From 49b7875aed0be3869881e3429aeca5e983e55743 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 23 Jan 2026 19:29:12 -0500 Subject: [PATCH 1/2] fix(main.tf) no need to associate with local dummy vpc --- README.md | 4 +-- dns-providers.tf | 2 +- main.tf | 80 +++++++++++++++++++++++++----------------------- 3 files changed, 43 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index 6f2611c..ee88629 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Change logs are auto-generated with commitizen. | [aws](#provider\_aws) | 6.0.0 | | [aws.route53\_main](#provider\_aws.route53\_main) | 6.0.0 | | [aws.route53\_main\_legacy](#provider\_aws.route53\_main\_legacy) | 6.0.0 | -| [aws.self](#provider\_aws.self) | 6.0.0 | +| [aws.route53\_self](#provider\_aws.route53\_self) | 6.0.0 | | [null](#provider\_null) | 3.2.4 | ## Modules @@ -52,8 +52,6 @@ No modules. | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | | [aws_route53_zone_association.central_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.central_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | -| [aws_route53_zone_association.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | -| [aws_route53_zone_association.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.legacy_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.legacy_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | diff --git a/dns-providers.tf b/dns-providers.tf index 20eec5a..0039e63 100644 --- a/dns-providers.tf +++ b/dns-providers.tf @@ -20,7 +20,7 @@ provider "aws" { } provider "aws" { - alias = "self" + alias = "route53_self" profile = var.profile assume_role { role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id) diff --git a/main.tf b/main.tf index f3efd4f..996a30b 100644 --- a/main.tf +++ b/main.tf @@ -9,6 +9,7 @@ locals { is_shared_vpc = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id region = var.region vpc_domain_name = var.vpc_domain_name + vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id } #------------------------------------------------- @@ -21,7 +22,7 @@ resource "aws_route53_zone" "cluster_domain" { force_destroy = false vpc { - vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id + vpc_id = local.vpc_id vpc_region = local.region } @@ -44,62 +45,61 @@ resource "aws_route53_zone" "cluster_domain" { # east region #--- resource "aws_route53_vpc_association_authorization" "cluster_zone_east" { - count = local.region == "us-gov-east-1" ? 1 : 0 + count = local.region == var.region_map["east"] ? 1 : 0 - provider = aws.self - vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id + provider = aws.route53_self + vpc_id = local.vpc_id vpc_region = var.region_map["east"] zone_id = aws_route53_zone.cluster_domain.zone_id } -resource "aws_route53_zone_association" "cluster_zone_east" { - count = local.region == "us-gov-east-1" ? 1 : 0 +# resource "aws_route53_zone_association" "cluster_zone_east" { +# count = local.region == var.region_map["east"] ? 1 : 0 - provider = aws.route53_main - vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id - vpc_region = var.region_map["east"] - zone_id = aws_route53_zone.cluster_domain.zone_id +# provider = aws.route53_main +# vpc_id = local.vpc_id +# vpc_region = var.region_map["east"] +# zone_id = aws_route53_zone.cluster_domain.zone_id - depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east] -} +# depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east] +# } #------------------------------------------------- # cluster PHZ Association west region #------------------------------------------------- resource "aws_route53_vpc_association_authorization" "cluster_zone_west" { - count = local.region == "us-gov-west-1" ? 1 : 0 + count = local.region == var.region_map["west"] ? 1 : 0 - provider = aws.self - vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id + provider = aws.route53_self + vpc_id = local.vpc_id vpc_region = var.region_map["west"] zone_id = aws_route53_zone.cluster_domain.zone_id } -resource "aws_route53_zone_association" "cluster_zone_west" { - count = local.region == "us-gov-west-1" ? 1 : 0 - - provider = aws.route53_main - vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id - vpc_region = var.region_map["west"] - zone_id = aws_route53_zone.cluster_domain.zone_id +# resource "aws_route53_zone_association" "cluster_zone_west" { +# count = local.region == var.region_map["west"] ? 1 : 0 +# provider = aws.route53_main +# vpc_id = local.vpc_id +# vpc_region = var.region_map["west"] +# zone_id = aws_route53_zone.cluster_domain.zone_id - depends_on = [aws_route53_vpc_association_authorization.cluster_zone_west] -} +# depends_on = [aws_route53_vpc_association_authorization.cluster_zone_west] +# } #--- # cluster domain associations with central networking account # east region #--- resource "aws_route53_vpc_association_authorization" "central_zone_east" { - provider = aws.self - vpc_id = var.route53_endpoints.route53_main["us-gov-east-1"] + provider = aws.route53_self + vpc_id = var.route53_endpoints.route53_main[var.region_map["east"]] vpc_region = var.region_map["east"] zone_id = aws_route53_zone.cluster_domain.zone_id } resource "aws_route53_zone_association" "central_zone_east" { provider = aws.route53_main - vpc_id = var.route53_endpoints.route53_main["us-gov-east-1"] + vpc_id = var.route53_endpoints.route53_main[var.region_map["east"]] vpc_region = var.region_map["east"] zone_id = aws_route53_zone.cluster_domain.zone_id @@ -110,15 +110,15 @@ resource "aws_route53_zone_association" "central_zone_east" { # west region #------------------------------------------------- resource "aws_route53_vpc_association_authorization" "central_zone_west" { - provider = aws.self - vpc_id = var.route53_endpoints.route53_main["us-gov-west-1"] + provider = aws.route53_self + vpc_id = var.route53_endpoints.route53_main[var.region_map["west"]] vpc_region = var.region_map["west"] zone_id = aws_route53_zone.cluster_domain.zone_id } resource "aws_route53_zone_association" "central_zone_west" { provider = aws.route53_main - vpc_id = var.route53_endpoints.route53_main["us-gov-west-1"] + vpc_id = var.route53_endpoints.route53_main[var.region_map["west"]] vpc_region = var.region_map["west"] zone_id = aws_route53_zone.cluster_domain.zone_id @@ -130,15 +130,15 @@ resource "aws_route53_zone_association" "central_zone_west" { # east region #--- resource "aws_route53_vpc_association_authorization" "legacy_zone_east" { - provider = aws.self - vpc_id = var.route53_endpoints.route53_main_legacy["us-gov-east-1"] + provider = aws.route53_self + vpc_id = var.route53_endpoints.route53_main_legacy[var.region_map["east"]] vpc_region = var.region_map["east"] zone_id = aws_route53_zone.cluster_domain.zone_id } resource "aws_route53_zone_association" "legacy_zone_east" { provider = aws.route53_main_legacy - vpc_id = var.route53_endpoints.route53_main_legacy["us-gov-east-1"] + vpc_id = var.route53_endpoints.route53_main_legacy[var.region_map["east"]] vpc_region = var.region_map["east"] zone_id = aws_route53_zone.cluster_domain.zone_id @@ -146,18 +146,19 @@ resource "aws_route53_zone_association" "legacy_zone_east" { } #------------------------------------------------- +# cluster domain associations with legacy do2-gov networking # west region #------------------------------------------------- resource "aws_route53_vpc_association_authorization" "legacy_zone_west" { - provider = aws.self - vpc_id = var.route53_endpoints.route53_main_legacy["us-gov-west-1"] + provider = aws.route53_self + vpc_id = var.route53_endpoints.route53_main_legacy[var.region_map["west"]] vpc_region = var.region_map["west"] zone_id = aws_route53_zone.cluster_domain.zone_id } resource "aws_route53_zone_association" "legacy_zone_west" { provider = aws.route53_main_legacy - vpc_id = var.route53_endpoints.route53_main_legacy["us-gov-west-1"] + vpc_id = var.route53_endpoints.route53_main_legacy[var.region_map["west"]] vpc_region = var.region_map["west"] zone_id = aws_route53_zone.cluster_domain.zone_id @@ -174,9 +175,10 @@ resource "aws_route53_record" "entry" { type = "A" alias { - name = var.istio_ingress_lb.dns_name - zone_id = var.istio_ingress_lb.zone_id - evaluate_target_health = false # scaling actions will cause dns to drop otherwise + name = var.istio_ingress_lb.dns_name + zone_id = var.istio_ingress_lb.zone_id + # scaling actions will cause dns to drop otherwise + evaluate_target_health = false } } From 1ac353e5b91a338d245d59162ee73601985c3fef Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Tue, 24 Feb 2026 13:10:28 -0500 Subject: [PATCH 2/2] fix(main.tf) create association in region cluster is not in --- README.md | 2 ++ main.tf | 36 ++++++++++++++++++------------------ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index ee88629..00c84f3 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,8 @@ No modules. | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource | | [aws_route53_zone_association.central_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.central_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | +| [aws_route53_zone_association.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | +| [aws_route53_zone_association.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.legacy_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [aws_route53_zone_association.legacy_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | | [null_resource.git_version](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | diff --git a/main.tf b/main.tf index 996a30b..7f4ee1a 100644 --- a/main.tf +++ b/main.tf @@ -45,7 +45,7 @@ resource "aws_route53_zone" "cluster_domain" { # east region #--- resource "aws_route53_vpc_association_authorization" "cluster_zone_east" { - count = local.region == var.region_map["east"] ? 1 : 0 + count = local.region != var.region_map["east"] ? 1 : 0 provider = aws.route53_self vpc_id = local.vpc_id @@ -53,22 +53,22 @@ resource "aws_route53_vpc_association_authorization" "cluster_zone_east" { zone_id = aws_route53_zone.cluster_domain.zone_id } -# resource "aws_route53_zone_association" "cluster_zone_east" { -# count = local.region == var.region_map["east"] ? 1 : 0 +resource "aws_route53_zone_association" "cluster_zone_east" { + count = local.region != var.region_map["east"] ? 1 : 0 -# provider = aws.route53_main -# vpc_id = local.vpc_id -# vpc_region = var.region_map["east"] -# zone_id = aws_route53_zone.cluster_domain.zone_id + provider = aws.route53_main + vpc_id = local.vpc_id + vpc_region = var.region_map["east"] + zone_id = aws_route53_zone.cluster_domain.zone_id -# depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east] -# } + depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east] +} #------------------------------------------------- # cluster PHZ Association west region #------------------------------------------------- resource "aws_route53_vpc_association_authorization" "cluster_zone_west" { - count = local.region == var.region_map["west"] ? 1 : 0 + count = local.region != var.region_map["west"] ? 1 : 0 provider = aws.route53_self vpc_id = local.vpc_id @@ -76,15 +76,15 @@ resource "aws_route53_vpc_association_authorization" "cluster_zone_west" { zone_id = aws_route53_zone.cluster_domain.zone_id } -# resource "aws_route53_zone_association" "cluster_zone_west" { -# count = local.region == var.region_map["west"] ? 1 : 0 -# provider = aws.route53_main -# vpc_id = local.vpc_id -# vpc_region = var.region_map["west"] -# zone_id = aws_route53_zone.cluster_domain.zone_id +resource "aws_route53_zone_association" "cluster_zone_west" { + count = local.region != var.region_map["west"] ? 1 : 0 + provider = aws.route53_main + vpc_id = local.vpc_id + vpc_region = var.region_map["west"] + zone_id = aws_route53_zone.cluster_domain.zone_id -# depends_on = [aws_route53_vpc_association_authorization.cluster_zone_west] -# } + depends_on = [aws_route53_vpc_association_authorization.cluster_zone_west] +} #--- # cluster domain associations with central networking account