update docs

CHANGELOG.md

@@ -8,3 +8,7 @@
 
 * 1.0.2 -- 2023-03-24
   - create new submodules: ptr
+
+* 1.0.3 -- 2023-04-06
+  - add zone variable, calculate if missing from everything after first dot.  Need to use
+    zone if the zone is called {domain} but the name registered is {name}.{name}.{domain}

a/README.md

@@ -85,6 +85,7 @@ The record looks like:
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_ttl"></a> [ttl](#input\_ttl) | DNS RR Time To Live (ttl).  Default 900s (15m). | `number` | `900` | no |
 | <a name="input_values"></a> [values](#input\_values) | DNS value to set for the name.  May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+| <a name="input_zone"></a> [zone](#input\_zone) | DNS Zone into which to create the record.  By default, it will extract this from the name after the first dot. | `string` | `null` | no |
 
 ## Outputs
 

a/main.tf

@@ -79,6 +79,36 @@ EXAMPLE> 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terr
 * }
 * ```
 *
+* ## Using a Zone defined in another account
+* This requires the role `r-inf-terraform-route53` be created from the Terraform module `aws-vpc-setup/route53-association/terraform-role`
+* (generally in `common/apps/route53`.  It then uses an STS AssumeRole from Terraform.  You must have the approriate permissions
+* on the source account to assume this role.
+*
+* file: provider.route53.east_ma13_gov.tf
+* ```hcl
+* provider "aws" {
+*   alias  = "east_ma13_gov"
+*   region = var.region_map["east"]
+*   assume_role {
+*     role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, "187944776148")
+*     session_name = var.os_username
+*   }
+* }
+* ```
+* 
+* file: dns.tf
+* ```hcl
+* module "db_cname" {
+*   providers = {
+*     aws = aws.east_ma13_gov
+*   }
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* 
+*   zone   = var.vpc_domain_name
+*   name   = local.app_db_dns_name
+*   values = [module.db.db_instance_address]
+* }
+* ```
 */
 
 locals {

aaaa/README.md

@@ -77,6 +77,7 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_ttl"></a> [ttl](#input\_ttl) | DNS RR Time To Live (ttl).  Default 900s (15m). | `number` | `900` | no |
 | <a name="input_values"></a> [values](#input\_values) | DNS value to set for the name.  May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+| <a name="input_zone"></a> [zone](#input\_zone) | DNS Zone into which to create the record.  By default, it will extract this from the name after the first dot. | `string` | `null` | no |
 
 ## Outputs
 

aaaa/main.tf

@@ -78,6 +78,37 @@ EXAMPLE> 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terr
 *   values  = aws_dms_replication_instance.dev.replication_instance_private_ips
 * }
 * ```
+*
+* ## Using a Zone defined in another account
+* This requires the role `r-inf-terraform-route53` be created from the Terraform module `aws-vpc-setup/route53-association/terraform-role`
+* (generally in `common/apps/route53`.  It then uses an STS AssumeRole from Terraform.  You must have the approriate permissions
+* on the source account to assume this role.
+*
+* file: provider.route53.east_ma13_gov.tf
+* ```hcl
+* provider "aws" {
+*   alias  = "east_ma13_gov"
+*   region = var.region_map["east"]
+*   assume_role {
+*     role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, "187944776148")
+*     session_name = var.os_username
+*   }
+* }
+* ```
+* 
+* file: dns.tf
+* ```hcl
+* module "db_cname" {
+*   providers = {
+*     aws = aws.east_ma13_gov
+*   }
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* 
+*   zone   = var.vpc_domain_name
+*   name   = local.app_db_dns_name
+*   values = [module.db.db_instance_address]
+* }
+* ```
 */
 
 locals {

cname/README.md

@@ -112,6 +112,7 @@ No modules.
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_ttl"></a> [ttl](#input\_ttl) | DNS RR Time To Live (ttl).  Default 900s (15m). | `number` | `900` | no |
 | <a name="input_values"></a> [values](#input\_values) | DNS value to set for the name.  May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+| <a name="input_zone"></a> [zone](#input\_zone) | DNS Zone into which to create the record.  By default, it will extract this from the name after the first dot. | `string` | `null` | no |
 
 ## Outputs
 
@@ -122,3 +123,4 @@ No modules.
 | <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
 | <a name="output_heritage_name"></a> [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled |
 | <a name="output_name"></a> [name](#output\_name) | DNS Name created (same as what was provided) |
+| <a name="output_timestamp"></a> [timestamp](#output\_timestamp) | Record creation Unix timestamp (from heritage records) |

cname/main.tf

@@ -80,6 +80,36 @@
 * }
 * ```
 *
+* ## Using a Zone defined in another account
+* This requires the role `r-inf-terraform-route53` be created from the Terraform module `aws-vpc-setup/route53-association/terraform-role`
+* (generally in `common/apps/route53`.  It then uses an STS AssumeRole from Terraform.  You must have the approriate permissions
+* on the source account to assume this role.
+*
+* file: provider.route53.east_ma13_gov.tf
+* ```hcl
+* provider "aws" {
+*   alias  = "east_ma13_gov"
+*   region = var.region_map["east"]
+*   assume_role {
+*     role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, "187944776148")
+*     session_name = var.os_username
+*   }
+* }
+* ```
+* 
+* file: dns.tf
+* ```hcl
+* module "db_cname" {
+*   providers = {
+*     aws = aws.east_ma13_gov
+*   }
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* 
+*   zone   = var.vpc_domain_name
+*   name   = local.app_db_dns_name
+*   values = [module.db.db_instance_address]
+* }
+* ```
 */
 
 locals {

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.0.2"
+  _module_version = "1.0.3"
 }

host/README.md

@@ -86,6 +86,7 @@ The record looks like:
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_ttl"></a> [ttl](#input\_ttl) | DNS RR Time To Live (ttl).  Default 900s (15m). | `number` | `900` | no |
 | <a name="input_values"></a> [values](#input\_values) | DNS value to set for the name.  May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+| <a name="input_zone"></a> [zone](#input\_zone) | DNS Zone into which to create the record.  By default, it will extract this from the name after the first dot. | `string` | `null` | no |
 
 ## Outputs
 
@@ -96,3 +97,4 @@ The record looks like:
 | <a name="output_availability_zone_suffixes"></a> [availability\_zone\_suffixes](#output\_availability\_zone\_suffixes) | VPC Availability zone suffix list |
 | <a name="output_heritage_name"></a> [heritage\_name](#output\_heritage\_name) | DNS Name created for the heritage record, if enabled |
 | <a name="output_name"></a> [name](#output\_name) | DNS Name created (same as what was provided) |
+| <a name="output_timestamp"></a> [timestamp](#output\_timestamp) | Record creation Unix timestamp (from heritage records) |

host/main.tf

@@ -78,6 +78,36 @@ EXAMPLE> 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terr
 *   values  = aws_dms_replication_instance.dev.replication_instance_private_ips
 * }
 * ```
+* ## Using a Zone defined in another account
+* This requires the role `r-inf-terraform-route53` be created from the Terraform module `aws-vpc-setup/route53-association/terraform-role`
+* (generally in `common/apps/route53`.  It then uses an STS AssumeRole from Terraform.  You must have the approriate permissions
+* on the source account to assume this role.
+*
+* file: provider.route53.east_ma13_gov.tf
+* ```hcl
+* provider "aws" {
+*   alias  = "east_ma13_gov"
+*   region = var.region_map["east"]
+*   assume_role {
+*     role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, "187944776148")
+*     session_name = var.os_username
+*   }
+* }
+* ```
+* 
+* file: dns.tf
+* ```hcl
+* module "db_cname" {
+*   providers = {
+*     aws = aws.east_ma13_gov
+*   }
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* 
+*   zone   = var.vpc_domain_name
+*   name   = local.app_db_dns_name
+*   values = [module.db.db_instance_address]
+* }
+* ```
 */
 
 locals {

ptr/README.md

@@ -78,6 +78,7 @@ The record looks like:
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no |
 | <a name="input_ttl"></a> [ttl](#input\_ttl) | DNS RR Time To Live (ttl).  Default 900s (15m). | `number` | `900` | no |
 | <a name="input_values"></a> [values](#input\_values) | DNS value to set for the name.  May be a string or list of strings (like multiple IP addresses) | `any` | n/a | yes |
+| <a name="input_zone"></a> [zone](#input\_zone) | DNS Zone into which to create the record.  By default, it will extract this from the name after the first dot. | `string` | `null` | no |
 
 ## Outputs
 

ptr/main.tf

@@ -74,6 +74,37 @@ EXAMPLE> 900 IN TXT   "heritage=terraform,terraform/account_id=818199694861,terr
 *   values  = aws_dms_replication_instance.dev.replication_instance_private_ips
 * }
 * ```
+*
+* ## Using a Zone defined in another account
+* This requires the role `r-inf-terraform-route53` be created from the Terraform module `aws-vpc-setup/route53-association/terraform-role`
+* (generally in `common/apps/route53`.  It then uses an STS AssumeRole from Terraform.  You must have the approriate permissions
+* on the source account to assume this role.
+*
+* file: provider.route53.east_ma13_gov.tf
+* ```hcl
+* provider "aws" {
+*   alias  = "east_ma13_gov"
+*   region = var.region_map["east"]
+*   assume_role {
+*     role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, "187944776148")
+*     session_name = var.os_username
+*   }
+* }
+* ```
+* 
+* file: dns.tf
+* ```hcl
+* module "db_cname" {
+*   providers = {
+*     aws = aws.east_ma13_gov
+*   }
+*   source = "git@github.e.it.census.gov:terraform-modules/aws-dns//cname"
+* 
+*   zone   = var.vpc_domain_name
+*   name   = local.app_db_dns_name
+*   values = [module.db.db_instance_address]
+* }
+* ```
 */
 
 locals {