Skip to content

Commit

Permalink
add old-tf setup for route53 (TF < 1.x)
Browse files Browse the repository at this point in the history
  • Loading branch information
@badra001
badra001 committed Oct 10, 2025
1 parent 26f77dc commit 196af69
Show file tree
Hide file tree
Showing 4 changed files with 246 additions and 0 deletions.
34 changes: 34 additions & 0 deletions examples/old-tf-route53-setup/dns-zone.route53-profile.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
data "aws_route53profiles_profiles" "east_vpc_profiles" {
provider = aws.east
}
data "aws_route53profiles_profiles" "west_vpc_profiles" {
provider = aws.west
}

locals {
east_route53_profiles = { for v in data.aws_route53profiles_profiles.east_vpc_profiles.profiles : v.name => v.id }
west_route53_profiles = { for v in data.aws_route53profiles_profiles.west_vpc_profiles.profiles : v.name => v.id }
route53_profile_mapping = {
"shared" = "services"
"ite" = "test"
"qa" = "test"
"uat" = "test"
}
route53_profile = lookup(local.route53_profile_mapping, var.vpc_environment, var.vpc_environment)
}

resource "aws_route53profiles_resource_association" "east_zone" {
provider = aws.east
region = "us-gov-east-1"
name = format("%v-%v zone %v", local.route53_profile, "vpc", aws_route53_zone.cluster_domain.zone_id)
profile_id = local.east_route53_profiles[local.route53_profile]
resource_arn = aws_route53_zone.cluster_domain.arn
}

resource "aws_route53profiles_resource_association" "west_zone" {
provider = aws.west
region = "us-gov-west-1"
name = format("%v-%v zone %v", local.route53_profile, "vpc", aws_route53_zone.cluster_domain.zone_id)
profile_id = local.west_route53_profiles[local.route53_profile]
resource_arn = aws_route53_zone.cluster_domain.arn
}
183 changes: 183 additions & 0 deletions examples/old-tf-route53-setup/dns-zone.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
locals {
cluster_domain_name = format("%v.%v", var.cluster_name, var.vpc_domain_name)
cluster_domain_description = format("%v EKS Cluster DNS Zone", var.cluster_name)
}

resource "aws_route53_zone" "cluster_domain" {
name = local.cluster_domain_name
comment = local.cluster_domain_description
force_destroy = false

vpc {
vpc_id = data.aws_vpc.eks_vpc.id
vpc_region = local.region
}

## dynamic "vpc" {
## for_each = true ? var.region_map : {}
## iterator = r
## content {
## vpc_id = var.main_dns_vpcs[r.value]
## vpc_region = r.value
## }
## }

lifecycle {
ignore_changes = [vpc]
}

tags = merge(
local.base_tags,
local.common_tags,
var.tags,
var.application_tags,
tomap({ "Name" = local.cluster_domain_name }),
)

# depends_on = [ aws_route53_vpc_association_authorization.west_cluster_domain, aws_route53_vpc_association_authorization.east_cluster_domain ]
}

output "cluster_domain_name" {
description = "DNS Zone Name"
value = local.cluster_domain_name
}

output "cluster_domain_id" {
description = "DNS Zone ID"
value = aws_route53_zone.cluster_domain.zone_id
}

output "cluster_domain_ns" {
description = "DNS Zone Nameservers"
value = aws_route53_zone.cluster_domain.name_servers
}

#---
# associate to main do2-govcloud vpc1-services east and west for inbound resolution
#---
provider "aws" {
alias = "east_main_dns"
region = var.region_map["east"]
profile = var.main_dns_profile
}

provider "aws" {
alias = "west_main_dns"
region = var.region_map["west"]
profile = var.main_dns_profile
}

# resource "aws_route53_vpc_association_authorization" "cluster_domain" {
# for_each = var.region_map
#
# zone_id = aws_route53_zone.cluster_domain.zone_id
# vpc_region = each.value
# vpc_id = var.main_dns_vpcs[each.value]
# }

resource "aws_route53_vpc_association_authorization" "west_cluster_domain" {
for_each = tomap({ "zone" = aws_route53_zone.cluster_domain })
zone_id = each.value.zone_id
vpc_region = "us-gov-west-1"
vpc_id = var.main_dns_vpcs["us-gov-west-1"]
}

resource "aws_route53_vpc_association_authorization" "east_cluster_domain" {
for_each = tomap({ "zone" = aws_route53_zone.cluster_domain })
zone_id = each.value.zone_id
vpc_region = "us-gov-east-1"
vpc_id = var.main_dns_vpcs["us-gov-east-1"]
}

resource "aws_route53_zone_association" "west_cluster_domain" {
provider = aws.west_main_dns
for_each = aws_route53_vpc_association_authorization.west_cluster_domain

zone_id = each.value.zone_id
vpc_id = each.value.vpc_id
vpc_region = each.value.vpc_region
}

resource "aws_route53_zone_association" "east_cluster_domain" {
provider = aws.east_main_dns
for_each = aws_route53_vpc_association_authorization.east_cluster_domain

zone_id = each.value.zone_id
vpc_id = each.value.vpc_id
vpc_region = each.value.vpc_region
}

# now we need to add the NS records for the new zone to the parent zone

data "aws_route53_zone" "parent" {
name = var.vpc_domain_name
private_zone = true
}

resource "aws_route53_record" "cluster_domain" {
allow_overwrite = true
name = local.cluster_domain_name
type = "NS"
ttl = 900
zone_id = data.aws_route53_zone.parent.zone_id

records = aws_route53_zone.cluster_domain.name_servers
}

#---
# network-prod provider
#---
provider "aws" {
alias = "route53_main_east"
profile = var.profile
region = "us-gov-east-1"
assume_role {
role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
session_name = var.os_username
}
}

provider "aws" {
alias = "route53_main_west"
profile = var.profile
region = "us-gov-west-1"
assume_role {
role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, var.route53_endpoints["route53_main"].account_id)
session_name = var.os_username
}
}

#---
# associate to network-prod (can't use modules until this is upgrade to 1.x)
#---
resource "aws_route53_vpc_association_authorization" "network_main_west_cluster_domain" {
for_each = tomap({ "zone" = aws_route53_zone.cluster_domain })
zone_id = each.value.zone_id
vpc_region = "us-gov-west-1"
vpc_id = var.route53_endpoints["route53_main"]["us-gov-west-1"]
}

resource "aws_route53_vpc_association_authorization" "network_main_east_cluster_domain" {
for_each = tomap({ "zone" = aws_route53_zone.cluster_domain })
zone_id = each.value.zone_id
vpc_region = "us-gov-east-1"
vpc_id = var.route53_endpoints["route53_main"]["us-gov-east-1"]
}

resource "aws_route53_zone_association" "network_main_west_cluster_domain" {
provider = aws.route53_main_west
for_each = aws_route53_vpc_association_authorization.network_main_west_cluster_domain

zone_id = each.value.zone_id
vpc_id = each.value.vpc_id
vpc_region = each.value.vpc_region
}

resource "aws_route53_zone_association" "network_main_east_cluster_domain" {
provider = aws.route53_main_east
for_each = aws_route53_vpc_association_authorization.network_main_east_cluster_domain

zone_id = each.value.zone_id
vpc_id = each.value.vpc_id
vpc_region = each.value.vpc_region
}
24 changes: 24 additions & 0 deletions examples/old-tf-route53-setup/variables.route53.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
variable "route53_endpoints" {
description = "Map of target route53 endpoints (for inbound) central VPCs"
type = map(map(string))
default = {
route53_main = {
"account_id" = "057405694017"
"alias" = "ent-gov-network-prod"
"us-gov-east-1" = "vpc-0871ba8a6040d623a"
"us-gov-west-1" = "vpc-0f03ea065333f72c5"
}
route53_main_legacy = {
"account_id" = "107742151971"
"alias" = "do2-govcloud"
"us-gov-east-1" = "vpc-099a991da7c4eb8a5"
"us-gov-west-1" = "vpc-77877a12"
}
route53_main_dmz = {
"account_id" = "273715889907"
"alias" = "ent-gov-dmz-network-prod"
"us-gov-east-1" = "vpc-02f1a0a3b40843e4e"
"us-gov-west-1" = "vpc-0ce5930e94e434889"
}
}
}
5 changes: 5 additions & 0 deletions examples/old-tf-route53-setup/variables.username.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variable "os_username" {
description = "OS username from environment variable, ideally as $USER"
type = string
default = null
}

0 comments on commit 196af69

Please sign in to comment.