain = "example.com" + zone_id = "${data.aws_route53_zone.zone_name.zone_id}" + ms_txt = "ms12345678" + enable_exchange = false + enable_sfb = false + enable_mdm = false + enable_dkim = false + enable_dmarc = false + enable_custom_mx = true + custom_mx_record = "5 mx.custom.example.com" } ``` -* `enable_exchange` controls whether the required DNS records for Exchange Online should be created or not. -* `enable_sfb` controls whether the required DNS records for Skype for Business should be created or not. -* `enable_mdm` controls whether the DNS for Mobile Device Management should be created or not. -* `enable_dkim` controls whether the required DNS records for DKIM signing for the custom domain should be created or not. -* `enable_dmarc` controls whether a DMARC DNS record for the custom domain should be created or not. - -By default, all DNS records for Exchange Online, Skype for Business and MDM are set to `true`, DKIM and DMARC are set to `false`. +* `enable_exchange` controls whether the required DNS records for Exchange Online should be created or not. Defaults to `true`. +* `enable_sfb` controls whether the required DNS records for Skype for Business should be created or not. Defaults to `true`. +* `enable_mdm` controls whether the DNS for Mobile Device Management should be created or not. Defaults to `true`. +* `enable_dkim` controls whether the required DNS records for DKIM signing for the custom domain should be created or not. Defaults to `false`. +* `enable_dmarc` controls whether a DMARC DNS record for the custom domain should be created or not. Defaults to `false`. +* `enable_custom_mx` controls whether the standard Office 365 MX record or a custom MX record is created. Defaults to `false`. +* `custom_mx_record` contains the value of the custom MX record to create if `enable_custom_mx` is set to `true`. ## Examples diff --git a/main.tf b/main.tf index ff48696..8657c89 100644 --- a/main.tf +++ b/main.tf @@ -3,23 +3,55 @@ provider "template" { } data "template_file" "domain_guid" { - template = "${replace("${var.domain}", ".", "-")}" + template = "${replace(var.domain, ".", "-")}" } locals { - o365_mx = "10 ${data.template_file.domain_guid.rendered}.mail.protection.outlook.com" + o365_mx = "${format("10 %s.mail.protection.outlook.com", data.template_file.domain_guid.rendered)}" o365_spf = "v=spf1 include:spf.protection.outlook.com -all" - dkim_dom = "${data.template_file.domain_guid.rendered}._domainkey.${var.tenant_name}.onmicrosoft.com" + dkim_dom = "${format("%s._domainkey.%s.onmicrosoft.com", data.template_file.domain_guid.rendered, var.tenant_name)}" dkim = [ { - name = "selector1._domainkey.${var.domain}" - value = "selector1-${local.dkim_dom}" + name = "${format("selector1._domainkey.%s", var.domain)}" + value = "${format("selector1-%s", local.dkim_dom)}" }, { - name = "selector2._domainkey.${var.domain}" - value = "selector2-${local.dkim_dom}" + name = "${format("selector2._domainkey.%s", var.domain)}" + value = "${format("selector2-%s", local.dkim_dom)}" }, ] + sfb = [ + { + name = "lyncdiscover" + record = "webdir.online.lync.com" + type = "CNAME" + }, + { + name = "sip" + record = "sipdir.online.lync.com" + type = "CNAME" + }, + { + name = "_sipfederationtls._tcp" + record = "100 1 5061 sipfed.online.lync.com" + type = "SRV" + }, + { + name = "_sip._tls" + record = "100 1 443 sipdir.online.lync.com" + type = "SRV" + } + ] + mdm = [ + { + name = "enterpriseregistration" + record = "enterpriseregistration.windows.net" + }, + { + name = "enterpriseenrollment" + record = "enterpriseenrollment.manage.microsoft.com" + } + ] } ################# @@ -27,7 +59,7 @@ locals { ################# resource "aws_route53_record" "mx" { - count = "${var.enable_exchange ? 1 : 0}" + count = "${var.enable_exchange && var.enable_custom_mx < 1 ? 1 : 0}" zone_id = "${var.zone_id}" name = "" @@ -36,6 +68,16 @@ resource "aws_route53_record" "mx" { ttl = "${var.ttl}" } +resource "aws_route53_record" "custom_mx" { + count = "${var.enable_exchange && var.enable_custom_mx && length(var.custom_mx_record) > 0 ? 1 : 0}" + + zone_id = "${var.zone_id}" + name = "" + records = ["${var.custom_mx_record}"] + type = "MX" + ttl = "${var.ttl}" +} + resource "aws_route53_record" "autodiscover" { count = "${var.enable_exchange ? 1 : 0}" @@ -80,43 +122,13 @@ resource "aws_route53_record" "dkim" { # Skype for Business #################### -resource "aws_route53_record" "lyncdiscover" { - count = "${var.enable_sfb ? 1 : 0}" +resource "aws_route53_record" "sfb" { + count = "${var.enable_sfb ? length(local.sfb) : 0}" zone_id = "${var.zone_id}" - name = "lyncdiscover" - records = ["webdir.online.lync.com"] - type = "CNAME" - ttl = "${var.ttl}" -} - -resource "aws_route53_record" "sip" { - count = "${var.enable_sfb ? 1 : 0}" - - zone_id = "${var.zone_id}" - name = "sip" - records = ["sipdir.online.lync.com"] - type = "CNAME" - ttl = "${var.ttl}" -} - -resource "aws_route53_record" "sipfed" { - count = "${var.enable_sfb ? 1 : 0}" - - zone_id = "${var.zone_id}" - name = "_sipfederationtls._tcp" - records = ["100 1 5061 sipfed.online.lync.com"] - type = "SRV" - ttl = "${var.ttl}" -} - -resource "aws_route53_record" "sipdir" { - count = "${var.enable_sfb ? 1 : 0}" - - zone_id = "${var.zone_id}" - name = "_sip._tls" - records = ["100 1 443 sipdir.online.lync.com"] - type = "SRV" + name = "${lookup(local.sfb[count.index], "name")}" + records = ["${lookup(local.sfb[count.index], "record")}"] + type = "${lookup(local.sfb[count.index], "type")}" ttl = "${var.ttl}" } @@ -124,22 +136,12 @@ resource "aws_route53_record" "sipdir" { # Mobile Device Management ########################## -resource "aws_route53_record" "enterpriseregistration" { - count = "${var.enable_mdm ? 1 : 0}" - - zone_id = "${var.zone_id}" - name = "enterpriseregistration" - records = ["enterpriseregistration.windows.net"] - type = "CNAME" - ttl = "${var.ttl}" -} - -resource "aws_route53_record" "enterpriseenrollment" { - count = "${var.enable_mdm ? 1 : 0}" +resource "aws_route53_record" "mdm" { + count = "${var.enable_mdm ? length(local.mdm) : 0}" zone_id = "${var.zone_id}" - name = "enterpriseenrollment" - records = ["enterpriseenrollment.manage.microsoft.com"] + name = "${lookup(local.mdm[count.index], "name")}" + records = ["${lookup(local.mdm[count.index], "record")}"] type = "CNAME" ttl = "${var.ttl}" } diff --git a/variables.tf b/variables.tf index 4e5ed01..6f8f6b8 100644 --- a/variables.tf +++ b/variables.tf @@ -52,3 +52,13 @@ variable "dmarc_record" { description = "The value of the DMARC record." default = "" } + +variable "enable_custom_mx" { + description = "Controls whether a custom MX record should be created instead of the O365 default." + default = false +} + +variable "custom_mx_record" { + description = "The value of the custom MX record to create." + default = "" +}