terraform-modules · badra001 · Apr 28, 2023 · Apr 21, 2023 · Apr 21, 2023 · Apr 21, 2023
diff --git a/.tf-control b/.tf-control
@@ -0,0 +1,20 @@
+# .tf-control
+# allows for setting a specific command to be used for tf-* commands under this git repo
+# see tf-control.sh help for more info
+
+TFCONTROL_VERSION="1.0.5"
+
+TFCOMMAND="terraform_latest"
+# TF_CLI_CONFIG_FILE=PATH-TO-FILE/.tf-control.tfrc
+# TFARGS=""
+# TFNOLOG=""
+# TFNOCOLOR=""
+
+# use the following to force a specific version.  An upgrade of an existing 0.12.31 to 1.x
+# needs you to cycle through 0.13.17, 0.14.11, and then latest (0.15.5 not needed).  Other
+# steps in between.  See https://github.e.it.census.gov/terraform/support/tree/master/docs/how-to/terraform-upgrade for details
+#
+#TFCOMMAND="terraform_0.12.31"
+#TFCOMMAND="terraform_0.13.7"
+#TFCOMMAND="terraform_0.14.11"
+#TFCOMMAND="terraform_0.15.5"
diff --git a/.tf-control.tfrc b/.tf-control.tfrc
@@ -0,0 +1,24 @@
+TFCONTROL_VERSION="1.0.5"
+
+# https://www.terraform.io/docs/cli/config/config-file.html
+plugin_cache_dir   = "/data/terraform/terraform.d/plugin-cache"
+#disable_checkpoint = true
+
+provider_installation {
+#  filesystem_mirror {
+#    path    = "/apps/terraform/terraform.d/providers"
+#    include = [ "*/*/*" ]
+#  }
+  filesystem_mirror {
+    path    = "/data/terraform/terraform.d/providers"
+    include = [ "*/*/*" ]
+  }
+#  filesystem_mirror {
+#    path    = "/apps/terraform/terraform.d/providers"
+#    include = [ "external.terraform.census.gov/*/*" ]
+#  }
+  direct {
+    include = [ "*/*/*" ]
+  }
+}
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -116,3 +116,18 @@
 * 1.0.1 -- 2022-10-28
   - change map() to {}
 
+* 1.0.2 -- 2023-04-22
+  - add alllow assume role in (a) org and (b) to remote role r-inf-dynamic-reoute53-actions
+
+## Release 2.x
+
+* 2.0.0 -- 2023-04-28
+  - code 2.0.0
+    - use sessions
+    - make assume role call to remote account where PHZ is defined
+    - add dns entries to the DDB item, so that on stop/terminate we delete only what was added
+    - add flags: noforward, noptr, noheritage, nocname
+    - add data: boc:dns:ptrname
+    - add detection of a runnign EMR cluster with aws:elasticmapreduce: job-flow-id (cluster) and instance-group-role and use this to
+      set an alias defined in boc:dns:cname ({friendlyname}.master), but if it is a cluser node, only use the cname if it is master.  If 
+      it is not a cluster, set the cname
diff --git a/README.md b/README.md
@@ -134,6 +134,7 @@ No modules.
 | [aws_iam_policy_document.queue_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.queue_sqs_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_organizations_organization.org](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/organizations_organization) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
@@ -148,7 +149,7 @@ No modules.
 | <a name="input_enable_sns"></a> [enable\_sns](#input\_enable\_sns) | Enable use of SNS for reporting errors | `bool` | `false` | no |
 | <a name="input_enable_sqs"></a> [enable\_sqs](#input\_enable\_sqs) | Enable use of SQS for SNS to send errors. Requires the use of enable\_sns as well | `bool` | `false` | no |
 | <a name="input_kms_key_name"></a> [kms\_key\_name](#input\_kms\_key\_name) | Different KMS Key (for SNS and SQS) to override default of var.name | `string` | `null` | no |
-| <a name="input_lambda_environment_variables"></a> [lambda\_environment\_variables](#input\_lambda\_environment\_variables) | Map of lambda environment variables and values | `map(string)` | <pre>{<br>  "DNS_RR_TimeToLive": 60,<br>  "DebugLogLevel": "INFO",<br>  "DynamoDBName": null,<br>  "HeritageIdentifier": "dynr53",<br>  "HeritageTXTRecordPrefix": "_txt",<br>  "MaxApiRetry": 10,<br>  "SleepTime": 60,<br>  "SnsEnable": false,<br>  "SnsTopicArn": "",<br>  "TagKeyCname": "boc:dns:cname",<br>  "TagKeyHostName": "boc:dns:name",<br>  "TagKeyZone": "boc:dns:zone"<br>}</pre> | no |
+| <a name="input_lambda_environment_variables"></a> [lambda\_environment\_variables](#input\_lambda\_environment\_variables) | Map of lambda environment variables and values | `map(string)` | <pre>{<br>  "DNS_RR_TimeToLive": 60,<br>  "DebugLogLevel": "INFO",<br>  "DynamoDBName": null,<br>  "EMRTagPrefix": "aws",<br>  "HeritageIdentifier": "dynr53",<br>  "HeritageTXTRecordPrefix": "_txt",<br>  "MaxApiRetry": 10,<br>  "RemoteRoleArnFormat": "arn:%s:iam::%s:role/r-inf-dynamic-route53-actions",<br>  "SleepTime": 60,<br>  "SnsEnable": false,<br>  "SnsTopicArn": "",<br>  "TagKeyCname": "boc:dns:cname",<br>  "TagKeyFlags": "boc:dns:flags",<br>  "TagKeyHostName": "boc:dns:name",<br>  "TagKeyPtrname": "boc:dns:ptrname",<br>  "TagKeyZone": "boc:dns:zone"<br>}</pre> | no |
 | <a name="input_lambda_environment_variables_override"></a> [lambda\_environment\_variables\_override](#input\_lambda\_environment\_variables\_override) | Map of lambda environment variables and values to override from the defaults | `map(string)` | `{}` | no |
 | <a name="input_lambda_name"></a> [lambda\_name](#input\_lambda\_name) | Different Lambda name to override default of var.name | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to use within all the created resources (default: inf-dynamic-route53) | `string` | `"inf-dynamic-route53"` | no |

diff --git a/code/.terraform.lock.hcl b/code/.terraform.lock.hcl