Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optional Email Notification #29

Open
ambsw-technology opened this issue May 4, 2020 · 2 comments
Open

Optional Email Notification #29

ambsw-technology opened this issue May 4, 2020 · 2 comments

Comments

@ambsw-technology
Copy link

I'm trying to create both a Public Hosted Zone and a Certificate at the same time. We use exports to make these values available to other templates. The catch-22 is that our domain name is currently hosted at Google Domains.

When I run the stack, the Public Zone is created. Before validation completes, I need to update my nameservers. They're already pointed to awsdns servers from the last time I tested the stack, but that doesn't appear to be enough. They actually need to be updated to the awsdns servers for the new hosted zone. Since they're in the same template, my create doesn't return to do external processing.

I understand that the goal of this package is fully automated validation, but suspending a CF create while the manual update is made is almost as valuable (and likely very common). I think the simplest approach would be an extra Custom:: step that accepts the CertificateArn, DomainName, HostedZoneId, and SnsTopicArn and sends a notification to that SNS Topic with the domain, name servers, and CNAME entries.

If your nameservers are already at AWS, you skip the step.
@mvanholsteijn
Copy link
Member

Hi @ambsw-technology, I think the best thing to do it either to :

  • to create a custom provider for DNS records in Google Cloud and add that to the CFN template
  • create the AWS zone and Google DNS record with Terraform and pass the zone identifier into your stack.

Which one would work for you best?

@ambsw-technology
Copy link
Author

I like where your head's at, but

  1. We don't use Terraform.
  2. Our Domains are registered with Google Domains which, unless something has changed, does not have an API for anything but Dynamic DNS "records". The Dynamic DNS records don't really fix the problem because you have to manually configure them in the UI before they can be updated through an API (and, obviously, I don't know the CNAME subdomain in advance to set up).

We're migrating infrastructure to AWS so the medium- to long-term solution is to transfer all of our domains to AWS. Unfortunately, I just registered a new domain for our admin space so I'm stuck in a 60-day no-transfer window.

So I 100% agree that full automation is the goal, but an email step would at least provide a stopgap solution for a provider without a Custom Provider and for DNS providers with no API support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mvanholsteijn @ambsw-technology