Last active
August 2, 2019 11:31
-
-
Save JamesWrigley/f246246e5e3eb7bd6e175abc2e82f86e to your computer and use it in GitHub Desktop.
The AWS infrastructure needed to get Discourse running on an EC2 instance, using Route53 as the DNS provider.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "aws" { | |
profile = "default" | |
region = "us-east-1" | |
version = "~> 2.17" | |
} | |
/*** EC2 - server ***/ | |
// Need to import the existing EC2 instance to get its IP address for a DNS record | |
resource "aws_instance" "discourse_host" { | |
instance_type = "t3.small" | |
ami = "ami-04681a1dbd79675a5" | |
ebs_optimized = true | |
tags = { | |
Name = "creek-server" | |
} | |
} | |
/*** SES - Simple Email Service ***/ | |
// Creates an SES domain for us to use | |
resource "aws_ses_domain_identity" "discourse_mail" { | |
domain = "discourse.jamesw.bio" | |
} | |
// Generates DKIM resources so we can sign our emails | |
resource "aws_ses_domain_dkim" "discourse_dkim" { | |
domain = "${aws_ses_domain_identity.discourse_mail.domain}" | |
} | |
/*** Route53 - DNS service ***/ | |
// This is an existing zone that was imported into Terraform | |
resource "aws_route53_zone" "discourse_zone" { | |
name = "jamesw.bio" | |
} | |
// Address record for the Discourse domain to route to the EC2 host | |
resource "aws_route53_record" "discourse_domain" { | |
zone_id = "${aws_route53_zone.discourse_zone.zone_id}" | |
name = "${aws_ses_domain_identity.discourse_mail.domain}" | |
type = "A" | |
ttl = "300" | |
records = ["${aws_instance.discourse_host.public_ip}"] | |
} | |
// A verification record so SES can verify that we control this domain | |
resource "aws_route53_record" "discourse_ses_verify" { | |
zone_id = "${aws_route53_zone.discourse_zone.zone_id}" | |
name = "_amazonses.${aws_ses_domain_identity.discourse_mail.domain}" | |
type = "TXT" | |
ttl = "600" | |
records = ["${aws_ses_domain_identity.discourse_mail.verification_token}"] | |
} | |
// DKIM records so that mail services can verify that we did indeed | |
// send our emails. | |
resource "aws_route53_record" "discourse_ses_dkim" { | |
count = 3 | |
zone_id = "${aws_route53_zone.discourse_zone.zone_id}" | |
name = "${element(aws_ses_domain_dkim.discourse_dkim.dkim_tokens, count.index)}._domainkey.${aws_ses_domain_identity.discourse_mail.domain}" | |
type = "CNAME" | |
ttl = "600" | |
records = ["${element(aws_ses_domain_dkim.discourse_dkim.dkim_tokens, count.index)}.dkim.amazonses.com"] | |
} | |
// And an SPF record to satisfy Discourse | |
resource "aws_route53_record" "discourse_ses_spf" { | |
zone_id = "${aws_route53_zone.discourse_zone.zone_id}" | |
name = "" | |
type = "TXT" | |
ttl = "600" | |
records = ["v=spf1 include:amazonses.com ~all"] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment