From 9ce0752b72c540b4d688dcdcb7baeddd2f86a709 Mon Sep 17 00:00:00 2001
From: OllieJC <5426038+OllieJC@users.noreply.github.com>
Date: Thu, 4 Jan 2024 17:16:46 +0000
Subject: [PATCH] Add webcaf DS key for DNSSEC

---
 dns/r53_2-service-security-gov-uk.tf | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/dns/r53_2-service-security-gov-uk.tf b/dns/r53_2-service-security-gov-uk.tf
index 9e70360..a49f18e 100644
--- a/dns/r53_2-service-security-gov-uk.tf
+++ b/dns/r53_2-service-security-gov-uk.tf
@@ -85,3 +85,15 @@ resource "aws_route53_record" "webcaf-delegated-zone" {
     "ns-1420.awsdns-49.org.",
   ]
 }
+
+resource "aws_route53_record" "webcaf-ds" {
+  zone_id         = aws_route53_zone.sec-gov-uk.zone_id
+  allow_overwrite = true
+  name            = "webcaf.service"
+  ttl             = local.standard_ttl
+  type            = "DS"
+
+  records = [
+    "29233 13 2 AED8C8671A3829923964BC4CD956CD4641963B768504F13C082D0A34586764F3"
+  ]
+}