From 8e2950da7ffede27f7b6e2632f967a60f40d4b10 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 17 Oct 2024 23:09:34 -0400
Subject: [PATCH] fix(dns): associate both cluster and central

---
 README.md | 12 +++++++----
 main.tf   | 59 +++++++++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 61 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index ad16714..182914d 100644
--- a/README.md
+++ b/README.md
@@ -41,11 +41,15 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_route53_record.entry](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_route53_vpc_association_authorization.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_vpc_association_authorization.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.central_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.central_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
 | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
-| [aws_route53_zone_association.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
-| [aws_route53_zone_association.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.central_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.central_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.cluster_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.cluster_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
diff --git a/main.tf b/main.tf
index d570b4c..d0578de 100644
--- a/main.tf
+++ b/main.tf
@@ -39,11 +39,58 @@ resource "aws_route53_zone" "cluster_domain" {
   )
 }
 
+#---
+# cluster domain associations with eks vpc
+# east region
+#---
+resource "aws_route53_vpc_association_authorization" "cluster_zone_east" {
+  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.self
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-east-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+}
+
+resource "aws_route53_zone_association" "cluster_zone_east" {
+  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.route53_main_east
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-east-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+
+  depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east]
+}
+
+#-------------------------------------------------
+# west region
+#-------------------------------------------------
+resource "aws_route53_vpc_association_authorization" "cluster_zone_west" {
+  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.self
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-west-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+}
+
+resource "aws_route53_zone_association" "cluster_zone_west" {
+  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+
+  provider   = aws.route53_main_west
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-west-1"
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+
+  depends_on = [aws_route53_vpc_association_authorization.cluster_zone_west]
+}
+
 #---
 # cluster domain associations with central networking account
 # east region
 #---
-resource "aws_route53_vpc_association_authorization" "self_zone_east" {
+resource "aws_route53_vpc_association_authorization" "central_zone_east" {
   count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.self
@@ -52,7 +99,7 @@ resource "aws_route53_vpc_association_authorization" "self_zone_east" {
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
-resource "aws_route53_zone_association" "self_zone_east" {
+resource "aws_route53_zone_association" "central_zone_east" {
   count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.route53_main_east
@@ -60,13 +107,13 @@ resource "aws_route53_zone_association" "self_zone_east" {
   vpc_region = "us-gov-east-1"
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
-  depends_on = [aws_route53_vpc_association_authorization.self_zone_east]
+  depends_on = [aws_route53_vpc_association_authorization.central_zone_east]
 }
 
 #-------------------------------------------------
 # west region
 #-------------------------------------------------
-resource "aws_route53_vpc_association_authorization" "self_zone_west" {
+resource "aws_route53_vpc_association_authorization" "central_zone_west" {
   count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.self
@@ -75,7 +122,7 @@ resource "aws_route53_vpc_association_authorization" "self_zone_west" {
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
-resource "aws_route53_zone_association" "self_zone_west" {
+resource "aws_route53_zone_association" "central_zone_west" {
   count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
 
   provider   = aws.route53_main_west
@@ -83,7 +130,7 @@ resource "aws_route53_zone_association" "self_zone_west" {
   vpc_region = "us-gov-west-1"
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
-  depends_on = [aws_route53_vpc_association_authorization.self_zone_west]
+  depends_on = [aws_route53_vpc_association_authorization.central_zone_west]
 }
 
 ###################################################################