From e745e30f37f612460c84fec5580493e803e8bdac Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 21 Jan 2022 11:36:05 -0500 Subject: [PATCH] fix --- .terraform-docs.yml | 45 +++++++++++++++++ README.md | 116 ++++++++++++-------------------------------- locals.tf | 4 +- variables.tf | 10 ++-- versions.tf | 2 +- 5 files changed, 84 insertions(+), 93 deletions(-) create mode 100644 .terraform-docs.yml diff --git a/.terraform-docs.yml b/.terraform-docs.yml new file mode 100644 index 0000000..418f24a --- /dev/null +++ b/.terraform-docs.yml @@ -0,0 +1,45 @@ +formatter: markdown table + +header-from: main.tf +footer-from: "" + +sections: +## hide: [] + show: + - data-sources + - header + - footer + - inputs + - modules + - outputs + - providers + - requirements + - resources + +output: + file: README.md + mode: replace +# mode: inject +# template: |- +# +# {{ .Content }} +# + +## output-values: +## enabled: false +## from: "" +## +## sort: +## enabled: true +## by: name +## +## settings: +## anchor: true +## color: true +## default: true +## description: false +## escape: true +## indent: 2 +## required: true +## sensitive: true +## type: true diff --git a/README.md b/README.md index 659a771..eec47f0 100644 --- a/README.md +++ b/README.md @@ -1,96 +1,42 @@ -# aws-dynamic-route53 + +## Requirements -## About +| Name | Version | +|------|---------| +| [aws](#requirement\_aws) | >= 3.66.0 | -This module will construct all the resources to allow for automated C2 DNS registration in Route53. This is largely sourced from the -AWS blog on [DNS in a Multiaccount Environment with Route53](https://aws.amazon.com/blogs/security/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver/) . We have added to it to also do PTR registration, as well as -making it IPv6 ready. +## Providers -The [code](https://github.com/aws-samples/aws-lambda-ddns-function) from that blog is linked in as a submodule under [aws-lambda-ddns-function](aws-lambda-ddns-function/). +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 3.66.0 | -This code is intended to be deployed per region, and will handle all of the DNS registration for EC2 -instances deployed, assumign specific tags exist. +## Modules -It will create: +No modules. -- DynamoDB Table (inf-dynamic-route53-{region}) -- IAM Roles -- Lambda -- CloudWatch Events -- CloudWatch Log +## Resources -## Operation +| Name | Type | +|------|------| +| [aws_dynamodb_table.table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource | +| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -See the the [blog](#blog) for full details on how it works. The short version is: +## Inputs -- Cloudwatch event on instance (starting, started, terminated) -- Run lambda -- On startup - - Get instance details (id, region, ipv4, ipv6) - - Determine zone from tag(s) - - Find zone - - Add records if found - - Log action - - Record in DDB name and details -- On terminate - - Get instance detail (id) - - search DDB table for id - - Remove records, if in table - - Log action +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no | +| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no | +| [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | 
{
  "ddb": {},
  "kms": {},
  "s3": {}
}
| no | +| [dynamodb\_table](#input\_dynamodb\_table) | Different DynamoDB table to override default of var.name) | `string` | `null` | no | +| [name](#input\_name) | Name to use within all the created resources (default: inf-dynamic-route53) | `string` | `"inf-dynamic-route53"` | no | +| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | +| [tags](#input\_tags) | AWS Tags to apply to appropriate resources | `map(string)` | `{}` | no | +## Outputs -## Tags - -A number of tags will be used to affect behavior of the DNS entries. - -### Tag: Name - -The `Name` tag is the primary tag that will be used to determine the DNS name to create. It is expected to be a unique FQDN. If no Name -tag is provided, the hostname portion of the name will be constructed from the IP address: - -* IPv4 - * ip address: A.B.C.D - * hostname: ip-A-B-C-D -* IPv6 (TBD) - -The domain portion of the `Name` tag must exist within Route53 in order for any records to be created. - -### Tag: boc:dns:zone - -The `boc:dns:zone` tag will be used in case we need to force a specific domain name on a host, either because it cannot obtain -the proper zone (domain) from the `Name` tag, of that a custom per-instance `Name` tag cannot be created. This latter condition -occurs for systems which work from a launch template, such as EMR or EKS. - -### Tag: boc:dns:alias - -The `boc:dns:alias` tag is used to create an alternate DNS name (CNAME), pointed to the primary name. It is an FQDN, and the same conditions -apply as with [Name](#tag--name). - -# Links - -## github aws-lambda-ddns-function - * https://github.com/aws-samples/aws-lambda-ddns-function -## Blog - * https://aws.amazon.com/blogs/security/simplify-dns-management-in-a-multiaccount-environment-with-route-53-resolver/ - - -# Repository Setup Details - -* One time - -```script -git submodule add https://github.com/aws-samples/aws-lambda-ddns-function aws-lambda-ddns-function -git commit -m'add submodule' aws-lambda-ddns-function -``` - -* After first clone - -```script -git submodule update --init -``` - -* Pull new stuff from submoduule - -```script -git submodule foreach git pull origin master -``` +No outputs. + \ No newline at end of file diff --git a/locals.tf b/locals.tf index 354d815..3f27853 100644 --- a/locals.tf +++ b/locals.tf @@ -1,12 +1,12 @@ locals { account_id = var.account_id != "" ? var.account_id : data.aws_caller_identity.current.account_id account_environment = data.aws_arn.current.partition == "aws-us-gov" ? "gov" : "ew" - region = data.aws_region.current.name + region = data.aws_region.current.name base_tags = { "boc:tf_module_version" = local._module_version "boc:created_by" = "terraform" } - name = format("%v-%v",var.name,local.region) + name = format("%v-%v", var.name, local.region) } diff --git a/variables.tf b/variables.tf index ed84625..86415fe 100644 --- a/variables.tf +++ b/variables.tf @@ -1,14 +1,14 @@ variable "name" { description = "Name to use within all the created resources (default: inf-dynamic-route53)" - type = string - default = "inf-dynamic-route53" + type = string + default = "inf-dynamic-route53" } variable "dynamodb_table" { - description = "Different DynamoDB table to override default of var.name) - type = string - default = null + description = "Different DynamoDB table to override default of var.name)" + type = string + default = null } diff --git a/versions.tf b/versions.tf index 4ba10ce..34eb3b9 100644 --- a/versions.tf +++ b/versions.tf @@ -5,5 +5,5 @@ terraform { version = ">= 3.66.0" } } -# required_version = ">= 0.13" + # required_version = ">= 0.13" }