feat: org formation domains (#787)

Signed-off-by: hxtree <[email protected]>
Signed-off-by: Matthew Heroux <[email protected]>

platform/aws-org-formation/README.md

@@ -1,7 +1,16 @@
 # AWS Org Formation
 
 The AWS Organization is initialized, managed, and synced using
-[AWS Organization Formation](https://github.com/org-formation/org-formation-cli).
+[org-formation-cli](https://github.com/org-formation/org-formation-cli).
+
+## Domain Registration
+
+Register a domain name through Route 53 in AWS master organization. In this
+case, `nekosgate.com` was used. Delete the hostedZone in master account as org
+formation will create one.
+
+After running `./bin/sync.sh` get the name servers for the hosted zone in master
+account and use them to update the Registered domain's nameservers in Route 53.
 
 ## Domain Registration
 
@@ -37,6 +46,12 @@ any hostedZone in master account as org formation will create one.
    org-formation update organization.yml --profile=Administrator
    ```
 
+## ACM WildCart Certs
+
+For ACM cert verification it is important to have email setup for the domain as
+to verify the domain. AWS WorkMail or other can be used for this purpose. This
+allows for the wild card certs to be verified.
+
 ## Need help?
 
 ```bash

platform/aws-org-formation/bin/templates/wildcard-certs.yml

@@ -26,7 +26,7 @@ Resources:
       DomainName: !Sub '*.${AWSAccount.Tags.subdomain}.${rootHostedZoneName}'
       SubjectAlternativeNames:
         - !Sub '${AWSAccount.Tags.subdomain}.${rootHostedZoneName}'
-      ValidationMethod: DNS
+      ValidationMethod: EMAIL
       DomainValidationOptions:
         - DomainName: !Sub '${AWSAccount.Tags.subdomain}.${rootHostedZoneName}'
           ValidationDomain: !Ref rootHostedZoneName