Merge pull request #21 from SCT-Engineering/cluster_zones

Cluster zones
SCT-Engineering · Mar 6, 2026 · 70fbf9e · 70fbf9e
2 parents ecb0220 + 1ac353e
commit 70fbf9e
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 29 deletions.
diff --git a/README.md b/README.md
@@ -31,7 +31,7 @@ Change logs are auto-generated with commitizen.
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 6.0.0 |
 | <a name="provider_aws.route53_main"></a> [aws.route53\_main](#provider\_aws.route53\_main) | 6.0.0 |
 | <a name="provider_aws.route53_main_legacy"></a> [aws.route53\_main\_legacy](#provider\_aws.route53\_main\_legacy) | 6.0.0 |
-| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | 6.0.0 |
+| <a name="provider_aws.route53_self"></a> [aws.route53\_self](#provider\_aws.route53\_self) | 6.0.0 |
 | <a name="provider_null"></a> [null](#provider\_null) | 3.2.4 |
 
 ## Modules

diff --git a/dns-providers.tf b/dns-providers.tf
@@ -20,7 +20,7 @@ provider "aws" {
 }
 
 provider "aws" {
-  alias   = "self"
+  alias   = "route53_self"
   profile = var.profile
   assume_role {
     role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)

diff --git a/main.tf b/main.tf
@@ -9,6 +9,7 @@ locals {
   is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   region                     = var.region
   vpc_domain_name            = var.vpc_domain_name
+  vpc_id                     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
 }
 
 #-------------------------------------------------
@@ -21,7 +22,7 @@ resource "aws_route53_zone" "cluster_domain" {
   force_destroy = false
 
   vpc {
-    vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+    vpc_id     = local.vpc_id
     vpc_region = local.region
   }
 
@@ -44,19 +45,19 @@ resource "aws_route53_zone" "cluster_domain" {
 # east region
 #---
 resource "aws_route53_vpc_association_authorization" "cluster_zone_east" {
-  count = local.region == "us-gov-east-1" ? 1 : 0
+  count = local.region != var.region_map["east"] ? 1 : 0
 
-  provider   = aws.self
-  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+  provider   = aws.route53_self
+  vpc_id     = local.vpc_id
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "cluster_zone_east" {
-  count = local.region == "us-gov-east-1" ? 1 : 0
+  count = local.region != var.region_map["east"] ? 1 : 0
 
   provider   = aws.route53_main
-  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+  vpc_id     = local.vpc_id
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
@@ -67,19 +68,18 @@ resource "aws_route53_zone_association" "cluster_zone_east" {
 # cluster PHZ Association west region
 #-------------------------------------------------
 resource "aws_route53_vpc_association_authorization" "cluster_zone_west" {
-  count = local.region == "us-gov-west-1" ? 1 : 0
+  count = local.region != var.region_map["west"] ? 1 : 0
 
-  provider   = aws.self
-  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+  provider   = aws.route53_self
+  vpc_id     = local.vpc_id
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "cluster_zone_west" {
-  count = local.region == "us-gov-west-1" ? 1 : 0
-
+  count      = local.region != var.region_map["west"] ? 1 : 0
   provider   = aws.route53_main
-  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+  vpc_id     = local.vpc_id
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
@@ -91,15 +91,15 @@ resource "aws_route53_zone_association" "cluster_zone_west" {
 # east region
 #---
 resource "aws_route53_vpc_association_authorization" "central_zone_east" {
-  provider   = aws.self
-  vpc_id     = var.route53_endpoints.route53_main["us-gov-east-1"]
+  provider   = aws.route53_self
+  vpc_id     = var.route53_endpoints.route53_main[var.region_map["east"]]
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "central_zone_east" {
   provider   = aws.route53_main
-  vpc_id     = var.route53_endpoints.route53_main["us-gov-east-1"]
+  vpc_id     = var.route53_endpoints.route53_main[var.region_map["east"]]
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
@@ -110,15 +110,15 @@ resource "aws_route53_zone_association" "central_zone_east" {
 # west region
 #-------------------------------------------------
 resource "aws_route53_vpc_association_authorization" "central_zone_west" {
-  provider   = aws.self
-  vpc_id     = var.route53_endpoints.route53_main["us-gov-west-1"]
+  provider   = aws.route53_self
+  vpc_id     = var.route53_endpoints.route53_main[var.region_map["west"]]
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "central_zone_west" {
   provider   = aws.route53_main
-  vpc_id     = var.route53_endpoints.route53_main["us-gov-west-1"]
+  vpc_id     = var.route53_endpoints.route53_main[var.region_map["west"]]
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
@@ -130,34 +130,35 @@ resource "aws_route53_zone_association" "central_zone_west" {
 # east region
 #---
 resource "aws_route53_vpc_association_authorization" "legacy_zone_east" {
-  provider   = aws.self
-  vpc_id     = var.route53_endpoints.route53_main_legacy["us-gov-east-1"]
+  provider   = aws.route53_self
+  vpc_id     = var.route53_endpoints.route53_main_legacy[var.region_map["east"]]
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "legacy_zone_east" {
   provider   = aws.route53_main_legacy
-  vpc_id     = var.route53_endpoints.route53_main_legacy["us-gov-east-1"]
+  vpc_id     = var.route53_endpoints.route53_main_legacy[var.region_map["east"]]
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
   depends_on = [aws_route53_vpc_association_authorization.legacy_zone_east]
 }
 
 #-------------------------------------------------
+# cluster domain associations with legacy do2-gov networking
 # west region
 #-------------------------------------------------
 resource "aws_route53_vpc_association_authorization" "legacy_zone_west" {
-  provider   = aws.self
-  vpc_id     = var.route53_endpoints.route53_main_legacy["us-gov-west-1"]
+  provider   = aws.route53_self
+  vpc_id     = var.route53_endpoints.route53_main_legacy[var.region_map["west"]]
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "legacy_zone_west" {
   provider   = aws.route53_main_legacy
-  vpc_id     = var.route53_endpoints.route53_main_legacy["us-gov-west-1"]
+  vpc_id     = var.route53_endpoints.route53_main_legacy[var.region_map["west"]]
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
@@ -174,9 +175,10 @@ resource "aws_route53_record" "entry" {
   type    = "A"
 
   alias {
-    name                   = var.istio_ingress_lb.dns_name
-    zone_id                = var.istio_ingress_lb.zone_id
-    evaluate_target_health = false # scaling actions will cause dns to drop otherwise
+    name    = var.istio_ingress_lb.dns_name
+    zone_id = var.istio_ingress_lb.zone_id
+    # scaling actions will cause dns to drop otherwise
+    evaluate_target_health = false
   }
 }