From c98363857166f52c0072d816f9ab2e8b1d6da6ab Mon Sep 17 00:00:00 2001
From: Conner McCall <conner@clockwork.com>
Date: Thu, 20 Aug 2020 07:33:33 -0500
Subject: [PATCH] change: initial commit

contains sloped.me domain records and
backend configuration
---
 .gitignore                  |  32 ++++++++++++
 remote-backend/README.md    |   6 +++
 remote-backend/main.tf      |  97 ++++++++++++++++++++++++++++++++++++
 remote-backend/out.tfplan   | Bin 0 -> 4489 bytes
 remote-backend/provider.tf  |   4 ++
 remote-backend/variables.tf |  18 +++++++
 remote-backend/versions.tf  |   4 ++
 route53/outputs.tf          |   4 ++
 route53/provider.tf         |  15 ++++++
 route53/sloped-me.tf        |  87 ++++++++++++++++++++++++++++++++
 route53/vars.tf             |   8 +++
 11 files changed, 275 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 remote-backend/README.md
 create mode 100644 remote-backend/main.tf
 create mode 100644 remote-backend/out.tfplan
 create mode 100644 remote-backend/provider.tf
 create mode 100644 remote-backend/variables.tf
 create mode 100644 remote-backend/versions.tf
 create mode 100644 route53/outputs.tf
 create mode 100644 route53/provider.tf
 create mode 100644 route53/sloped-me.tf
 create mode 100644 route53/vars.tf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1eed3c7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,32 @@
+### Terraform ###
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+plan
+out.plan
+terraform.tfvars
diff --git a/remote-backend/README.md b/remote-backend/README.md
new file mode 100644
index 0000000..f5667a6
--- /dev/null
+++ b/remote-backend/README.md
@@ -0,0 +1,6 @@
+# tf-backend-support
+These files are used to prepare our terraform backend environment. They create an S3 bucket for storing terraform remote state, another S3 bucket for storing logs of the changes to terraform state for auditing purposes, and creates a DynamoDB table used by terraform for locking and consistency. These configs are only run once to initialize the environment, so these resources are available for the rest of our terraform configs to store remote state and handle locking for to allow for safe use across a team.
+
+NOTE: there is a known issue with the DynamoDB table disabled ttl attribute,
+but you can still `terraform apply` config updates to the two s3 buckets even with this error:
+https://github.com/terraform-providers/terraform-provider-aws/issues/10304
diff --git a/remote-backend/main.tf b/remote-backend/main.tf
new file mode 100644
index 0000000..90b9f3d
--- /dev/null
+++ b/remote-backend/main.tf
@@ -0,0 +1,97 @@
+# Get the AWS accountID
+data "aws_caller_identity" "current" {
+}
+
+
+# Create S3 buckets for logging and tfstate
+resource "aws_s3_bucket" "tflogs" {
+  bucket = var.s3bucketlogs
+  acl    = "log-delivery-write"
+
+  tags = {
+    Name        = var.s3bucketlogs
+    "ManagedBy" = "terraform"
+  }
+
+  # Enable server-side encryption by default
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
+}
+
+resource "aws_s3_bucket" "tfstate" {
+  bucket = var.s3bucketstate
+
+  tags = {
+    Name        = var.s3bucketstate
+    "ManagedBy" = "terraform"
+  }
+
+  logging {
+    target_bucket = aws_s3_bucket.tflogs.id
+    target_prefix = "log/"
+  }
+
+  versioning {
+    enabled = true
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+
+  # Enable server-side encryption by default
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "tfstate" {
+  bucket = aws_s3_bucket.tfstate.id
+  policy = <<POLICY
+{
+  "Statement":[
+    {
+      "Action": "s3:*",
+      "Effect": "Allow",
+      "Principal": {"AWS": ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]},
+      "Resource": "arn:aws:s3:::${var.s3bucketstate}/*",
+      "Sid": "AddUserPerms"
+    }
+  ],
+  "Version": "2012-10-17"
+}
+POLICY
+
+}
+
+# Create DynamoDB table for locking and consistency checking
+resource "aws_dynamodb_table" "terraform-dynamodb-table-slopedme" {
+  name           = "terraform-dynamodb-table-slopedme"
+  billing_mode   = "PAY_PER_REQUEST"
+  read_capacity  = 0
+  write_capacity = 0
+  hash_key       = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+
+  tags = {
+    Name        = "terraform-dynamodb-table-slopedme"
+    "ManagedBy" = "terraform"
+  }
+}
+
+output "accountid" {
+  value = data.aws_caller_identity.current.account_id
+}
diff --git a/remote-backend/out.tfplan b/remote-backend/out.tfplan
new file mode 100644
index 0000000000000000000000000000000000000000..a236edce8b5256fa0658524ad43d530a0434af1f
GIT binary patch
literal 4489
zcmaJ^bySqw*B%&#A*EXo5b5sj&S3y)>7f|}1iW;Y)JVuBL_#E_1nKThQ4m4GAqJ38
zBm_SA-Su6Ob?<%7I)9w?zGt6(o*idzhz1aY6o7R(fN3PUfNQ`6U<15h?k-kt2KpcX
znn<IR#n$~rIEf0KPd`;Bju#86ex*!e$4$|cteWAi0%Aua^HoTw3D!f_JOiqD`?dwV
zjO^LbCpMZX;Q78*(VrmF`EW=UCOf0UyTJn0Gw?ow;ygk<6=F~fE&VPYAM;ec$N6ma
z>(-Axf9ZqcVK+njyuP`7fd=$!jIP2W5^!0NMZk1KjjpDzgPJE*Fe=P--+Se_vUZUR
zds#!oo(2-TTDb43;BlLn#}sVp^c60-@XBGe#nxD1t=iXR^(bbli1?!BuvVXov<6?1
zMj~~+_OKkTMPp6BXMvL8%J4DyF{7%QwlaXh=F}`rAcA~x0k0$RYw6j|ksV+|hHf$_
z1?)etH&n4Mo+^1Hov_^`mtqv(Lmtf+`vnIRHe?{@|IE*Ha)1PWUyChRr@GGbi6^t<
zmIj6N9a`~36_wuI5B(W$?#}MnB@W$QG6JS{-YW^ua9@IcL1Ijh_!6s+Jb0hcL>>2O
z1>u%FPuY0r!Z{RT+iA&MX(eq5($@}Qk02x^q6<IR6asbkq+o>e>&1?6V2S1zRF}zV
zg>?Se5G)5Vz`=XUaBe!sN-v%8!N^6KzH`>?%v%7-1ojsqH+AaO!;2NQbr2#irC#3H
z@03s^B$!{C?1V!~igF0%MhKHRDb3rg@G3aT$pk7xtjp&4;wyt0BQ=zX%2=KyW^H7+
zVQiR5izIE-h7em9LC4_)NHBO?)8eJf(|lk};vu6wwJxX|;Bn$768NbfbZfgbqTO{B
zW|D3XL+C6Iw7kH2gsHNuB%vk!ZIn4VfI>$y)|6l+(dObL6oPY`6uY7KMH=qO9KQUq
zIk(hD&}b(~4UM~kSfEylyQ;2)_=@N#EOAuH=3}#;h)G}hH*6A7#1yiCE_;JPx`7kK
zwn@i+X7Yv|l4PI0X(6NlqI(*;EAzoMM7^+z-Tl?{K2*1z+acf9@r#}gkrjI!36#ct
z&yEcs;Ir2<Jf5+%b+l)*rUUCsG`Dx7DN`EVm(@s7nD)uh7_;dtl}u`glf_3Ow5{2d
zavn!SFAtj0i{%%dm|@tgOg<hLlwYCGDKBO_sszk^4o;B`5T5_M<fR*IB2i!Koa4sp
zS4h1BKOCInV8ZgnhU=wpSW)a3w2!zPj}}x^>C~W+&5;ZIFwt^u5BG!e2`r7_$J<V+
zoIbaDEj;R`6*8%b!`wW(??2VeQTJ1_Bl&|NGA?OqSk|uUxajft_rmX#;UDWAH*JE5
zK%-CJWoJHW8(O9LvCq6D6T=c1ZMt|-zPkqOd8t}(2!Ctfm+z;yvt1GP`dh+W^#j%2
zv5B1?vc&`!iGi^+=SWrpyagnVQP6FxQjZPV<EeWnZpXF98kzp5*1`>ScaMJ*xrE+L
ztMeS<p^bSiQTAM1dhY(3sd~X<Z)bv{i6$bf)m$$)yKB)O+tYwe<yqbluvOB*x!@o_
zg_uMCqcJB)ey)Ff<Aka-!E`t(Ylv}EIX@PA5WTZ2{mXa*r^k4s7}Xx_+PdW*xfK-`
z4vjM3|I9BCba+XFuS*jDo@$M7Q`sihPEOZ>ZDDR!<<^S~0vO}MxRtZW3w`o%E4O7?
zLls8HZTK;D^C$6>Wd@FgqiFT5x^vxf%x=wTXQg81N3!xjegmByr$LqN&26<pzscgE
z3X|-DS0w!>ixyuGaLr}N7mTFmkA1%`LgCv+#~wdBQSVCmw*#LfviMw30{|Bn5DhR^
zlc4)976<?k#RUK$|C&U>|4X8tURGXqzp|*2Dg2`_Y2a7|;n4@<a?ZXOj$8t__jstc
z<*)sW4M7-MbZlm<(7VOHPM<HNqtkd0Uqm~q8EF4xiCB}M$o{B;I_W<cCv)gZRZRAo
zFFmiz6;ewX-Bk_^J*VG_0<IEb3bI(grmx39goee3>GHy2WatojGF14_bh?(>Ww2qZ
zwqD{ibW?MY>@E+C!Wb)XIu8h6=#x!)yp=AozMJPBsj{;B?dZssGzTw76sYYoG_Mx_
z&g^ABEl+|Ze96p#w`81@o#lD9i>rv<FdM)1K)D#d$TMOFS({N=6SpCJRm5<J!wVtR
zCZbgn^M{y?#N|1swr;{$-0}B3ByzWNZ+DO5_V?dMhAq5(W>k7yR%!XRx(2~T5^avz
zMDkYN$xtuPP7%qx%oLaB>aR~Zp7=gs{Jw=aRv7PYSe1<Lazxj<?`@Er3?+E!!znjb
zXuIFV&STRme$yzC<Gs^?qW3a77UzeXTQ<IjQ<-be7qrL8{U1&Tid&@By*D3tqKZIA
zalfQmHkRY**h!mUmM=ug84zJOST`U(7+J^RgnO&2mL4m}7fJ&=DrD2o%{+0zPOg!<
zq*O0FEUAu!_h{f2sOg3hOw@hVVSVNL?$WHcwI{F-EL6vNOc|Nd1`@OenFB&hKY2(W
zR}<#Z<S~3vC*DgmhZf?`M7*kzd0rPDGfBz|w5es+UA?DB>0kxbD%gg$LVD4=EK<T7
zXM^r&FGyy#o-S=o4Q({N*?B0Q;@ClwdylMA#Nowc&0HugqtGevRge6HhGwd!uL-9_
z8EzIwhvTeygxyK0FYXGEZ{|)7@LdwFcKVs$czUD^E-(37fmy=5fFaUijo9mBC0YQ8
znr0LbR?s-y6d+jBJmW8>QHr;t+BmKqw%WkDmxBen2TMwl{~)E@(h^xJ<CQ^`MPwtl
zqQQ#Facl`t=%8#@EKv9KOKxyIv8GPY9;b^}T04H+x4~T<@5DIwrH1K~xnoXLpfUHF
zec{J?Ki{5%@lvU&dH**`L(VNQ)PjszV3I9!@T0L>1zYS6JPaeFke!rBv0=QrYz33J
z&F}A|Y&q~$(>Qk0G$ZEFh4_O#Mk=B`qhR}C8Cp5gpP055VPmm*pPdWG43Kk^z^qyS
zHIw2@L3r?jqLubGebgr&*M-qF1?0%6?P825P3Y(ss~GK$WmAjfx2ZD`C1%oY6{t*~
zK@l9d(TVbs1yKagT6IXX%&oe{qadg+u$>+}APZe!)Mjz5^lCd-YXZ&Iv<Ex@ySKn*
zUV;5M>VYDQ2!k0Ka`V3RF8%^aB|e-mxpe~cAb0Bg2Txw6dSFiWvYz<U=Cj$~61LiE
zK|7=Ng5BO#LI7$tG6<b^Zdo{UvyH_>>w3}V5A+oSw=UfCQ>*z*zF7;t@Fqi0DJNz%
z)O`n6MJDfj99dD}Gs)r^51OlL$>fu8wuPJCG0=(2Zv*~+F1maAh(;R&09YjbuUtg(
zzg%PkcY`_F^SE;HxLP^7aeKl3&P((9T5uW>!j=O=y!D(|^(w9!5cz~$Ohl*bT*>_@
zdMxx%Mtj5XhSkul)JERJHi~(kVmIri_v`ekT_TBa`-N8ABM`PjV&zFCs5qs9_R|6{
zml}F{A8Setc^EG>EtQj~yFpZNf~aI=8lN{B9H=h;f!ors)UN=mfxt3Am(noUi<&i&
z3EQ}R9hF;Ilz=-S;{G|s)S|l^8;HxfMBgRJebTn^3{BMz4UpFUng>SxTFlY`)@O+&
zW&>b~!x~Bee-<%j#Cy&&iMDG|_!P7$g0E8+&d@&}g%Ai9CVJ35H;}CqO?itFHsOHb
z#V$xj_0{ryaIe`+8YLcOGVgLY(O}a&>7yibl?twD@~G#4>Jpc`t&=Uz-R@oC;Ao<V
znh1i(Lpx}z3A`fcXAD7bTKuBx+@xOE*ZT+EtEcZ;{A;AnmEO=wP3j@=K!|6GKQ%U+
zefsCuJzdCnMS=*teTDYucokPZ#ZWhqIT@ixP#2-J5=wNZ=t_dYUQB|@IIWMv&(q@R
z+2Qd{t(#GOrR%(B+$Y*bov8Pji;JIH&-$S(i_D4{9*n2cYLsLLsp<q>0-qly2aE+#
zqEM15O2w_!Gk0{rnU-1nsWp;e;MSAMFI4`^{Pmi2HZa=^yG5yj?mvSVDv=6iBT?=o
z%5}!OIY(>WjZ1FN)EoU*<KsB@&iiJ!O9e(u^Cdb=+7c;+DF^$DLV~n;&keu!U^KNh
zH|Cg|kCq1_%j~*pChxz*YjMotJR70O9d!&yC^_X*N%fgflrN%&_-);yd#&$-_XmqO
zX5it>NN>Kek6_%4;j1C5cRO1FJHW%^-c>@I*AF9DTY6hv-<+@tqa+^Iov)nzacYka
zN-<$IR<nDhmaBm|u5?&DNAZJyr$<Vdh3so{V_VBco;fk-O{t^5srZ0>l79ZnO{b4+
zxH+n?)1{U@#b)@C&LvLh(!Rs%fiJ<1r~+h=@6+0?=a<dRUvD>pxEhH>2LMvQ{}nG3
zH{!+J1Mcl;Yv*x2X4qK=d4@FAxS$YqPM-VFS4b#?Rb6XrcuWscX~3$%Iq8W<kU-$^
z=*PDoE0>>G2X%&q)eI^PAnM%jxzxDW)isBB1`U==zMx-*?_bI_M&qRET&k*eIsd(|
zpuC}+x0Q#Zm9>kV=XLE;hWUm%W$}WSq}mwgbCy;zB}Aj^S=T?a7N@5z*BWvcLkcd;
zU83?o=N=55N{R}ZVanAtWK|Sxy9G&#`lIKi$3|Hi<<g{tzgr*cz(}Gv<B9rct{JbD
zHq`rokO)^_L(8y&0l$i35yx0*=o=MY)r>{Uv9V|1R(*Uc)6<mt*y4MB>G1VtTf0E3
zP{Y6JCr-tde|otRLi?{9-lX5#&co9Y?)KXSm)Za3@Gt7QI7c|uwPJWQxY$Q8jc`eH
z^&11;aREW-ZycLC^Y;i|YQX)U9FzUVG2Hgi6}?WL@Lvsa?4`Z04!*>`_G|rWC<Hng
z;%?3#Cu=5kj~f(WQf?%BdBk6a%`SANWxHHmO^5~>Iw{~+<9)rFylT9E$Bj1p=H~0^
z|El2p1*OXZ)eH7}`FV5q^<cPqB7R}wa^VI0_Xp#qr0br0WxZcO!~b2<KZVjwY1h5v
z%G-Y-=Z3U@^!=OSuABUK<$`bhuG~L4+D&QKZF%J;zkp6~UD`i64MYQkdG$Z|a{Rmu
L0iVkq0KoqN5_E2?

literal 0
HcmV?d00001

diff --git a/remote-backend/provider.tf b/remote-backend/provider.tf
new file mode 100644
index 0000000..a70e233
--- /dev/null
+++ b/remote-backend/provider.tf
@@ -0,0 +1,4 @@
+provider "aws" {
+  region  = var.AWS_REGION
+  profile = "cw-terraform"
+}
diff --git a/remote-backend/variables.tf b/remote-backend/variables.tf
new file mode 100644
index 0000000..bfe0568
--- /dev/null
+++ b/remote-backend/variables.tf
@@ -0,0 +1,18 @@
+variable "AWS_REGION" {
+  default = "us-east-1"
+}
+
+variable "s3bucketstate" {
+  type    = string
+  default = "slopedme-tf-state"
+}
+
+variable "s3bucketlogs" {
+  type    = string
+  default = "slopedme-tf-logs"
+}
+
+variable "dynamodb-terraform-table" {
+  type    = string
+  default = "terraform-dynamodb-table"
+}
diff --git a/remote-backend/versions.tf b/remote-backend/versions.tf
new file mode 100644
index 0000000..ac97c6a
--- /dev/null
+++ b/remote-backend/versions.tf
@@ -0,0 +1,4 @@
+
+terraform {
+  required_version = ">= 0.12"
+}
diff --git a/route53/outputs.tf b/route53/outputs.tf
new file mode 100644
index 0000000..2001692
--- /dev/null
+++ b/route53/outputs.tf
@@ -0,0 +1,4 @@
+output "sloped-me_hosted_zone_id" {
+  description = "DNS Zone for sloped.me"
+  value       = aws_route53_zone.sloped-me.zone_id
+}
diff --git a/route53/provider.tf b/route53/provider.tf
new file mode 100644
index 0000000..6326129
--- /dev/null
+++ b/route53/provider.tf
@@ -0,0 +1,15 @@
+provider "aws" {
+  region  = var.AWS_REGION
+  profile = "cw-terraform"
+}
+
+terraform {
+  backend "s3" {
+    profile        = "cw-terraform"
+    bucket         = "slopedme-tf-state"
+    encrypt        = true
+    dynamodb_table = "terraform-dynamodb-table"
+    region         = "us-east-1"
+    key            = "route53/terraform.tfstate"
+  }
+}
diff --git a/route53/sloped-me.tf b/route53/sloped-me.tf
new file mode 100644
index 0000000..8b575e5
--- /dev/null
+++ b/route53/sloped-me.tf
@@ -0,0 +1,87 @@
+resource "aws_route53_zone" "sloped-me" {
+    name       = "sloped.me"
+}
+resource "aws_route53_record" "sloped-me-A" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "sloped.me"
+    type    = "A"
+    records = ["104.236.108.131"]
+    ttl     = "604800"
+
+}
+
+resource "aws_route53_record" "sloped-me-MX" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "sloped.me"
+    type    = "MX"
+    records = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
+    ttl     = "604800"
+
+}
+
+resource "aws_route53_record" "sloped-me-TXT" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "sloped.me"
+    type    = "TXT"
+    records = ["v=spf1 include:spf.messagingengine.com ?all"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "wildcard-sloped-me-MX" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "*.sloped.me"
+    type    = "MX"
+    records = ["10 in1-smtp.messagingengine.com", "20 in2-smtp.messagingengine.com"]
+    ttl     = "86400"
+
+}
+
+resource "aws_route53_record" "fm1-_domainkey-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "fm1._domainkey.sloped.me"
+    type    = "CNAME"
+    records = ["fm1.sloped.me.dkim.fmhosted.com"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "fm2-_domainkey-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "fm2._domainkey.sloped.me"
+    type    = "CNAME"
+    records = ["fm2.sloped.me.dkim.fmhosted.com"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "fm3-_domainkey-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "fm3._domainkey.sloped.me"
+    type    = "CNAME"
+    records = ["fm3.sloped.me.dkim.fmhosted.com"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "www-sloped-me-CNAME" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "www.sloped.me"
+    type    = "CNAME"
+    records = ["sloped.me"]
+    ttl     = "300"
+
+}
+
+resource "aws_route53_record" "cw-sloped-me-NS" {
+    zone_id = aws_route53_zone.sloped-me.zone_id
+    name    = "cw.sloped.me"
+    type    = "NS"
+    records = [    "ns-36.awsdns-04.com",
+                    "ns-619.awsdns-13.net",
+                    "ns-1252.awsdns-28.org",
+                    "ns-1862.awsdns-40.co.uk"
+                    ]
+    ttl     = "300"
+
+}
diff --git a/route53/vars.tf b/route53/vars.tf
new file mode 100644
index 0000000..c098f9d
--- /dev/null
+++ b/route53/vars.tf
@@ -0,0 +1,8 @@
+variable "AWS_REGION" {
+  default = "us-east-1"
+}
+
+variable "ttl" {
+  default = "300"
+}
+