From dfc16a00dcbf8c5ab3be128ac64620af66bafb6d Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 16:11:30 -0400
Subject: [PATCH 01/12] easier conditions

---
 aws_data.tf | 2 +-
 main.tf     | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/aws_data.tf b/aws_data.tf
index 81d8da8..050df9e 100644
--- a/aws_data.tf
+++ b/aws_data.tf
@@ -15,7 +15,7 @@ data "aws_arn" "current" {
 # dummy vpc, so we can associate the zone to this account
 #---
 data "aws_vpc" "dummy_vpc" {
-  count = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  count = local.is_shared_vpc ? 1 : 0
   filter {
     name   = "tag:Name"
     values = ["vpc0-dummy"]
diff --git a/main.tf b/main.tf
index 45f3bbe..282af9c 100644
--- a/main.tf
+++ b/main.tf
@@ -9,6 +9,7 @@
 locals {
   cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
   cluster_domain_name        = format("%v.%v", var.cluster_name, local.vpc_domain_name)
+  is_shared_vpc              = data.aws_vpc.vpc_id.owner_id != data.aws_caller_identity.current.account_id
   region                     = var.region
   vpc_domain_name            = var.vpc_domain_name
 }
@@ -23,14 +24,14 @@ resource "aws_route53_zone" "cluster_domain" {
   force_destroy = false
 
   vpc {
-    vpc_id     = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+    vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
     vpc_region = local.region
   }
 
   lifecycle {
     ignore_changes = [vpc]
     precondition {
-      condition     = (var.shared_vpc_label == null || var.shared_vpc_label == "") || (!(var.shared_vpc_label == null || var.shared_vpc_label == "") && !(var.vpc_domain_name == null || var.vpc_domain_name == ""))
+      condition     = (local.is_shared_vpc && !(var.vpc_domain_name == null || var.vpc_domain_name == ""))
       error_message = "var.vpc_domain_name must be provided when shared VPCs are in use."
     }
   }

From c7c1cf035f777607a15433c65e03696fc95dbf65 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 16:14:03 -0400
Subject: [PATCH 02/12] fix vpc ref

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 282af9c..a05058e 100644
--- a/main.tf
+++ b/main.tf
@@ -9,7 +9,7 @@
 locals {
   cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
   cluster_domain_name        = format("%v.%v", var.cluster_name, local.vpc_domain_name)
-  is_shared_vpc              = data.aws_vpc.vpc_id.owner_id != data.aws_caller_identity.current.account_id
+  is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   region                     = var.region
   vpc_domain_name            = var.vpc_domain_name
 }

From 6ab381e0ba01b703396109084bbd05efa58983e6 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 16:19:02 -0400
Subject: [PATCH 03/12] remove cruft

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index a05058e..a9071b1 100644
--- a/main.tf
+++ b/main.tf
@@ -57,7 +57,7 @@ module "route53_cluster_domain_east" {
   source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
   region   = "us-gov-east-1"
   vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = try([aws_route53_zone.cluster_domain.zone_id])
+  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
 
   tags = var.tags
 }

From 99316de788a8530441e7cdb4aeed7991854f9e0b Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 16:23:36 -0400
Subject: [PATCH 04/12] maybe

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index a9071b1..cc2e440 100644
--- a/main.tf
+++ b/main.tf
@@ -24,7 +24,7 @@ resource "aws_route53_zone" "cluster_domain" {
   force_destroy = false
 
   vpc {
-    vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+    vpc_id     = local.is_shared_vpc ? data.aws_vpc.dummy_vpc.id : data.aws_vpc.eks_vpc.id
     vpc_region = local.region
   }
 

From c7b3ff3e7b65c6ebe2f504592070c3ff078b71e6 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 16:25:23 -0400
Subject: [PATCH 05/12] needs this

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index cc2e440..7214301 100644
--- a/main.tf
+++ b/main.tf
@@ -24,7 +24,7 @@ resource "aws_route53_zone" "cluster_domain" {
   force_destroy = false
 
   vpc {
-    vpc_id     = local.is_shared_vpc ? data.aws_vpc.dummy_vpc.id : data.aws_vpc.eks_vpc.id
+    vpc_id     = local.is_shared_vpc ? data.aws_vpc.dummy_vpc[0].id : data.aws_vpc.eks_vpc.id
     vpc_region = local.region
   }
 

From 5a372f6ba72ef43225823ac9fd29766be0dd3bb1 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 16:32:53 -0400
Subject: [PATCH 06/12] use a local

---
 main.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 7214301..785e193 100644
--- a/main.tf
+++ b/main.tf
@@ -12,6 +12,7 @@ locals {
   is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   region                     = var.region
   vpc_domain_name            = var.vpc_domain_name
+  cluster_zone               = aws_route53_zone.cluster_domain.zone_id
 }
 
 #-------------------------------------------------
@@ -57,7 +58,7 @@ module "route53_cluster_domain_east" {
   source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
   region   = "us-gov-east-1"
   vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
+  zone_ids = [local.cluster_zone]
 
   tags = var.tags
 }
@@ -76,7 +77,7 @@ module "route53_cluster_domain_west" {
   source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
   region   = "us-gov-west-1"
   vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
+  zone_ids = [local.cluster_zone]
 
   tags = var.tags
 }

From d62c3aea500c3c7ae7c9181819c7cc81f70e0062 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 16:58:11 -0400
Subject: [PATCH 07/12] try depends_on

---
 README.md    | 1 -
 main.tf      | 6 ++++--
 variables.tf | 6 ------
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 7d5c878..bec52e7 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,6 @@ Change logs are auto-generated with commitizen.
 | <a name="input_region"></a> [region](#input\_region) | AWS config region | `string` | `""` | no |
 | <a name="input_region_map"></a> [region\_map](#input\_region\_map) | AWS region map | `map(string)` | <pre>{<br>  "east": "us-gov-east-1",<br>  "west": "us-gov-west-1"<br>}</pre> | no |
 | <a name="input_route53_endpoints"></a> [route53\_endpoints](#input\_route53\_endpoints) | Map of target route53 endpoints (for inbound) central VPCs | `map(map(string))` | <pre>{<br>  "route53_main": {<br>    "account_id": "269244441389",<br>    "alias": "lab-gov-network-nonprod",<br>    "us-gov-east-1": "vpc-070595c5b133243dd",<br>    "us-gov-west-1": "vpc-08b7b4db6a5ddf9c1"<br>  }<br>}</pre> | no |
-| <a name="input_shared_vpc_label"></a> [shared\_vpc\_label](#input\_shared\_vpc\_label) | Label to use for shared VPC for flowlogs and other things | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_domain_name"></a> [vpc\_domain\_name](#input\_vpc\_domain\_name) | The DNS domain name of the vpc the cluster is in. | `string` | n/a | yes |
 | <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
index 785e193..5f868f2 100644
--- a/main.tf
+++ b/main.tf
@@ -48,8 +48,9 @@ resource "aws_route53_zone" "cluster_domain" {
 # east region
 #---
 module "route53_cluster_domain_east" {
+  depends_on = [aws_route53_zone.cluster_domain]
 
-  count = local.region == "us-gov-east-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
   providers = {
     aws.self = aws.self
     aws.peer = aws.route53_main_east
@@ -67,8 +68,9 @@ module "route53_cluster_domain_east" {
 # west region
 #-------------------------------------------------
 module "route53_cluster_domain_west" {
+  depends_on = [aws_route53_zone.cluster_domain]
 
-  count = local.region == "us-gov-west-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
   providers = {
     aws.self = aws.self
     aws.peer = aws.route53_main_west
diff --git a/variables.tf b/variables.tf
index 72ab6a6..2336ee9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -47,12 +47,6 @@ variable "os_username" {
 # DNS variables
 ###################################################################
 
-variable "shared_vpc_label" {
-  description = "Label to use for shared VPC for flowlogs and other things"
-  type        = string
-  default     = null
-}
-
 variable "region_map" {
   description = "AWS region map"
   type        = map(string)

From e15defea7ee881455ad8945b91be827bf3f94261 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 17:22:27 -0400
Subject: [PATCH 08/12] add is_shared_vpc

---
 main.tf | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/main.tf b/main.tf
index 5f868f2..fdc58f5 100644
--- a/main.tf
+++ b/main.tf
@@ -9,10 +9,9 @@
 locals {
   cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
   cluster_domain_name        = format("%v.%v", var.cluster_name, local.vpc_domain_name)
-  is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   region                     = var.region
+  is_shared_vpc              = data.aws_vpc.vpc_id.owner_id != data.aws_caller_identity.current.account_id
   vpc_domain_name            = var.vpc_domain_name
-  cluster_zone               = aws_route53_zone.cluster_domain.zone_id
 }
 
 #-------------------------------------------------
@@ -25,14 +24,14 @@ resource "aws_route53_zone" "cluster_domain" {
   force_destroy = false
 
   vpc {
-    vpc_id     = local.is_shared_vpc ? data.aws_vpc.dummy_vpc[0].id : data.aws_vpc.eks_vpc.id
+    vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
     vpc_region = local.region
   }
 
   lifecycle {
     ignore_changes = [vpc]
     precondition {
-      condition     = (local.is_shared_vpc && !(var.vpc_domain_name == null || var.vpc_domain_name == ""))
+      condition     = local.is_shared_vpc && !(var.vpc_domain_name == null || var.vpc_domain_name == "")
       error_message = "var.vpc_domain_name must be provided when shared VPCs are in use."
     }
   }
@@ -48,7 +47,6 @@ resource "aws_route53_zone" "cluster_domain" {
 # east region
 #---
 module "route53_cluster_domain_east" {
-  depends_on = [aws_route53_zone.cluster_domain]
 
   count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
   providers = {
@@ -59,7 +57,7 @@ module "route53_cluster_domain_east" {
   source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
   region   = "us-gov-east-1"
   vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [local.cluster_zone]
+  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
 
   tags = var.tags
 }
@@ -68,7 +66,6 @@ module "route53_cluster_domain_east" {
 # west region
 #-------------------------------------------------
 module "route53_cluster_domain_west" {
-  depends_on = [aws_route53_zone.cluster_domain]
 
   count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
   providers = {
@@ -79,7 +76,7 @@ module "route53_cluster_domain_west" {
   source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
   region   = "us-gov-west-1"
   vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [local.cluster_zone]
+  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
 
   tags = var.tags
 }

From 56690a645bd874d3860412c9c9564559ef469b6a Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 17:25:07 -0400
Subject: [PATCH 09/12] fix vpc ref

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index fdc58f5..d93fe30 100644
--- a/main.tf
+++ b/main.tf
@@ -10,7 +10,7 @@ locals {
   cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
   cluster_domain_name        = format("%v.%v", var.cluster_name, local.vpc_domain_name)
   region                     = var.region
-  is_shared_vpc              = data.aws_vpc.vpc_id.owner_id != data.aws_caller_identity.current.account_id
+  is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   vpc_domain_name            = var.vpc_domain_name
 }
 

From fbb4ac2e0dc4988c5a4de04366d139003867e5a7 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Fri, 20 Sep 2024 17:51:26 -0400
Subject: [PATCH 10/12] trial

---
 README.md    | 1 +
 main.tf      | 5 +++--
 variables.tf | 6 ++++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bec52e7..d922c5a 100644
--- a/README.md
+++ b/README.md
@@ -49,6 +49,7 @@ Change logs are auto-generated with commitizen.
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_domain_name"></a> [vpc\_domain\_name](#input\_vpc\_domain\_name) | The DNS domain name of the vpc the cluster is in. | `string` | n/a | yes |
 | <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | n/a | yes |
+| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | zone ids to mock module call | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index d93fe30..1ab1f06 100644
--- a/main.tf
+++ b/main.tf
@@ -12,6 +12,7 @@ locals {
   region                     = var.region
   is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   vpc_domain_name            = var.vpc_domain_name
+  zone_ids                   = concat(var.zone_ids, aws_route53_zone.cluster_domain.id)
 }
 
 #-------------------------------------------------
@@ -57,7 +58,7 @@ module "route53_cluster_domain_east" {
   source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
   region   = "us-gov-east-1"
   vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
+  zone_ids = [local.zone_ids]
 
   tags = var.tags
 }
@@ -76,7 +77,7 @@ module "route53_cluster_domain_west" {
   source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
   region   = "us-gov-west-1"
   vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [aws_route53_zone.cluster_domain.zone_id]
+  zone_ids = [local.zone_ids]
 
   tags = var.tags
 }
diff --git a/variables.tf b/variables.tf
index 2336ee9..eb0613f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -65,3 +65,9 @@ variable "route53_endpoints" {
     }
   }
 }
+
+variable "zone_ids" {
+  description = "zone ids to mock module call"
+  type        = list(string)
+  default     = [""]
+}

From faf58c81a0a372df6efe512d18cdd73cd81b36a2 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Tue, 1 Oct 2024 16:49:06 -0400
Subject: [PATCH 11/12] =?UTF-8?q?=F0=9F=90=9B=20fix(dns):=20remove=20exter?=
 =?UTF-8?q?nal=20modules?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md    | 13 ++++++++-----
 main.tf      | 55 ++++++++++++++++++++++++++++++----------------------
 variables.tf |  6 ------
 3 files changed, 40 insertions(+), 34 deletions(-)

diff --git a/README.md b/README.md
index d922c5a..9521572 100644
--- a/README.md
+++ b/README.md
@@ -19,19 +19,23 @@ Change logs are auto-generated with commitizen.
 | Name | Version |
 |------|---------|
 | <a name="provider_aws"></a> [aws](#provider\_aws) | 5.68.0 |
+| <a name="provider_aws.route53_main_east"></a> [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | 5.68.0 |
+| <a name="provider_aws.route53_main_west"></a> [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | 5.68.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | 5.68.0 |
 
 ## Modules
 
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_route53_cluster_domain_east"></a> [route53\_cluster\_domain\_east](#module\_route53\_cluster\_domain\_east) | git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone | tf-upgrade |
-| <a name="module_route53_cluster_domain_west"></a> [route53\_cluster\_domain\_west](#module\_route53\_cluster\_domain\_west) | git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone | tf-upgrade |
+No modules.
 
 ## Resources
 
 | Name | Type |
 |------|------|
+| [aws_route53_vpc_association_authorization.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
 | [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
+| [aws_route53_zone_association.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
@@ -49,7 +53,6 @@ Change logs are auto-generated with commitizen.
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_vpc_domain_name"></a> [vpc\_domain\_name](#input\_vpc\_domain\_name) | The DNS domain name of the vpc the cluster is in. | `string` | n/a | yes |
 | <a name="input_vpc_name"></a> [vpc\_name](#input\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | n/a | yes |
-| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | zone ids to mock module call | `list(string)` | <pre>[<br>  ""<br>]</pre> | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index 1ab1f06..2bbcd83 100644
--- a/main.tf
+++ b/main.tf
@@ -12,7 +12,6 @@ locals {
   region                     = var.region
   is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   vpc_domain_name            = var.vpc_domain_name
-  zone_ids                   = concat(var.zone_ids, aws_route53_zone.cluster_domain.id)
 }
 
 #-------------------------------------------------
@@ -47,37 +46,47 @@ resource "aws_route53_zone" "cluster_domain" {
 # cluster domain associations with central networking account
 # east region
 #---
-module "route53_cluster_domain_east" {
+resource "aws_route53_vpc_association_authorization" "self_zone_east" {
+  depends_on = [aws_route53_zone.cluster_domain]
+  count      = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
 
-  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
-  providers = {
-    aws.self = aws.self
-    aws.peer = aws.route53_main_east
-  }
+  provider   = aws.self
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+  vpc_region = "us-gov-east-1"
+  vpc_id     = data.aws_vpc.eks_vpc.id
+}
+
+resource "aws_route53_zone_association" "self_zone_east" {
+  provider = aws.route53_main_east
+  count    = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
 
-  source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-  region   = "us-gov-east-1"
-  vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [local.zone_ids]
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-east-1"
 
-  tags = var.tags
+  depends_on = [aws_route53_vpc_association_authorization.self_zone_east]
 }
 
 #-------------------------------------------------
 # west region
 #-------------------------------------------------
-module "route53_cluster_domain_west" {
+resource "aws_route53_vpc_association_authorization" "self_zone_west" {
+  depends_on = [aws_route53_zone.cluster_domain]
+  count      = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
 
-  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
-  providers = {
-    aws.self = aws.self
-    aws.peer = aws.route53_main_west
-  }
+  provider   = aws.self
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+  vpc_region = "us-gov-west-1"
+  vpc_id     = data.aws_vpc.eks_vpc.id
+}
+
+resource "aws_route53_zone_association" "self_zone_west" {
+  provider = aws.route53_main_west
+  count    = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
 
-  source   = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-  region   = "us-gov-west-1"
-  vpc_id   = data.aws_vpc.eks_vpc.id
-  zone_ids = [local.zone_ids]
+  zone_id    = aws_route53_zone.cluster_domain.zone_id
+  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_region = "us-gov-west-1"
 
-  tags = var.tags
+  depends_on = [aws_route53_vpc_association_authorization.self_zone_west]
 }
diff --git a/variables.tf b/variables.tf
index eb0613f..2336ee9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -65,9 +65,3 @@ variable "route53_endpoints" {
     }
   }
 }
-
-variable "zone_ids" {
-  description = "zone ids to mock module call"
-  type        = list(string)
-  default     = [""]
-}

From 5e4e7f36f0f420f4a1452f92404c5f032b96f529 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Mon, 7 Oct 2024 12:58:50 -0400
Subject: [PATCH 12/12] =?UTF-8?q?=F0=9F=90=9B=20fix(regions):=20match=20ea?=
 =?UTF-8?q?st=20to=20east=20and=20west=20to=20rest?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index 2bbcd83..247359c 100644
--- a/main.tf
+++ b/main.tf
@@ -58,7 +58,7 @@ resource "aws_route53_vpc_association_authorization" "self_zone_east" {
 
 resource "aws_route53_zone_association" "self_zone_east" {
   provider = aws.route53_main_east
-  count    = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+  count    = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
 
   zone_id    = aws_route53_zone.cluster_domain.zone_id
   vpc_id     = data.aws_vpc.eks_vpc.id