add heritage record only

CHANGELOG.md

@@ -18,3 +18,6 @@
 
 * 1.1.0 -- 2024-10-17
   - add zone_id to allow it to take a zone id directly vs from a lookup
+
+* 1.2.0 -- 2025-03-07
+  - create heritage submodule

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.1.0"
+  _module_version = "1.2.0"
 }

heritage/README.md

@@ -0,0 +1,124 @@
+# About
+
+This submodule creates a heritage record (txt) of the fully qualified domain name (FQDN) selected in `name`.  The zone
+is calculcated by splitting after the first dot.  If the zone does not exist in Route 53, and the zone is not associated
+with the VPC in which this is executed, you will get an error such as this:
+
+```script
+Error: no matching Route53Zone found
+
+  with module.lakefront_cname_test.data.aws_route53_zone.zone,
+  on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+   2: data "aws_route53_zone" "zone" {
+```
+
+You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+all zones where DNS entries are permitted are already associated with the appropriate VPCs.  Under normal conditions,
+you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+
+The record(s) created use a default TTL of 900.  You may change this with the `ttl` option.
+
+This creates what we call a heritage record. This is an indication of _what_ thing created the record, and when.  It is added by
+the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+
+The record looks like:
+
+```console
+% dig +short in txt _txt.lakefront.dev.edl.census.gov
+_txt.lakefront.dev.edl.census.gov. 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130"
+```
+
+The fields/key-value pairs are
+
+| name | description |
+|------|-------------|
+| heritage=terraform | primary label indicating all other values will be use \_terraform\_/ as a prefix |
+| {label}/{key}={value} | label (above); key and value (below) |
+| account\_id | AWS Account ID |
+| region | AWS Region where this has been created |
+| create\_time | Unix epoch time on creation of this and the associated record |
+
+You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map:
+
+```hcl
+  heritage_tags = {
+    alb_id = aws_lb.my_lb.id
+  }
+```
+
+Be sure not to use an ARN as a value, and avoid values which change frequently.
+
+# Usage
+## Simple, using vpc\_domain\_name from parent
+
+```hcl
+module "my_heritage" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-dns//heritage"
+
+  name    = format("%v.%v", local.app_shortname, var.vpc_domain_name)
+  record_type = "cname"
+}
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.60.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | 0.9.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [time_static.timestamp](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source |
+| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_availability_zones"></a> [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no |
+| <a name="input_enable_heritage"></a> [enable\_heritage](#input\_enable\_heritage) | Flag to enable or disable creation a TXT record for heritage.  For CNAMEs, it uses a prefix of \_txt on the name | `bool` | `true` | no |
+| <a name="input_enable_ptr"></a> [enable\_ptr](#input\_enable\_ptr) | Flag to enable or disable creation of a PTR record.  Used for type ptr and host | `bool` | `null` | no |
+| <a name="input_heritage_tags"></a> [heritage\_tags](#input\_heritage\_tags) | Map of key/value pairs to set into the heritage. These should be static so as not to update the heritage TXT record frequently | `map(string)` | `{}` | no |
+| <a name="input_name"></a> [name](#input\_name) | FQDN DNS name to create.  If the zone (everything after the first dot) does not exist or is not associated to the VPC, this creation will fail. | `string` | n/a | yes |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_zone"></a> [private\_zone](#input\_private\_zone) | Flag indicating public or private zone.  Assumes private by default, and can set public only for non-gov region | `bool` | `true` | no |
+| <a name="input_record_type"></a> [record\_type](#input\_record\_type) | Type of DNS record to create: cname, a, aaaa, ptr, txt, host (ptr and a and/or aaaa) | `string` | `"host"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
+| <a name="input_ttl"></a> [ttl](#input\_ttl) | DNS RR Time To Live (ttl).  Default 900s (15m). | `number` | `900` | no |
+| <a name="input_values"></a> [values](#input\_values) | DNS value to set for the name.  May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+| <a name="input_zone"></a> [zone](#input\_zone) | DNS Zone into which to create the record.  By default, it will extract this from the name after the first dot. | `string` | `null` | no |
+| <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | DNS Zone ID into which to create the record. | `string` | `null` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_availability_zone_ids"></a> [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list |
+| <a name="output_availability_zone_names"></a> [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list |
+| <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
+| <a name="output_heritage_name"></a> [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled |
+| <a name="output_name"></a> [name](#output\_name) | DNS Name created (same as what was provided) |
+| <a name="output_timestamp"></a> [timestamp](#output\_timestamp) | Record creation Unix timestamp (from heritage records) |

heritage/availabilty_zones.tf

@@ -0,0 +1 @@
+../common/availabilty_zones.tf

heritage/common.tf

@@ -0,0 +1 @@
+../common/common.tf

heritage/data.tf

@@ -0,0 +1 @@
+../common/data.tf

heritage/defaults.tf

@@ -0,0 +1 @@
+../common/defaults.tf

heritage/entry_heritage.tf

@@ -0,0 +1 @@
+../common/entry_heritage.tf

heritage/heritage_tags.tf

@@ -0,0 +1 @@
+../common/heritage_tags.tf

heritage/main.tf

@@ -0,0 +1,68 @@
+/* aws-dns :: heritage
+* # About
+*
+* This submodule creates a heritage record (txt) of the fully qualified domain name (FQDN) selected in `name`.  The zone
+* is calculcated by splitting after the first dot.  If the zone does not exist in Route 53, and the zone is not associated
+* with the VPC in which this is executed, you will get an error such as this:
+* 
+* ```script
+* Error: no matching Route53Zone found
+* 
+*   with module.lakefront_cname_test.data.aws_route53_zone.zone,
+*   on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone":
+*    2: data "aws_route53_zone" "zone" {
+* ```
+* 
+* You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking,
+* all zones where DNS entries are permitted are already associated with the appropriate VPCs.  Under normal conditions,
+* you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)).
+* 
+* The record(s) created use a default TTL of 900.  You may change this with the `ttl` option.
+* 
+* This creates what we call a heritage record. This is an indication of _what_ thing created the record, and when.  It is added by
+* the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details.
+* 
+* The record looks like:
+* 
+* ```console
+* % dig +short in txt _txt.lakefront.dev.edl.census.gov
+* _txt.lakefront.dev.edl.census.gov. 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130"
+* ```
+* 
+* The fields/key-value pairs are
+* 
+* | name | description |
+* |------|-------------|
+* | heritage=terraform | primary label indicating all other values will be use _terraform_/ as a prefix |
+* | {label}/{key}={value} | label (above); key and value (below) |
+* | account_id | AWS Account ID |
+* | region | AWS Region where this has been created |
+* | create_time | Unix epoch time on creation of this and the associated record |
+* 
+* You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map:
+* 
+* ```hcl
+*   heritage_tags = {
+*     alb_id = aws_lb.my_lb.id
+*   }
+* ```
+* 
+* Be sure not to use an ARN as a value, and avoid values which change frequently.
+*
+* # Usage
+* ## Simple, using vpc_domain_name from parent
+*
+* ```hcl
+* module "my_heritage" {
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//heritage"
+* 
+*   name    = format("%v.%v", local.app_shortname, var.vpc_domain_name)
+*   record_type = "cname"
+* }
+* ```
+*/
+
+locals {
+  record_type = "txt"
+  values      = [local.default_values[0]]
+}

heritage/output.tf

@@ -0,0 +1,9 @@
+output "name" {
+  description = "DNS Name created (same as what was provided)"
+  value       = var.name
+}
+
+output "heritage_name" {
+  description = "DNS Name created for the heritage record, if enabled"
+  value       = try(aws_route53_record.entry_heritage[0].name, null)
+}

heritage/output.timestamp.tf

@@ -0,0 +1 @@
+../common/output.timestamp.tf

heritage/prefixes.tf

@@ -0,0 +1 @@
+../common/prefixes.tf

heritage/variables.common.availability_zones.tf

@@ -0,0 +1 @@
+../common/variables.common.availability_zones.tf

heritage/variables.common.tf

@@ -0,0 +1 @@
+../common/variables.common.tf

heritage/variables.tf

@@ -0,0 +1 @@
+../common/variables.tf

heritage/version.tf

@@ -0,0 +1 @@
+../common/version.tf

heritage/versions.tf

@@ -0,0 +1 @@
+../common/versions.tf

heritage/zone_forward.tf

@@ -0,0 +1 @@
+../common/zone_forward.tf