From 475593bcebf13b97e3969f8899d87a8d606d52e7 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 7 Mar 2025 14:13:51 -0500 Subject: [PATCH] add heritage record only --- CHANGELOG.md | 3 + common/version.tf | 2 +- heritage/.terraform.lock.hcl | 44 +++++++ heritage/README.md | 124 ++++++++++++++++++ heritage/availabilty_zones.tf | 1 + heritage/common.tf | 1 + heritage/data.tf | 1 + heritage/defaults.tf | 1 + heritage/entry_heritage.tf | 1 + heritage/heritage_tags.tf | 1 + heritage/main.tf | 68 ++++++++++ heritage/output.tf | 9 ++ heritage/output.timestamp.tf | 1 + heritage/prefixes.tf | 1 + .../variables.common.availability_zones.tf | 1 + heritage/variables.common.tf | 1 + heritage/variables.tf | 1 + heritage/version.tf | 1 + heritage/versions.tf | 1 + heritage/zone_forward.tf | 1 + 20 files changed, 263 insertions(+), 1 deletion(-) create mode 100644 heritage/.terraform.lock.hcl create mode 100644 heritage/README.md create mode 120000 heritage/availabilty_zones.tf create mode 120000 heritage/common.tf create mode 120000 heritage/data.tf create mode 120000 heritage/defaults.tf create mode 120000 heritage/entry_heritage.tf create mode 120000 heritage/heritage_tags.tf create mode 100644 heritage/main.tf create mode 100644 heritage/output.tf create mode 120000 heritage/output.timestamp.tf create mode 120000 heritage/prefixes.tf create mode 120000 heritage/variables.common.availability_zones.tf create mode 120000 heritage/variables.common.tf create mode 120000 heritage/variables.tf create mode 120000 heritage/version.tf create mode 120000 heritage/versions.tf create mode 120000 heritage/zone_forward.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index dbadd21..b8f1ad6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,3 +18,6 @@ * 1.1.0 -- 2024-10-17 - add zone_id to allow it to take a zone id directly vs from a lookup + +* 1.2.0 -- 2025-03-07 + - create heritage submodule diff --git a/common/version.tf b/common/version.tf index 9c489cd..1ee6619 100644 --- a/common/version.tf +++ b/common/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "1.1.0" + _module_version = "1.2.0" } diff --git a/heritage/.terraform.lock.hcl b/heritage/.terraform.lock.hcl new file mode 100644 index 0000000..ab6081e --- /dev/null +++ b/heritage/.terraform.lock.hcl @@ -0,0 +1,44 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.60.0" + constraints = ">= 4.0.0" + hashes = [ + "h1:b2U4EncUaHCsQuiePo/yHZiH5ib0rx+P/qG4LC8pGlA=", + "zh:1853d6bc89e289ac36c13485e8ff877c1be8485e22f545bb32c7a30f1d1856e8", + "zh:4321d145969e3b7ede62fe51bee248a15fe398643f21df9541eef85526bf3641", + "zh:4c01189cc6963abfe724e6b289a7c06d2de9c395011d8d54efa8fe1aac444e2e", + "zh:5934db7baa2eec0f9acb9c7f1c3dd3b3fe1e67e23dd4a49e9fe327832967b32b", + "zh:5fbedf5d55c6e04e34c32b744151e514a80308e7dec633a56b852829b41e4b5a", + "zh:651558e1446cc05061b75e6f5cc6e2959feb17615cd0ace6ec7a2bcc846321c0", + "zh:76875eb697916475e554af080f9d4d3cd1f7d5d58ecdd3317a844a30980f4eec", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a52528e6d6c945a6ac45b89e9a70a5435148e4c151241e04c231dd2acc4a8c80", + "zh:af5f94c69025f1c2466a3cf970d1e9bed72938ec33b976c8c067468b6707bb57", + "zh:b6692fad956c9d4ef4266519d9ac2ee9f699f8f2c21627625c9ed63814d41590", + "zh:b74311af5fa5ac6e4eb159c12cfb380dfe2f5cd8685da2eac8073475f398ae60", + "zh:cc5aa6f738baa42edacba5ef1ca0969e5a959422e4491607255f3f6142ba90ed", + "zh:dd1a7ff1b22f0036a76bc905a8229ce7ed0a7eb5a783d3a2586fb1bd920515c3", + "zh:e5ab40c4ad0f1c7bd4d5d834d1aa144e690d1a93329d73b3d37512715a638de9", + ] +} + +provider "registry.terraform.io/hashicorp/time" { + version = "0.9.1" + hashes = [ + "h1:NUv/YtEytDQncBQ2mTxnUZEy/rmDlPYmE9h2iokR0vk=", + "zh:00a1476ecf18c735cc08e27bfa835c33f8ac8fa6fa746b01cd3bcbad8ca84f7f", + "zh:3007f8fc4a4f8614c43e8ef1d4b0c773a5de1dcac50e701d8abc9fdc8fcb6bf5", + "zh:5f79d0730fdec8cb148b277de3f00485eff3e9cf1ff47fb715b1c969e5bbd9d4", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:8c8094689a2bed4bb597d24a418bbbf846e15507f08be447d0a5acea67c2265a", + "zh:a6d9206e95d5681229429b406bc7a9ba4b2d9b67470bda7df88fa161508ace57", + "zh:aa299ec058f23ebe68976c7581017de50da6204883950de228ed9246f309e7f1", + "zh:b129f00f45fba1991db0aa954a6ba48d90f64a738629119bfb8e9a844b66e80b", + "zh:ef6cecf5f50cda971c1b215847938ced4cb4a30a18095509c068643b14030b00", + "zh:f1f46a4f6c65886d2dd27b66d92632232adc64f92145bf8403fe64d5ffa5caea", + "zh:f79d6155cda7d559c60d74883a24879a01c4d5f6fd7e8d1e3250f3cd215fb904", + "zh:fd59fa73074805c3575f08cd627eef7acda14ab6dac2c135a66e7a38d262201c", + ] +} diff --git a/heritage/README.md b/heritage/README.md new file mode 100644 index 0000000..884f550 --- /dev/null +++ b/heritage/README.md @@ -0,0 +1,124 @@ +# About + +This submodule creates a heritage record (txt) of the fully qualified domain name (FQDN) selected in `name`. The zone +is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated +with the VPC in which this is executed, you will get an error such as this: + +```script +Error: no matching Route53Zone found + + with module.lakefront_cname_test.data.aws_route53_zone.zone, + on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone": + 2: data "aws_route53_zone" "zone" { +``` + +You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking, +all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions, +you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)). + +The record(s) created use a default TTL of 900. You may change this with the `ttl` option. + +This creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by +the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details. + +The record looks like: + +```console +% dig +short in txt _txt.lakefront.dev.edl.census.gov +_txt.lakefront.dev.edl.census.gov. 900 IN TXT "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130" +``` + +The fields/key-value pairs are + +| name | description | +|------|-------------| +| heritage=terraform | primary label indicating all other values will be use \_terraform\_/ as a prefix | +| {label}/{key}={value} | label (above); key and value (below) | +| account\_id | AWS Account ID | +| region | AWS Region where this has been created | +| create\_time | Unix epoch time on creation of this and the associated record | + +You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map: + +```hcl + heritage_tags = { + alb_id = aws_lb.my_lb.id + } +``` + +Be sure not to use an ARN as a value, and avoid values which change frequently. + +# Usage +## Simple, using vpc\_domain\_name from parent + +```hcl +module "my_heritage" { + source = "git@github.e.it.census.gov:terraform-modules/aws-dns//heritage" + + name = format("%v.%v", local.app_shortname, var.vpc_domain_name) + record_type = "cname" +} +``` + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4 | +| [time](#requirement\_time) | >= 0.9.1 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | 4.60.0 | +| [time](#provider\_time) | 0.9.1 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_route53_record.entry_heritage](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource | +| [time_static.timestamp](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource | +| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_availability_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zone) | data source | +| [aws_availability_zones.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no | +| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no | +| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no | +| [enable\_heritage](#input\_enable\_heritage) | Flag to enable or disable creation a TXT record for heritage. For CNAMEs, it uses a prefix of \_txt on the name | `bool` | `true` | no | +| [enable\_ptr](#input\_enable\_ptr) | Flag to enable or disable creation of a PTR record. Used for type ptr and host | `bool` | `null` | no | +| [heritage\_tags](#input\_heritage\_tags) | Map of key/value pairs to set into the heritage. These should be static so as not to update the heritage TXT record frequently | `map(string)` | `{}` | no | +| [name](#input\_name) | FQDN DNS name to create. If the zone (everything after the first dot) does not exist or is not associated to the VPC, this creation will fail. | `string` | n/a | yes | +| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | +| [private\_zone](#input\_private\_zone) | Flag indicating public or private zone. Assumes private by default, and can set public only for non-gov region | `bool` | `true` | no | +| [record\_type](#input\_record\_type) | Type of DNS record to create: cname, a, aaaa, ptr, txt, host (ptr and a and/or aaaa) | `string` | `"host"` | no | +| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no | +| [ttl](#input\_ttl) | DNS RR Time To Live (ttl). Default 900s (15m). | `number` | `900` | no | +| [values](#input\_values) | DNS value to set for the name. May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes | +| [zone](#input\_zone) | DNS Zone into which to create the record. By default, it will extract this from the name after the first dot. | `string` | `null` | no | +| [zone\_id](#input\_zone\_id) | DNS Zone ID into which to create the record. | `string` | `null` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [availability\_zone\_ids](#output\_availability\_zone\_ids) | VPC Availability zone id list | +| [availability\_zone\_names](#output\_availability\_zone\_names) | VPC Availability zone name list | +| [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list | +| [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled | +| [name](#output\_name) | DNS Name created (same as what was provided) | +| [timestamp](#output\_timestamp) | Record creation Unix timestamp (from heritage records) | diff --git a/heritage/availabilty_zones.tf b/heritage/availabilty_zones.tf new file mode 120000 index 0000000..00a240c --- /dev/null +++ b/heritage/availabilty_zones.tf @@ -0,0 +1 @@ +../common/availabilty_zones.tf \ No newline at end of file diff --git a/heritage/common.tf b/heritage/common.tf new file mode 120000 index 0000000..6941673 --- /dev/null +++ b/heritage/common.tf @@ -0,0 +1 @@ +../common/common.tf \ No newline at end of file diff --git a/heritage/data.tf b/heritage/data.tf new file mode 120000 index 0000000..995624d --- /dev/null +++ b/heritage/data.tf @@ -0,0 +1 @@ +../common/data.tf \ No newline at end of file diff --git a/heritage/defaults.tf b/heritage/defaults.tf new file mode 120000 index 0000000..a5556ac --- /dev/null +++ b/heritage/defaults.tf @@ -0,0 +1 @@ +../common/defaults.tf \ No newline at end of file diff --git a/heritage/entry_heritage.tf b/heritage/entry_heritage.tf new file mode 120000 index 0000000..2725450 --- /dev/null +++ b/heritage/entry_heritage.tf @@ -0,0 +1 @@ +../common/entry_heritage.tf \ No newline at end of file diff --git a/heritage/heritage_tags.tf b/heritage/heritage_tags.tf new file mode 120000 index 0000000..5a0ecdc --- /dev/null +++ b/heritage/heritage_tags.tf @@ -0,0 +1 @@ +../common/heritage_tags.tf \ No newline at end of file diff --git a/heritage/main.tf b/heritage/main.tf new file mode 100644 index 0000000..1d5a766 --- /dev/null +++ b/heritage/main.tf @@ -0,0 +1,68 @@ +/* aws-dns :: heritage +* # About +* +* This submodule creates a heritage record (txt) of the fully qualified domain name (FQDN) selected in `name`. The zone +* is calculcated by splitting after the first dot. If the zone does not exist in Route 53, and the zone is not associated +* with the VPC in which this is executed, you will get an error such as this: +* +* ```script +* Error: no matching Route53Zone found +* +* with module.lakefront_cname_test.data.aws_route53_zone.zone, +* on .terraform/modules/lakefront_cname_test/cname/zone_forward.tf line 2, in data "aws_route53_zone" "zone": +* 2: data "aws_route53_zone" "zone" { +* ``` +* +* You will need to either fix the domain name (zone) or request the VPC have access to the zone. Generally speaking, +* all zones where DNS entries are permitted are already associated with the appropriate VPCs. Under normal conditions, +* you will want to use the `var.vpc_domain_name` (from the shared parent VPC), or from a `data` resource (see [example](#using-dhcp-options-data-resource)). +* +* The record(s) created use a default TTL of 900. You may change this with the `ttl` option. +* +* This creates what we call a heritage record. This is an indication of _what_ thing created the record, and when. It is added by +* the dynamic route53 Lambdas for EC2 instances, and within this module, it uses its own details. +* +* The record looks like: +* +* ```console +* % dig +short in txt _txt.lakefront.dev.edl.census.gov +* _txt.lakefront.dev.edl.census.gov. 900 IN TXT "heritage=terraform,terraform/account_id=818199694861,terraform/region=us-gov-west-1,terraform/create_time=1679501130" +* ``` +* +* The fields/key-value pairs are +* +* | name | description | +* |------|-------------| +* | heritage=terraform | primary label indicating all other values will be use _terraform_/ as a prefix | +* | {label}/{key}={value} | label (above); key and value (below) | +* | account_id | AWS Account ID | +* | region | AWS Region where this has been created | +* | create_time | Unix epoch time on creation of this and the associated record | +* +* You may add additional values here, such as an ALB ID or other useful, short values which do not change, in the `heritage_tags` map: +* +* ```hcl +* heritage_tags = { +* alb_id = aws_lb.my_lb.id +* } +* ``` +* +* Be sure not to use an ARN as a value, and avoid values which change frequently. +* +* # Usage +* ## Simple, using vpc_domain_name from parent +* +* ```hcl +* module "my_heritage" { +* source = "git@github.e.it.census.gov:terraform-modules/aws-dns//heritage" +* +* name = format("%v.%v", local.app_shortname, var.vpc_domain_name) +* record_type = "cname" +* } +* ``` +*/ + +locals { + record_type = "txt" + values = [local.default_values[0]] +} diff --git a/heritage/output.tf b/heritage/output.tf new file mode 100644 index 0000000..93df745 --- /dev/null +++ b/heritage/output.tf @@ -0,0 +1,9 @@ +output "name" { + description = "DNS Name created (same as what was provided)" + value = var.name +} + +output "heritage_name" { + description = "DNS Name created for the heritage record, if enabled" + value = try(aws_route53_record.entry_heritage[0].name, null) +} diff --git a/heritage/output.timestamp.tf b/heritage/output.timestamp.tf new file mode 120000 index 0000000..c4dc4d5 --- /dev/null +++ b/heritage/output.timestamp.tf @@ -0,0 +1 @@ +../common/output.timestamp.tf \ No newline at end of file diff --git a/heritage/prefixes.tf b/heritage/prefixes.tf new file mode 120000 index 0000000..7e265d5 --- /dev/null +++ b/heritage/prefixes.tf @@ -0,0 +1 @@ +../common/prefixes.tf \ No newline at end of file diff --git a/heritage/variables.common.availability_zones.tf b/heritage/variables.common.availability_zones.tf new file mode 120000 index 0000000..dca20a3 --- /dev/null +++ b/heritage/variables.common.availability_zones.tf @@ -0,0 +1 @@ +../common/variables.common.availability_zones.tf \ No newline at end of file diff --git a/heritage/variables.common.tf b/heritage/variables.common.tf new file mode 120000 index 0000000..7439ed8 --- /dev/null +++ b/heritage/variables.common.tf @@ -0,0 +1 @@ +../common/variables.common.tf \ No newline at end of file diff --git a/heritage/variables.tf b/heritage/variables.tf new file mode 120000 index 0000000..72202b3 --- /dev/null +++ b/heritage/variables.tf @@ -0,0 +1 @@ +../common/variables.tf \ No newline at end of file diff --git a/heritage/version.tf b/heritage/version.tf new file mode 120000 index 0000000..b83c5b7 --- /dev/null +++ b/heritage/version.tf @@ -0,0 +1 @@ +../common/version.tf \ No newline at end of file diff --git a/heritage/versions.tf b/heritage/versions.tf new file mode 120000 index 0000000..41bb22f --- /dev/null +++ b/heritage/versions.tf @@ -0,0 +1 @@ +../common/versions.tf \ No newline at end of file diff --git a/heritage/zone_forward.tf b/heritage/zone_forward.tf new file mode 120000 index 0000000..92b9dd1 --- /dev/null +++ b/heritage/zone_forward.tf @@ -0,0 +1 @@ +../common/zone_forward.tf \ No newline at end of file