diff --git a/examples/full-cluster/dns-zone.tf b/examples/full-cluster/dns-zone.tf index e26e584..a7f3f41 100644 --- a/examples/full-cluster/dns-zone.tf +++ b/examples/full-cluster/dns-zone.tf @@ -13,9 +13,18 @@ resource "aws_route53_zone" "cluster_domain" { vpc_region = local.region } - # lifecycle { - # ignore_changes - # } + ## dynamic "vpc" { + ## for_each = true ? var.region_map : {} + ## iterator = r + ## content { + ## vpc_id = var.main_dns_vpcs[r.value] + ## vpc_region = r.value + ## } + ## } + + lifecycle { + ignore_changes = [vpc] + } tags = merge( local.base_tags, @@ -24,6 +33,8 @@ resource "aws_route53_zone" "cluster_domain" { var.application_tags, tomap({ "Name" = local.cluster_domain_name }), ) + + # depends_on = [ aws_route53_vpc_association_authorization.west_cluster_domain, aws_route53_vpc_association_authorization.east_cluster_domain ] } output "cluster_domain_name" { @@ -40,3 +51,75 @@ output "cluster_domain_ns" { description = "DNS Zone Nameservers" value = aws_route53_zone.cluster_domain.name_servers } + +#--- +# associate to main do2-govcloud vpc1-services east and west for inbound resolution +#--- +provider "aws" { + alias = "east_main_dns" + region = var.region_map["east"] + profile = var.main_dns_profile +} + +provider "aws" { + alias = "west_main_dns" + region = var.region_map["west"] + profile = var.main_dns_profile +} + +# resource "aws_route53_vpc_association_authorization" "cluster_domain" { +# for_each = var.region_map +# +# zone_id = aws_route53_zone.cluster_domain.zone_id +# vpc_region = each.value +# vpc_id = var.main_dns_vpcs[each.value] +# } + +resource "aws_route53_vpc_association_authorization" "west_cluster_domain" { + for_each = tomap({ "zone" = aws_route53_zone.cluster_domain }) + zone_id = each.value.zone_id + vpc_region = "us-gov-west-1" + vpc_id = var.main_dns_vpcs["us-gov-west-1"] +} + +resource "aws_route53_vpc_association_authorization" "east_cluster_domain" { + for_each = tomap({ "zone" = aws_route53_zone.cluster_domain }) + zone_id = each.value.zone_id + vpc_region = "us-gov-east-1" + vpc_id = var.main_dns_vpcs["us-gov-east-1"] +} + +resource "aws_route53_zone_association" "west_cluster_domain" { + provider = aws.west_main_dns + for_each = aws_route53_vpc_association_authorization.west_cluster_domain + + zone_id = each.value.zone_id + vpc_id = each.value.vpc_id + vpc_region = each.value.vpc_region +} + +resource "aws_route53_zone_association" "east_cluster_domain" { + provider = aws.east_main_dns + for_each = aws_route53_vpc_association_authorization.east_cluster_domain + + zone_id = each.value.zone_id + vpc_id = each.value.vpc_id + vpc_region = each.value.vpc_region +} + +# now we need to add the NS records for the new zone to the parent zone + +data "aws_route53_zone" "parent" { + name = var.vpc_domain_name + private_zone = true +} + +resource "aws_route53_record" "cluster_domain" { + allow_overwrite = true + name = local.cluster_domain_name + type = "NS" + ttl = 900 + zone_id = data.aws_route53_zone.parent.zone_id + + records = aws_route53_zone.cluster_domain.name_servers +} diff --git a/examples/full-cluster/variables.dns.tf b/examples/full-cluster/variables.dns.tf new file mode 100644 index 0000000..c82d30c --- /dev/null +++ b/examples/full-cluster/variables.dns.tf @@ -0,0 +1,21 @@ +variable "main_dns_vpcs" { + description = "Map of region and VPC ids of the vpc1-services in us-gov-west-1 and us-gov-east-1 for centralized DNS" + type = map(string) + default = { + "us-gov-west-1" = "vpc-77877a12" + "us-gov-east-1" = "vpc-099a991da7c4eb8a5" + } +} + +variable "main_dns_profile" { + description = "Profile name for AWS for the main DNS central account" + type = string + default = "107742151971-do2-govcloud" +} + + +variable "dns_zone_description_prefix" { + description = "Zone description with the org-project-program-environment" + type = string + default = "" +}