Skip to content

Commit

Permalink
cname module instead of alias record
Browse files Browse the repository at this point in the history
  • Loading branch information
@morga471
morga471 committed Dec 15, 2025
1 parent 5907ae8 commit ce25ef5
Showing 1 changed file with 21 additions and 11 deletions.
32 changes: 21 additions & 11 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ resource "aws_route53_zone" "cluster_domain" {
lifecycle {
ignore_changes = [vpc]
precondition {
condition = local.is_shared_vpc && ! (var.vpc_domain_name == null || var.vpc_domain_name == "")
error_message = "var.vpc_domain_name must be provided when shared VPCs are in use."
condition = ! (var.vpc_domain_name == null || var.vpc_domain_name == "")
error_message = "var.vpc_domain_name must be provided."
}
}

Expand All @@ -45,42 +45,42 @@ resource "aws_route53_zone" "cluster_domain" {
# east region
#---
resource "aws_route53_vpc_association_authorization" "cluster_zone_east" {
count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
count = local.region == "us-gov-east-1" ? 1 : 0

provider = aws.self
vpc_id = data.aws_vpc.eks_vpc.id
vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
vpc_region = var.region_map["east"]
zone_id = aws_route53_zone.cluster_domain.zone_id
}

resource "aws_route53_zone_association" "cluster_zone_east" {
count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
count = local.region == "us-gov-east-1" ? 1 : 0

provider = aws.route53_main
vpc_id = data.aws_vpc.eks_vpc.id
vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
vpc_region = var.region_map["east"]
zone_id = aws_route53_zone.cluster_domain.zone_id

depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east]
}

#-------------------------------------------------
# west region
# cluster PHZ Association west region
#-------------------------------------------------
resource "aws_route53_vpc_association_authorization" "cluster_zone_west" {
count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
count = local.region == "us-gov-west-1" ? 1 : 0

provider = aws.self
vpc_id = data.aws_vpc.eks_vpc.id
vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
vpc_region = var.region_map["west"]
zone_id = aws_route53_zone.cluster_domain.zone_id
}

resource "aws_route53_zone_association" "cluster_zone_west" {
count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
count = local.region == "us-gov-west-1" ? 1 : 0

provider = aws.route53_main
vpc_id = data.aws_vpc.eks_vpc.id
vpc_id = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
vpc_region = var.region_map["west"]
zone_id = aws_route53_zone.cluster_domain.zone_id

Expand Down Expand Up @@ -180,3 +180,13 @@ resource "aws_route53_record" "entry" {
evaluate_target_health = true
}
}

# Equivalent module implementation
# module "istio_ingress" {
# source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"

# name = "*.${local.cluster_domain_name}"
# zone = aws_route53_zone.cluster_domain.zone_id
# values = [var.istio_ingress_lb.dns_name]
# enable_heritage = false
# }

0 comments on commit ce25ef5

Please sign in to comment.