From 26f77dcdf58e413da14fd142542a0b4eb863da8e Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 10 Oct 2025 09:45:06 -0400
Subject: [PATCH] add route53 profile association of zone

---
 .../1.31/dns-zone.route53-profile.tf          | 34 +++++++++++++++++++
 .../full-cluster-tf-upgrade/1.31/dns-zone.tf  | 10 +++---
 2 files changed, 39 insertions(+), 5 deletions(-)
 create mode 100644 examples/full-cluster-tf-upgrade/1.31/dns-zone.route53-profile.tf

diff --git a/examples/full-cluster-tf-upgrade/1.31/dns-zone.route53-profile.tf b/examples/full-cluster-tf-upgrade/1.31/dns-zone.route53-profile.tf
new file mode 100644
index 0000000..9f995a0
--- /dev/null
+++ b/examples/full-cluster-tf-upgrade/1.31/dns-zone.route53-profile.tf
@@ -0,0 +1,34 @@
+data "aws_route53profiles_profiles" "east_vpc_profiles" {
+  provider = aws.east
+}
+data "aws_route53profiles_profiles" "west_vpc_profiles" {
+  provider = aws.west
+}
+
+locals {
+  east_route53_profiles = { for v in data.aws_route53profiles_profiles.east_vpc_profiles.profiles : v.name => v.id }
+  west_route53_profiles = { for v in data.aws_route53profiles_profiles.west_vpc_profiles.profiles : v.name => v.id }
+  route53_profile_mapping = {
+    "shared" = "services"
+    "ite"    = "test"
+    "qa"     = "test"
+    "uat"    = "test"
+  }
+  route53_profile = lookup(local.route53_profile_mapping, var.vpc_environment, var.vpc_environment)
+}
+
+resource "aws_route53profiles_resource_association" "east_zone" {
+  provider     = aws.east
+  region       = "us-gov-east-1"
+  name         = format("%v-%v zone %v", local.route53_profile, "vpc", aws_route53_zone.cluster_domain.zone_id)
+  profile_id   = local.east_route53_profiles[local.route53_profile]
+  resource_arn = aws_route53_zone.cluster_domain.arn
+}
+
+resource "aws_route53profiles_resource_association" "west_zone" {
+  provider     = aws.west
+  region       = "us-gov-west-1"
+  name         = format("%v-%v zone %v", local.route53_profile, "vpc", aws_route53_zone.cluster_domain.zone_id)
+  profile_id   = local.west_route53_profiles[local.route53_profile]
+  resource_arn = aws_route53_zone.cluster_domain.arn
+}
diff --git a/examples/full-cluster-tf-upgrade/1.31/dns-zone.tf b/examples/full-cluster-tf-upgrade/1.31/dns-zone.tf
index 89ab48f..ba4fe61 100644
--- a/examples/full-cluster-tf-upgrade/1.31/dns-zone.tf
+++ b/examples/full-cluster-tf-upgrade/1.31/dns-zone.tf
@@ -31,7 +31,7 @@ provider "aws" {
 # dummy vpc, so we can associate the zone to this account
 #---
 data "aws_vpc" "dummy_vpc" {
-  count = ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  count = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
   filter {
     name   = "tag:Name"
     values = ["vpc0-dummy"]
@@ -44,14 +44,14 @@ resource "aws_route53_zone" "cluster_domain" {
   force_destroy = false
 
   vpc {
-    vpc_id     = ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
+    vpc_id     = !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? try(data.aws_vpc.dummy_vpc[0].id, null) : data.aws_vpc.eks_vpc.id
     vpc_region = local.region
   }
 
   lifecycle {
     ignore_changes = [vpc]
     precondition {
-      condition     = (var.shared_vpc_label == null || var.shared_vpc_label == "") || (! (var.shared_vpc_label == null || var.shared_vpc_label == "") && ! (var.domain == null || var.domain == ""))
+      condition     = (var.shared_vpc_label == null || var.shared_vpc_label == "") || (!(var.shared_vpc_label == null || var.shared_vpc_label == "") && !(var.domain == null || var.domain == ""))
       error_message = "var.domain must be provided when shared VPCs are in use."
     }
   }
@@ -69,7 +69,7 @@ resource "aws_route53_zone" "cluster_domain" {
 # need to also associate with network-prod account and this vpc
 #---
 module "route53_cluster_domain_east" {
-  count = local.region == "us-gov-east-1" && ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  count = local.region == "us-gov-east-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
   providers = {
     aws.self = aws
     aws.peer = aws.route53_main_east
@@ -87,7 +87,7 @@ module "route53_cluster_domain_east" {
 }
 
 module "route53_cluster_domain_west" {
-  count = local.region == "us-gov-west-1" && ! (var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
+  count = local.region == "us-gov-west-1" && !(var.shared_vpc_label == null || var.shared_vpc_label == "") ? 1 : 0
   providers = {
     aws.self = aws
     aws.peer = aws.route53_main_west