Adding missing DNS entries

[ben851]

Summary | Résumé

We had some missing DNS entries for production, I've added them here, and propagated the equivalent ones in dev. This will also add them to staging.

Related Issues | Cartes liées

• https://app.zenhub.com/workspaces/notify-planning-core-6411dfb7c95fb80014e0cab0/issues/gh/cds-snc/notification-planning-core/36

Test instructions | Instructions pour tester la modification

TF Apply works Verify that the records are the same in SRE AWS DNS

Release Instructions | Instructions pour le déploiement

None.

Reviewer checklist | Liste de vérification du réviseur

• [ ] This PR does not break existing functionality.
• [ ] This PR does not violate GCNotify's privacy policies.
• [ ] This PR does not raise new security concerns. Refer to our GC Notify Risk Register document on our Google drive.
• [ ] This PR does not significantly alter performance.
• [ ] Additional required documentation resulting of these changes is covered (such as the README, setup instructions, a related ADR or the technical documentation).

⚠ If boxes cannot be checked off before merging the PR, they should be moved to the "Release Instructions" section with appropriate steps required to verify before release. For example, changes to celery code may require tests on staging to verify that performance has not been affected.

[github-actions[bot]]

Staging: eks

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success

Plan: 5 to add, 0 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-----------------------------------------------------------------| | add | `aws_route53_record.api-document-notification-canada-ca-cname` | | | `aws_route53_record.doc-notification-canada-ca-cname` | | | `aws_route53_record.document-notification-canada-ca-cname` | | | `aws_route53_record.documentation-notification-canada-ca-cname` | | | `aws_route53_record.notification-www-root` |

Show plan

```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_route53_record.api-document-notification-canada-ca-cname will be created + resource "aws_route53_record" "api-document-notification-canada-ca-cname" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "api.document.notification.canada.ca" + records = [ + "notification-staging-alb-1878361959.ca-central-1.elb.amazonaws.com", ] + ttl = 300 + type = "CNAME" + zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" } # aws_route53_record.doc-notification-canada-ca-cname will be created + resource "aws_route53_record" "doc-notification-canada-ca-cname" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "doc.notification.canada.ca" + records = [ + "notification-staging-alb-1878361959.ca-central-1.elb.amazonaws.com", ] + ttl = 300 + type = "CNAME" + zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" } # aws_route53_record.document-notification-canada-ca-cname will be created + resource "aws_route53_record" "document-notification-canada-ca-cname" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "document.notification.canada.ca" + records = [ + "notification-staging-alb-1878361959.ca-central-1.elb.amazonaws.com", ] + ttl = 300 + type = "CNAME" + zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" } # aws_route53_record.documentation-notification-canada-ca-cname will be created + resource "aws_route53_record" "documentation-notification-canada-ca-cname" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "documentation.notification.canada.ca" + records = [ + "notification-staging-alb-1878361959.ca-central-1.elb.amazonaws.com", ] + ttl = 300 + type = "CNAME" + zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" } # aws_route53_record.notification-www-root will be created + resource "aws_route53_record" "notification-www-root" { + allow_overwrite = (known after apply) + fqdn = (known after apply) + id = (known after apply) + name = "www.staging.notification.cdssandbox.xyz" + records = [ + "notification-staging-alb-1878361959.ca-central-1.elb.amazonaws.com", ] + ttl = 300 + type = "CNAME" + zone_id = "/hostedzone/Z04028033PLSHVOO9ZJ1Z" } Plan: 5 to add, 0 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```

Show Conftest results

```sh WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.client_vpn"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca-alt[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_alb.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.internal_alb_tls"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.notification-canada-ca"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.internal_nginx_http"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-admin"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-api"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document-api"] WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-documentation"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-cluster-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-evicted-pods[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-pods-high-cpu-warning[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-pods-high-memory-warning[0]"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-replicas-unavailable[0]"] WARN - plan.json - main - Missing Common Tags:... ```

[ben851]

LGTM but maybe @patheard could give this a once over, he did much of the existing DNS for prod.

Question: will these get created in staging too?

Yeah these will create the equivalent entries in staging. Note that when we release this to prod, it won't actually administer the active notification.canada.ca DNS zone - I have it deploying to a "dummy" DNS zone so that we can compare the two.