Merge pull request #11 from SCT-Engineering/lb_cname

fix(dns): associate both cluster and central
SCT-Engineering · Oct 18, 2024 · efb9a71 · efb9a71
2 parents 85aa38e + 8e2950d
commit efb9a71
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -41,11 +41,15 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_route53_record.entry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_route53_vpc_association_authorization.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_vpc_association_authorization.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.central_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.central_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
 | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
-| [aws_route53_zone_association.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
-| [aws_route53_zone_association.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.central_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.central_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |

diff --git a/main.tf b/main.tf
@@ -39,11 +39,58 @@ resource "aws_route53_zone" "cluster_domain" {
   )
 }
 
+#---
+# cluster domain associations with eks vpc
+# east region
+#---
+resource "aws_route53_vpc_association_authorization" "cluster_zone_east" {
+  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.self
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-east-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+}
+
+resource "aws_route53_zone_association" "cluster_zone_east" {
+  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.route53_main_east
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-east-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+
+  depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east]
+}
+
+#-------------------------------------------------
+# west region
+#-------------------------------------------------
+resource "aws_route53_vpc_association_authorization" "cluster_zone_west" {
+  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.self
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-west-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+}
+
+resource "aws_route53_zone_association" "cluster_zone_west" {
+  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.route53_main_west
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-west-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+
+  depends_on = [aws_route53_vpc_association_authorization.cluster_zone_west]
+}
+
 #---
 # cluster domain associations with central networking account
 # east region
 #---
-resource "aws_route53_vpc_association_authorization" "self_zone_east" {
+resource "aws_route53_vpc_association_authorization" "central_zone_east" {
   count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.self
@@ -52,21 +99,21 @@ resource "aws_route53_vpc_association_authorization" "self_zone_east" {
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
-resource "aws_route53_zone_association" "self_zone_east" {
+resource "aws_route53_zone_association" "central_zone_east" {
   count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.route53_main_east
   vpc_id     = var.route53_endpoints.route53_main["us-gov-east-1"]
   vpc_region = "us-gov-east-1"
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
-  depends_on = [aws_route53_vpc_association_authorization.self_zone_east]
+  depends_on = [aws_route53_vpc_association_authorization.central_zone_east]
 }
 
 #-------------------------------------------------
 # west region
 #-------------------------------------------------
-resource "aws_route53_vpc_association_authorization" "self_zone_west" {
+resource "aws_route53_vpc_association_authorization" "central_zone_west" {
   count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.self
@@ -75,15 +122,15 @@ resource "aws_route53_vpc_association_authorization" "self_zone_west" {
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
-resource "aws_route53_zone_association" "self_zone_west" {
+resource "aws_route53_zone_association" "central_zone_west" {
   count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.route53_main_west
   vpc_id     = var.route53_endpoints.route53_main["us-gov-west-1"]
   vpc_region = "us-gov-west-1"
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
-  depends_on = [aws_route53_vpc_association_authorization.self_zone_west]
+  depends_on = [aws_route53_vpc_association_authorization.central_zone_west]
 }
 
 ###################################################################