update dns config

examples/full-cluster/dns-zone.tf

@@ -13,9 +13,18 @@ resource "aws_route53_zone" "cluster_domain" {
     vpc_region = local.region
   }
 
-  # lifecycle {
-  #    ignore_changes
-  # }
+  ##   dynamic "vpc" {
+  ##     for_each = true ? var.region_map : {}
+  ##     iterator = r
+  ##     content {
+  ##       vpc_id     = var.main_dns_vpcs[r.value]
+  ##       vpc_region = r.value
+  ##     }
+  ##   }
+
+  lifecycle {
+    ignore_changes = [vpc]
+  }
 
   tags = merge(
     local.base_tags,
@@ -24,6 +33,8 @@ resource "aws_route53_zone" "cluster_domain" {
     var.application_tags,
     tomap({ "Name" = local.cluster_domain_name }),
   )
+
+  #  depends_on = [ aws_route53_vpc_association_authorization.west_cluster_domain, aws_route53_vpc_association_authorization.east_cluster_domain ]
 }
 
 output "cluster_domain_name" {
@@ -40,3 +51,75 @@ output "cluster_domain_ns" {
   description = "DNS Zone Nameservers"
   value       = aws_route53_zone.cluster_domain.name_servers
 }
+
+#---
+# associate to main do2-govcloud vpc1-services east and west for inbound resolution
+#---
+provider "aws" {
+  alias   = "east_main_dns"
+  region  = var.region_map["east"]
+  profile = var.main_dns_profile
+}
+
+provider "aws" {
+  alias   = "west_main_dns"
+  region  = var.region_map["west"]
+  profile = var.main_dns_profile
+}
+
+# resource "aws_route53_vpc_association_authorization" "cluster_domain" {
+#   for_each = var.region_map
+# 
+#   zone_id    = aws_route53_zone.cluster_domain.zone_id
+#   vpc_region = each.value
+#   vpc_id     = var.main_dns_vpcs[each.value]
+# }
+
+resource "aws_route53_vpc_association_authorization" "west_cluster_domain" {
+  for_each   = tomap({ "zone" = aws_route53_zone.cluster_domain })
+  zone_id    = each.value.zone_id
+  vpc_region = "us-gov-west-1"
+  vpc_id     = var.main_dns_vpcs["us-gov-west-1"]
+}
+
+resource "aws_route53_vpc_association_authorization" "east_cluster_domain" {
+  for_each   = tomap({ "zone" = aws_route53_zone.cluster_domain })
+  zone_id    = each.value.zone_id
+  vpc_region = "us-gov-east-1"
+  vpc_id     = var.main_dns_vpcs["us-gov-east-1"]
+}
+
+resource "aws_route53_zone_association" "west_cluster_domain" {
+  provider = aws.west_main_dns
+  for_each = aws_route53_vpc_association_authorization.west_cluster_domain
+
+  zone_id    = each.value.zone_id
+  vpc_id     = each.value.vpc_id
+  vpc_region = each.value.vpc_region
+}
+
+resource "aws_route53_zone_association" "east_cluster_domain" {
+  provider = aws.east_main_dns
+  for_each = aws_route53_vpc_association_authorization.east_cluster_domain
+
+  zone_id    = each.value.zone_id
+  vpc_id     = each.value.vpc_id
+  vpc_region = each.value.vpc_region
+}
+
+# now we need to add the NS records for the new zone to the parent zone
+
+data "aws_route53_zone" "parent" {
+  name         = var.vpc_domain_name
+  private_zone = true
+}
+
+resource "aws_route53_record" "cluster_domain" {
+  allow_overwrite = true
+  name            = local.cluster_domain_name
+  type            = "NS"
+  ttl             = 900
+  zone_id         = data.aws_route53_zone.parent.zone_id
+
+  records = aws_route53_zone.cluster_domain.name_servers
+}

examples/full-cluster/variables.dns.tf

@@ -0,0 +1,21 @@
+variable "main_dns_vpcs" {
+  description = "Map of region and VPC ids of the vpc1-services in us-gov-west-1 and us-gov-east-1 for centralized DNS"
+  type        = map(string)
+  default = {
+    "us-gov-west-1" = "vpc-77877a12"
+    "us-gov-east-1" = "vpc-099a991da7c4eb8a5"
+  }
+}
+
+variable "main_dns_profile" {
+  description = "Profile name for AWS for the main DNS central account"
+  type        = string
+  default     = "107742151971-do2-govcloud"
+}
+
+
+variable "dns_zone_description_prefix" {
+  description = "Zone description with the org-project-program-environment"
+  type        = string
+  default     = ""
+}