AgentSkillsCN

whirlwind-networking-terraform

适用于共享网络服务的 Terraform 模块(Route 53、DNSSEC、DNS-01 角色)。适用于在此仓库中管理托管区域、域名授权、DNS 记录、DNSSEC,或针对不同环境配置 DNS-01 信任关系时使用。

SKILL.md
--- frontmatter
name: whirlwind-networking-terraform
description: Terraform modules for shared networking services (Route 53, DNSSEC, DNS-01 roles). Use when managing hosted zones, delegation, DNS records, DNSSEC, or per-environment DNS-01 trust in this repo.

Whirlwind Networking Terraform

Overview

Provide Terraform modules for shared networking, focused on Route 53 hosted zones, delegation, DNS records, DNSSEC, and per-environment DNS-01 roles.

Standard workflow

  1. Consume modules/route53-dns from Terragrunt or Terraform.
  2. Provide domain_name, project_name, and delegated zone inputs.
  3. Wire DNS-01 roles to workload account IAM role ARNs.
  4. Apply in the shared networking account via Terragrunt.

Guardrails

  • Delegated zones are environment-specific and should remain isolated.
  • DNS-01 roles must be scoped to _acme-challenge in the correct hosted zone.
  • DNSSEC requires a KMS key in us-east-1 and registrar DS record update.

References

  • references/route53-dns-module.md
  • references/dns-01-cross-account.md
  • references/route53-dns-iam.md
  • references/route53-dns-outputs.md
  • references/runbook-delegation.md
  • references/runbook-dnssec.md
  • references/route53-dns-io.md