Route53 zones and records design

[toshke]

Description

Currently, VPC component sets hosted zone to $EnvironmentName.$DnsDomain, and components like bastion are putting records such as bastion.$EnvironmentName.$DnsDomain

This should be flexible enough to

1. Allow optional creation of Route53 records with sane defaults
2. Allow tweaking record and zone name

in standardised format.

Proposal

Zone name

Zone name is defined in component configuration via dns_zone value, and rendered using Fn::Sub function. e.g. If dns_zone is set to nil (empty value in configuration YAML file), zone is omitted from rendering. Also, Zone resource is subject to condition of having DnsDomain parameter set.

dns_zone: $EnvironmentName.$DnsDomain

Condition('Route53ZoneGiven', FnNot(FnEquals(Ref('DnsDomain'),'')))

Route53_HostedZone('HostedZone') do
    Condition('Route53ZoneGiven')
    Name FnSub(dns_zone)
end unless (dns_zone.nil? or dns_zone.empty?)

Record name

Record name should be in dns_record or dns_record_recordname configuration value. Also, setting dns_record to null (empty value in YAML) should result in record not being rendered in cloudformation template.
e.g. for bastion

# optionally this could be dns_record_bastion
dns_record: bastion.$EnvironmentName.$DnsDomain
dns_zone: $EnvironmentName.$DnsDomain

Route53_RecordSet('BastionDNS') do
    Condition 'Route53ZoneGiven'
    HostedZoneId FnSub(dns_zone)
    Comment 'Bastion Public Record Set'
    Name FnSub(dns_record)
    Type 'A'
    TTL 60
    ResourceRecords [ Ref("BastionIPAddress") ]
end unless (dns_record.nil? or dns_record.empty?)

Passing ZoneId from VPC into other components

As theonestack/cfhighlander#27 will be merged into the main source code stream soon, there should be hard dependency between Hosted Zone and it's resource records, which can and should be implemented as autowiring of HostedZoneId output on vpc component to HostedZoneId parameter of components creating Route53 resource records.

Implementation example

theonestack/hl-component-vpc#11
theonestack/hl-component-bastion#5

[aaronwalker]

@toshke LGTM

@Guslington any feedback on the proposal? In not I'll move it to accepted

@toshke Can you raise a PR referencing the issue with your design outlined approve in a README in a folder something like 2/README.md and also update the main README.md to link to the design doc. (Basically we should follow the Jenkins JEP format I guess)

[Guslington]

@toshke @aaronwalker do we want to allow for using exiting route53 zones? With the examples provided using HostedZoneId the component would need to know both the dns_zone for the dhcp option set, as well as the hosted zone id to create the records.

I'd also like to see options for using private zones as well as Service Discovery Namespaces using the same method.

[toshke]

@Guslington

Using existing zones

This can be done by configuration below

#vpc.config.yaml - this will make zone not be created
dns_zone:

# bastion.config.yaml - hardcoded
dns_record:  bastion.$EnvironmentName.example.com

# bastion.config.yaml - parametrized
dns_record:  bastion.$EnvironmentName.example.com