Setting up secure route53 zones

[rverma-dev]

Currently ASEA have capabilities for creating route53 hosted zone , but its limited to vpc block only. Similarly we have capabilities of creating kms keys & acm certificates. Further the target of ASEA is to enforce a good level of security.

Provided this, can we tie up the functionality of creating a secure public-hosted-zone which have dnssec enabled through CMK and a default wildcard acm certificate provisioned.

[Brian969]

Worth considering! Albeit today SEA only orchestrates certificates and ALB's in the SEA home or install region (per the What we do where chart, "Other Security Capabilities" section, lines 6 & 7). This would require adding support for us-east-1 for certs, and then exploring this functionality.