SCT-Engineering · nangu001 · Jan 15, 2026 · Dec 15, 2025 · Dec 16, 2025
diff --git a/README.md b/README.md
@@ -67,7 +67,6 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
-| <a name="input_environment_abbr"></a> [environment\_abbr](#input\_environment\_abbr) | Environment abbreviation (ex: dev, prod) | `string` | `"lab"` | no |
 | <a name="input_istio_ingress_lb"></a> [istio\_ingress\_lb](#input\_istio\_ingress\_lb) | The istio ingress load balancer DNS. | `map(string)` | n/a | yes |
 | <a name="input_os_username"></a> [os\_username](#input\_os\_username) | OS username from environment variable, ideally as $USER | `string` | `null` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | AWS config profile | `string` | `""` | no |

diff --git a/main.tf b/main.tf
@@ -9,7 +9,6 @@ locals {
   is_shared_vpc              = data.aws_vpc.eks_vpc.owner_id != data.aws_caller_identity.current.account_id
   region                     = var.region
   vpc_domain_name            = var.vpc_domain_name
-  environment_abbr           = var.environment_abbr
 }
 
 #-------------------------------------------------
@@ -29,8 +28,8 @@ resource "aws_route53_zone" "cluster_domain" {
   lifecycle {
     ignore_changes = [vpc]
     precondition {
-      condition     = local.is_shared_vpc && ! (var.vpc_domain_name == null || var.vpc_domain_name == "")
-      error_message = "var.vpc_domain_name must be provided when shared VPCs are in use."
+      condition     = ! (var.vpc_domain_name == null || var.vpc_domain_name == "")
+      error_message = "var.vpc_domain_name must be provided."
     }
   }
 
@@ -45,42 +44,42 @@ resource "aws_route53_zone" "cluster_domain" {
 # east region
 #---
 resource "aws_route53_vpc_association_authorization" "cluster_zone_east" {
-  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+  count = local.region == "us-gov-east-1" ? 1 : 0
 
   provider   = aws.self
-  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "cluster_zone_east" {
-  count = local.region == "us-gov-east-1" && local.is_shared_vpc ? 1 : 0
+  count = local.region == "us-gov-east-1" ? 1 : 0
 
   provider   = aws.route53_main
-  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
   vpc_region = var.region_map["east"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
   depends_on = [aws_route53_vpc_association_authorization.cluster_zone_east]
 }
 
 #-------------------------------------------------
-# west region
+# cluster PHZ Association west region
 #-------------------------------------------------
 resource "aws_route53_vpc_association_authorization" "cluster_zone_west" {
-  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+  count = local.region == "us-gov-west-1" ? 1 : 0
 
   provider   = aws.self
-  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 }
 
 resource "aws_route53_zone_association" "cluster_zone_west" {
-  count = local.region == "us-gov-west-1" && local.is_shared_vpc ? 1 : 0
+  count = local.region == "us-gov-west-1" ? 1 : 0
 
   provider   = aws.route53_main
-  vpc_id     = data.aws_vpc.eks_vpc.id
+  vpc_id     = local.is_shared_vpc ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
   vpc_region = var.region_map["west"]
   zone_id    = aws_route53_zone.cluster_domain.zone_id
 
@@ -177,6 +176,16 @@ resource "aws_route53_record" "entry" {
   alias {
     name                   = var.istio_ingress_lb.dns_name
     zone_id                = var.istio_ingress_lb.zone_id
-    evaluate_target_health = true
+    evaluate_target_health = false # scaling actions will cause dns to drop otherwise
   }
 }
+
+# Equivalent module implementation
+# module "istio_ingress" {
+#   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+
+#   name = "*.${local.cluster_domain_name}"
+#   zone = aws_route53_zone.cluster_domain.zone_id
+#   values = [var.istio_ingress_lb.dns_name]
+#   enable_heritage = false
+# }
diff --git a/variables.tf b/variables.tf
@@ -49,12 +49,6 @@ variable "os_username" {
   default     = null
 }
 
-variable "environment_abbr" {
-  description = "Environment abbreviation (ex: dev, prod)"
-  type        = string
-  default     = "lab"
-}
-
 ###################################################################
 # DNS variables
 ###################################################################