markuman/route53_dnssec.py

## route53_dnssec.py
w#!/usr/bin/python


DOCUMENTATION = '''
enable dnssec for public dns zone
'''

EXAMPLES = '''
- name: enable dnssec
  route53_dnssec:
    zone: zone_id
    kms: "{{ lookup('kms_arn', 'alias/dnssec', region='us-east-1') }}"
    state: enable
'''

from ansible.module_utils.basic import *
import boto3

def main():
    module = AnsibleModule(
        argument_spec = dict(
            zone = dict(type='str'),
            kms = dict(type='str'),
            state = dict(type='str', choices=['enable'])
        )
    )

    zone = module.params.get('zone')
    kms = module.params.get('kms')
    state = module.params.get('state')
    route53 = boto3.client('route53')

    if state == 'enable':

        response = route53.get_dnssec(
            HostedZoneId=zone
        )

        if response['Status']['ServeSignature'] != 'NOT_SIGNING':
            module.exit_json(changed=False, message='already enabled', details=response)
        else:
            response_ksk = route53.create_key_signing_key(
                CallerReference='enables-by-ansible',
                HostedZoneId=zone,
                KeyManagementServiceArn=kms,
                Name=zone + '_dnssec',
                Status='ACTIVE'
            )

            response_zone = route53.enable_hosted_zone_dnssec(
                HostedZoneId=zone
            )

            module.exit_json(changed=True, message='enabled', details=response_zone)


if __name__ == '__main__':
    main()
	w#!/usr/bin/python


	DOCUMENTATION = '''
	enable dnssec for public dns zone
	'''

	EXAMPLES = '''
	- name: enable dnssec
	route53_dnssec:
	zone: zone_id
	kms: "{{ lookup('kms_arn', 'alias/dnssec', region='us-east-1') }}"
	state: enable
	'''

	from ansible.module_utils.basic import *
	import boto3

	def main():
	module = AnsibleModule(
	argument_spec = dict(
	zone = dict(type='str'),
	kms = dict(type='str'),
	state = dict(type='str', choices=['enable'])
	)
	)

	zone = module.params.get('zone')
	kms = module.params.get('kms')
	state = module.params.get('state')
	route53 = boto3.client('route53')

	if state == 'enable':

	response = route53.get_dnssec(
	HostedZoneId=zone
	)

	if response['Status']['ServeSignature'] != 'NOT_SIGNING':
	module.exit_json(changed=False, message='already enabled', details=response)
	else:
	response_ksk = route53.create_key_signing_key(
	CallerReference='enables-by-ansible',
	HostedZoneId=zone,
	KeyManagementServiceArn=kms,
	Name=zone + '_dnssec',
	Status='ACTIVE'
	)

	response_zone = route53.enable_hosted_zone_dnssec(
	HostedZoneId=zone
	)

	module.exit_json(changed=True, message='enabled', details=response_zone)


	if __name__ == '__main__':
	main()