change: initial commit

contains sloped.me domain records and
backend configuration

.gitignore

@@ -0,0 +1,32 @@
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+plan
+out.plan
+terraform.tfvars

remote-backend/README.md

@@ -0,0 +1,6 @@
+# tf-backend-support
+These files are used to prepare our terraform backend environment. They create an S3 bucket for storing terraform remote state, another S3 bucket for storing logs of the changes to terraform state for auditing purposes, and creates a DynamoDB table used by terraform for locking and consistency. These configs are only run once to initialize the environment, so these resources are available for the rest of our terraform configs to store remote state and handle locking for to allow for safe use across a team.
+
+NOTE: there is a known issue with the DynamoDB table disabled ttl attribute,
+but you can still `terraform apply` config updates to the two s3 buckets even with this error:
+https://github.com/terraform-providers/terraform-provider-aws/issues/10304

remote-backend/main.tf

@@ -0,0 +1,97 @@
+# Get the AWS accountID
+data "aws_caller_identity" "current" {
+}
+
+
+# Create S3 buckets for logging and tfstate
+resource "aws_s3_bucket" "tflogs" {
+  bucket = var.s3bucketlogs
+  acl    = "log-delivery-write"
+
+  tags = {
+    Name        = var.s3bucketlogs
+    "ManagedBy" = "terraform"
+  }
+
+  # Enable server-side encryption by default
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
+}
+
+resource "aws_s3_bucket" "tfstate" {
+  bucket = var.s3bucketstate
+
+  tags = {
+    Name        = var.s3bucketstate
+    "ManagedBy" = "terraform"
+  }
+
+  logging {
+    target_bucket = aws_s3_bucket.tflogs.id
+    target_prefix = "log/"
+  }
+
+  versioning {
+    enabled = true
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  # Enable server-side encryption by default
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "tfstate" {
+  bucket = aws_s3_bucket.tfstate.id
+  policy = <<POLICY
+{
+  "Statement":[
+    {
+      "Action": "s3:*",
+      "Effect": "Allow",
+      "Principal": {"AWS": ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]},
+      "Resource": "arn:aws:s3:::${var.s3bucketstate}/*",
+      "Sid": "AddUserPerms"
+    }
+  ],
+  "Version": "2012-10-17"
+}
+POLICY
+
+}
+
+# Create DynamoDB table for locking and consistency checking
+resource "aws_dynamodb_table" "terraform-dynamodb-table-slopedme" {
+  name           = "terraform-dynamodb-table-slopedme"
+  billing_mode   = "PAY_PER_REQUEST"
+  read_capacity  = 0
+  write_capacity = 0
+  hash_key       = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = {
+    Name        = "terraform-dynamodb-table-slopedme"
+    "ManagedBy" = "terraform"
+  }
+}
+
+output "accountid" {
+  value = data.aws_caller_identity.current.account_id
+}

remote-backend/provider.tf

@@ -0,0 +1,4 @@
+provider "aws" {
+  region  = var.AWS_REGION
+  profile = "cw-terraform"
+}

remote-backend/variables.tf

@@ -0,0 +1,18 @@
+variable "AWS_REGION" {
+  default = "us-east-1"
+}
+
+variable "s3bucketstate" {
+  type    = string
+  default = "slopedme-tf-state"
+}
+
+variable "s3bucketlogs" {
+  type    = string
+  default = "slopedme-tf-logs"
+}
+
+variable "dynamodb-terraform-table" {
+  type    = string
+  default = "terraform-dynamodb-table"
+}

remote-backend/versions.tf

@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}

route53/outputs.tf

@@ -0,0 +1,4 @@
+output "sloped-me_hosted_zone_id" {
+  description = "DNS Zone for sloped.me"
+  value       = aws_route53_zone.sloped-me.zone_id
+}

route53/provider.tf

@@ -0,0 +1,15 @@
+provider "aws" {
+  region  = var.AWS_REGION
+  profile = "cw-terraform"
+}
+
+terraform {
+  backend "s3" {
+    profile        = "cw-terraform"
+    bucket         = "slopedme-tf-state"
+    encrypt        = true
+    dynamodb_table = "terraform-dynamodb-table"
+    region         = "us-east-1"
+    key            = "route53/terraform.tfstate"
+  }
+}

route53/sloped-me.tf

@@ -0,0 +1,87 @@
+resource "aws_route53_zone" "sloped-me" {
+    name       = "sloped.me"
+}
+resource "aws_route53_record" "sloped-me-A" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "sloped.me"
+    type    = "A"
+    records = ["104.236.108.131"]
+    ttl     = "604800"
+
+}
+
+resource "aws_route53_record" "sloped-me-MX" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "sloped.me"
+    type    = "MX"
+    records = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
+    ttl     = "604800"
+
+}
+
+resource "aws_route53_record" "sloped-me-TXT" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "sloped.me"
+    type    = "TXT"
+    records = ["v=spf1 include:spf.messagingengine.com ?all"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "wildcard-sloped-me-MX" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "*.sloped.me"
+    type    = "MX"
+    records = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
+    ttl     = "86400"
+
+}
+
+resource "aws_route53_record" "fm1-_domainkey-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "fm1._domainkey.sloped.me"
+    type    = "CNAME"
+    records = ["fm1.sloped.me.dkim.fmhosted.com"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "fm2-_domainkey-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "fm2._domainkey.sloped.me"
+    type    = "CNAME"
+    records = ["fm2.sloped.me.dkim.fmhosted.com"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "fm3-_domainkey-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "fm3._domainkey.sloped.me"
+    type    = "CNAME"
+    records = ["fm3.sloped.me.dkim.fmhosted.com"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "www-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "www.sloped.me"
+    type    = "CNAME"
+    records = ["sloped.me"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "cw-sloped-me-NS" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "cw.sloped.me"
+    type    = "NS"
+    records = [    "ns-36.awsdns-04.com",
+                    "ns-619.awsdns-13.net",
+                    "ns-1252.awsdns-28.org",
+                    "ns-1862.awsdns-40.co.uk"
+                    ]
+    ttl     = "300"
+
+}

route53/vars.tf

@@ -0,0 +1,8 @@
+variable "AWS_REGION" {
+  default = "us-east-1"
+}
+
+variable "ttl" {
+  default = "300"
+}
+