diff --git a/README.md b/README.md
index 33aa2f4..ce2fe87 100644
--- a/README.md
+++ b/README.md
@@ -85,18 +85,15 @@ Change logs are auto-generated with commitizen.
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.14.0 |
-| [aws.route53\_main\_east](#provider\_aws.route53\_main\_east) | >= 5.14.0 |
-| [aws.route53\_main\_west](#provider\_aws.route53\_main\_west) | >= 5.14.0 |
-| [aws.self](#provider\_aws.self) | >= 5.14.0 |
-| [null](#provider\_null) | >= 3.2.1 |
+| [aws](#provider\_aws) | 5.67.0 |
+| [null](#provider\_null) | 3.2.3 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [cloudwatch\_observability\_irsa\_role](#module\_cloudwatch\_observability\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
-| [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.24.0 |
+| [cluster](#module\_cluster) | git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git | v20.24.1 |
| [ebs\_csi\_irsa\_role](#module\_ebs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
| [efs\_csi\_irsa\_role](#module\_efs\_csi\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
| [vpc\_cni\_irsa\_role](#module\_vpc\_cni\_irsa\_role) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | n/a |
@@ -106,15 +103,9 @@ Change logs are auto-generated with commitizen.
| Name | Type |
|------|------|
| [aws_ec2_tag.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_tag) | resource |
-| [aws_route53_vpc_association_authorization.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_vpc_association_authorization.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
-| [aws_route53_zone.cluster_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
-| [aws_route53_zone_association.self_zone_east](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
-| [aws_route53_zone_association.self_zone_west](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
| [aws_security_group.additional_eks_cluster_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.all_worker_mgmt](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.allow_sidecar_injection](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
-| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
| [null_resource.kube_config_create](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
@@ -126,9 +117,7 @@ Change logs are auto-generated with commitizen.
| [aws_kms_key.ebs_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [aws_subnet.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
-| [aws_subnets.container_subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
| [aws_subnets.subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
-| [aws_vpc.dummy_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
| [aws_vpc.eks_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
## Inputs
@@ -146,18 +135,11 @@ Change logs are auto-generated with commitizen.
| [eks\_ng\_max\_size](#input\_eks\_ng\_max\_size) | Node Group maximum size | `number` | `15` | no |
| [eks\_ng\_min\_size](#input\_eks\_ng\_min\_size) | Node Group minimum size | `number` | `4` | no |
| [enable\_cluster\_creator\_admin\_permissions](#input\_enable\_cluster\_creator\_admin\_permissions) | Indicates whether or not to add the cluster creator (the identity used by Terraform) as an administrator via access entry | `bool` | `false` | no |
-| [os\_username](#input\_os\_username) | OS username from environment variable, ideally as $USER | `string` | `null` | no |
| [profile](#input\_profile) | AWS config profile | `string` | `""` | no |
-| [region](#input\_region) | AWS config region | `string` | `""` | no |
-| [region\_map](#input\_region\_map) | AWS region map | `map(string)` | {
"east": "us-gov-east-1",
"west": "us-gov-west-1"
} | no |
-| [route53\_endpoints](#input\_route53\_endpoints) | Map of target route53 endpoints (for inbound) central VPCs | `map(map(string))` | {
"route53_main": {
"account_id": "269244441389",
"alias": "lab-gov-network-nonprod",
"us-gov-east-1": "vpc-070595c5b133243dd",
"us-gov-west-1": "vpc-08b7b4db6a5ddf9c1"
}
} | no |
-| [shared\_vpc\_label](#input\_shared\_vpc\_label) | Label to use for shared VPC for flowlogs and other things | `string` | `null` | no |
| [subnets\_name](#input\_subnets\_name) | Define the name of the subnets to be used by this cluster | `string` | `"*-container-*"` | no |
| [tag\_costallocation](#input\_tag\_costallocation) | Tag CostAllocation (default) | `string` | `"csvd:infrastructure"` | no |
| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
-| [vpc\_domain\_name](#input\_vpc\_domain\_name) | The DNS domain name of the vpc the cluster is in. | `string` | n/a | yes |
| [vpc\_name](#input\_vpc\_name) | Define the VPC name that will be used by this cluster | `string` | n/a | yes |
-| [zone\_ids](#input\_zone\_ids) | List of Route53 PHZ IDs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
## Outputs
@@ -170,7 +152,6 @@ Change logs are auto-generated with commitizen.
| [cluster\_arn](#output\_cluster\_arn) | The Amazon Resource Name (ARN) of the cluster |
| [cluster\_certificate\_authority\_data](#output\_cluster\_certificate\_authority\_data) | Base64 encoded certificate data required to communicate with the cluster |
| [cluster\_endpoint](#output\_cluster\_endpoint) | Endpoint for your Kubernetes API server |
-| [cluster\_fqdn](#output\_cluster\_fqdn) | The cluster\_name.domain |
| [cluster\_iam\_role](#output\_cluster\_iam\_role) | The arn/name/unique\_id of the iam role for the cluster |
| [cluster\_id](#output\_cluster\_id) | The ID of the EKS cluster. Note: currently a value is returned only for local EKS clusters created on Outposts |
| [cluster\_identity\_providers](#output\_cluster\_identity\_providers) | Map of attribute maps for all EKS identity providers enabled |
diff --git a/dns_zones.tf b/dns_zones.tf
deleted file mode 100644
index 0c5b1fd..0000000
--- a/dns_zones.tf
+++ /dev/null
@@ -1,387 +0,0 @@
-#-------------------------------------------------
-# DNS Zone for EKS
-#-------------------------------------------------
-
-#-------------------------------------------------
-# Locals
-#-------------------------------------------------
-data "aws_subnets" "container_subnets" {
- filter {
- name = "tag:Name"
- values = [local.container_subnets_name]
- }
- filter {
- name = "vpc-id"
- values = [data.aws_vpc.eks_vpc.id]
- }
-}
-locals {
- container_subnets_name = var.subnets_name
- cluster_domain_name = format("%v.%v", var.cluster_name, var.vpc_domain_name)
- cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
- zone_ids = compact(var.zone_ids)
-}
-#-------------------------------------------------
-# Providers for Cross Account DNS Action
-#-------------------------------------------------
-provider "aws" {
- alias = "route53_main_east"
- region = var.region_map["east"]
- assume_role {
- role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
- session_name = var.os_username
- }
-}
-
-provider "aws" {
- alias = "route53_main_west"
- region = var.region_map["west"]
- assume_role {
- role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
- session_name = var.os_username
- }
-}
-
-provider "aws" {
- alias = "self"
- assume_role {
- role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
- session_name = var.os_username
- }
-}
-
-#-------------------------------------------------
-# network prod for shared vpcs zones
-#-------------------------------------------------
-
-## Associate between self (vpc8) and network-prod-west
-resource "aws_route53_vpc_association_authorization" "self_zone" {
- provider = aws.self
- for_each = toset(local.zone_ids)
- zone_id = each.key
- vpc_region = var.region_map["west"]
- vpc_id = data.aws_vpc.eks_vpc.id
-}
-
-resource "aws_route53_zone_association" "self_zone_west" {
- provider = aws.route53_main_west
- for_each = toset(local.zone_ids)
- zone_id = each.key
- vpc_id = data.aws_vpc.eks_vpc.id
- vpc_region = var.region_map["west"]
- depends_on = [aws_route53_vpc_association_authorization.self_zone]
-}
-
-## Associate between self (vpc8) and network-prod-east
-resource "aws_route53_vpc_association_authorization" "self_zone_east" {
- provider = aws.self
- for_each = toset(local.zone_ids)
- zone_id = each.key
- vpc_region = var.region_map["east"]
- vpc_id = data.aws_vpc.eks_vpc.id
-}
-
-resource "aws_route53_zone_association" "self_zone_east" {
- provider = aws.route53_main_east
- for_each = toset(local.zone_ids)
- zone_id = each.key
- vpc_id = data.aws_vpc.eks_vpc.id
- vpc_region = var.region_map["east"]
- depends_on = [aws_route53_vpc_association_authorization.self_zone]
-}
-
-resource "aws_route53_zone" "cluster_domain" {
- name = local.cluster_domain_name
- comment = local.cluster_domain_description
- force_destroy = false
- depends_on = [
- data.aws_vpc.dummy_vpc
- ]
- vpc {
- vpc_id = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, data.aws_vpc.eks_vpc.id) : data.aws_vpc.eks_vpc.id
- vpc_region = var.region
- }
-
- lifecycle {
- ignore_changes = [vpc]
- }
-
- tags = merge(
- var.tags,
- { "Name" = local.cluster_domain_name },
- )
-}
-
-## Dummy VPC
-
-#---
-# dummy vpc, so we can associate the zone to this account
-#---
-data "aws_vpc" "dummy_vpc" {
- depends_on = [aws_vpc.vpc]
- count = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
- filter {
- name = "tag:Name"
- values = ["vpc0-dummy"]
- }
-}
-
-resource "aws_vpc" "vpc" {
- cidr_block = "192.168.0.0/24"
- enable_dns_support = false
- enable_dns_hostnames = false
- tags = merge(
- var.tags,
- { "Name" = "vpc0-dummy" }
- )
-}
-
-# Tag existing subnets for EKS
-# Container subnets under data.aws_subnets.container-subnets
-# Load Balance subnets under data.aws_subnets.lb-subnets
-resource "aws_ec2_tag" "container_subnets" {
- for_each = toset(data.aws_subnets.container_subnets.ids)
- resource_id = each.value
- key = "kubernetes.io/cluster/${var.cluster_name}"
- value = "shared"
-}
-
-#### This is the correct way, it's commented because
-#### the module is throwing an error on the for_each
-#### in the module.
-# locals {
-# vpc_domain_name = var.vpc_domain_name
-# cluster_domain_name = format("%v.%v", var.cluster_name, local.vpc_domain_name)
-# cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
-# region = var.region
-# zone_ids = compact(var.zone_ids)
-# }
-
-# #---
-# # network prod
-# #---
-# provider "aws" {
-# alias = "route53_main_east"
-# region = var.region_map["east"]
-# assume_role {
-# role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
-# session_name = var.os_username
-# }
-# }
-
-# provider "aws" {
-# alias = "route53_main_west"
-# region = var.region_map["west"]
-# assume_role {
-# role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
-# session_name = var.os_username
-# }
-# }
-
-# provider "aws" {
-# alias = "self"
-# assume_role {
-# role_arn = format("arn:%v:iam::%v:role/r-inf-terraform", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
-# session_name = var.os_username
-# }
-# }
-# #---
-# # dummy vpc, so we can associate the zone to this account
-# #---
-# data "aws_vpc" "dummy_vpc" {
-# provider = aws.self
-# depends_on = [aws_vpc.vpc]
-# count = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
-# filter {
-# name = "tag:Name"
-# values = ["vpc0-dummy"]
-# }
-# filter {
-# name = "tag:eks-cluster-name"
-# values = [var.cluster_name]
-# }
-# }
-
-# ## Dummy VPC
-# resource "aws_vpc" "vpc" {
-# provider = aws.self
-# cidr_block = "192.168.0.0/24"
-# enable_dns_support = false
-# enable_dns_hostnames = false
-# tags = merge(
-# var.tags,
-# { "Name" = "vpc0-dummy" },
-# )
-# }
-
-# #---
-# # zone list
-# #---
-# data "aws_route53_zone" "zones" {
-# provider = aws.self
-# for_each = toset(local.zone_ids)
-# zone_id = each.key
-# private_zone = true
-# }
-
-# resource "aws_route53_zone" "cluster_domain" {
-# provider = aws.self
-# name = local.cluster_domain_name
-# comment = local.cluster_domain_description
-# force_destroy = false
-
-# vpc {
-# vpc_id = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
-# vpc_region = local.region
-# }
-
-# lifecycle {
-# ignore_changes = [vpc]
-# precondition {
-# condition = (var.shared_vpc_label == null || var.shared_vpc_label == "") || (!(var.shared_vpc_label == null || var.shared_vpc_label == "") && !(var.vpc_domain_name == null || var.vpc_domain_name == ""))
-# error_message = "var.vpc_domain_name must be provided when shared VPCs are in use."
-# }
-# }
-
-# tags = merge(
-# var.tags,
-# { "Name" = local.cluster_domain_name },
-# )
-# }
-
-# #---
-# # need to also associate with network-prod account and this vpc
-# #---
-# module "route53_cluster_domain_east" {
-
-# count = local.region == "us-gov-east-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
-# providers = {
-# aws.self = aws
-# aws.peer = aws.route53_main_east
-# }
-
-# source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-# region = "us-gov-east-1"
-# vpc_id = data.aws_vpc.eks_vpc.id
-# zone_ids = [aws_route53_zone.cluster_domain.zone_id]
-
-# tags = var.tags
-# }
-
-# module "route53_cluster_domain_west" {
-
-# count = local.region == "us-gov-west-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
-# providers = {
-# aws.self = aws
-# aws.peer = aws.route53_main_west
-# }
-
-# source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-# region = "us-gov-west-1"
-# vpc_id = data.aws_vpc.eks_vpc.id
-# zone_ids = [aws_route53_zone.cluster_domain.zone_id]
-
-# tags = var.tags
-# }
-
-# output "cluster_domain_name" {
-# description = "DNS Zone Name"
-# value = local.cluster_domain_name
-# }
-
-# output "cluster_domain_id" {
-# description = "DNS Zone ID"
-# value = aws_route53_zone.cluster_domain.zone_id
-# }
-
-# output "cluster_domain_ns" {
-# description = "DNS Zone Nameservers"
-# value = aws_route53_zone.cluster_domain.name_servers
-# }
-
-# #---
-# # associate to main do2-govcloud vpc1-services east and west for inbound resolution
-# # and to vpc7-endpoints in network prod
-# #---
-
-# # #---
-# # # network prod
-# # #---
-# # provider "aws" {
-# # alias = "route53_main"
-# # region = var.region_map["east"]
-# # profile = var.profile
-# # assume_role {
-# # role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
-# # session_name = var.os_username
-# # }
-# # }
-
-# # module "route53_main_east" {
-# # providers = {
-# # aws.self = aws
-# # aws.peer = aws.route53_main
-# # }
-
-# # source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-# # region = "us-gov-east-1"
-# # vpc_id = var.route53_endpoints["route53_main"]["us-gov-east-1"]
-# # zone_ids = [aws_route53_zone.cluster_domain.zone_id]
-
-# # tags = var.tags
-# # }
-
-# # module "route53_main_west" {
-# # providers = {
-# # aws.self = aws
-# # aws.peer = aws.route53_main
-# # }
-
-# # source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-# # region = "us-gov-west-1"
-# # vpc_id = var.route53_endpoints["route53_main"]["us-gov-west-1"]
-# # zone_ids = [aws_route53_zone.cluster_domain.zone_id]
-
-# # tags = var.tags
-# # }
-
-# #---
-# # do2-gov ("legacy")
-# #---
-# # provider "aws" {
-# # alias = "route53_main_legacy"
-# # region = var.region_map["east"]
-# # profile = var.profile
-# # assume_role {
-# # role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main_legacy"].account_id)
-# # session_name = var.os_username
-# # }
-# # }
-
-# # module "route53_main_legacy_east" {
-# # providers = {
-# # aws.self = aws
-# # aws.peer = aws.route53_main_legacy
-# # }
-
-# # source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-# # region = "us-gov-east-1"
-# # vpc_id = var.route53_endpoints["route53_main_legacy"]["us-gov-east-1"]
-# # zone_ids = [aws_route53_zone.cluster_domain.zone_id]
-
-# # tags = var.tags
-# # }
-
-# # module "route53_main_legacy_west" {
-# # providers = {
-# # aws.self = aws
-# # aws.peer = aws.route53_main_legacy
-# # }
-
-# # source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/zone?ref=tf-upgrade"
-# # region = "us-gov-west-1"
-# # vpc_id = var.route53_endpoints["route53_main_legacy"]["us-gov-west-1"]
-# # zone_ids = [aws_route53_zone.cluster_domain.zone_id]
-
-# # tags = var.tags
-# # }
diff --git a/main.tf b/main.tf
index 6f929ed..3ab29b3 100644
--- a/main.tf
+++ b/main.tf
@@ -36,6 +36,7 @@ locals {
"boc:created_by" = "terraform"
CostAllocation = var.tag_costallocation
}
+ max_tag_count = 45
ng_name = format("%v%v-nodegroup", local.prefixes["eks"], var.cluster_name)
subnets = [for k, v in data.aws_subnet.subnets : v.id if length(regexall("us-east-1e", v.availability_zone)) == 0]
tags = merge(local.base_tags, var.tags)
@@ -44,7 +45,7 @@ locals {
}
module "cluster" {
- source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.24.0"
+ source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.24.1"
cluster_name = var.cluster_name
cluster_version = var.cluster_version
@@ -134,6 +135,20 @@ module "cluster" {
tags = local.tags
}
+# Tag existing subnets for EKS
+resource "aws_ec2_tag" "container_subnets" {
+ for_each = data.aws_subnet.subnets
+ resource_id = each.key
+ key = "kubernetes.io/cluster/${var.cluster_name}"
+ value = "shared"
+ lifecycle {
+ precondition {
+ condition = length(each.value.tags) < local.max_tag_count
+ error_message = "Subnet has ${length(each.value.tags)} tags applied of ${local.max_tag_count} allowed."
+ }
+ }
+}
+
resource "aws_security_group_rule" "allow_sidecar_injection" {
description = "Webhook container port, from Control Plane"
protocol = "tcp"
diff --git a/outputs.tf b/outputs.tf
index 2275ab9..66a9aaa 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -40,11 +40,6 @@ output "security_group_all_worker_mgmt_id" {
value = aws_security_group.all_worker_mgmt.id
}
-output "cluster_fqdn" {
- description = "The cluster_name.domain"
- value = format("%v.%v", var.cluster_name, var.vpc_domain_name)
-}
-
################################################################################
# IRSA Roles Created
################################################################################
diff --git a/variables.tf b/variables.tf
index ee06e02..6cf7c30 100644
--- a/variables.tf
+++ b/variables.tf
@@ -32,11 +32,6 @@ variable "subnets_name" {
default = "*-container-*"
}
-variable "vpc_domain_name" {
- description = "The DNS domain name of the vpc the cluster is in."
- type = string
-}
-
variable "eks_instance_disk_size" {
description = "The size of the disk of the worker nodes in gigabytes. 40 is the approximate minimum. Needs to hold the all of the normal operating system files plus every image that will be used in the cluster."
type = number
@@ -102,50 +97,14 @@ variable "profile" {
default = ""
}
-variable "region" {
- description = "AWS config region"
- type = string
- default = ""
-}
-
-variable "os_username" {
- description = "OS username from environment variable, ideally as $USER"
- type = string
- default = null
-}
-
-###################################################################
-# DNS variables
-###################################################################
+# variable "region" {
+# description = "AWS config region"
+# type = string
+# default = ""
+# }
-
-variable "shared_vpc_label" {
- description = "Label to use for shared VPC for flowlogs and other things"
- type = string
- default = null
-}
-
-variable "region_map" {
- description = "AWS region map"
- type = map(string)
- default = { "east" : "us-gov-east-1", "west" : "us-gov-west-1" }
-}
-
-variable "route53_endpoints" {
- description = "Map of target route53 endpoints (for inbound) central VPCs"
- type = map(map(string))
- default = {
- route53_main = {
- "account_id" = "269244441389"
- "alias" = "lab-gov-network-nonprod"
- "us-gov-east-1" = "vpc-070595c5b133243dd"
- "us-gov-west-1" = "vpc-08b7b4db6a5ddf9c1"
- }
- }
-}
-
-variable "zone_ids" {
- description = "List of Route53 PHZ IDs to associate with a (local/remote) VPC"
- type = list(string)
- default = []
-}
+# variable "os_username" {
+# description = "OS username from environment variable, ideally as $USER"
+# type = string
+# default = null
+# }