add code for remote zone

terraform-modules · Jul 28, 2023 · 190f01f · 190f01f
1 parent 3fbdc47
commit 190f01f
Show file tree

Hide file tree

Showing 10 changed files with 158 additions and 0 deletions.
diff --git a/examples/vpc-apps-dns-remote-zone/.terraform-docs.yml b/examples/vpc-apps-dns-remote-zone/.terraform-docs.yml
@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show: 
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+## output-values:
+##   enabled: false
+##   from: ""
+## 
+## sort:
+##   enabled: true
+##   by: name
+## 
+## settings:
+##   anchor: true
+##   color: true
+##   default: true
+##   description: false
+##   escape: true
+##   indent: 2
+##   required: true
+##   sensitive: true
+##   type: true
diff --git a/examples/vpc-apps-dns-remote-zone/associate-zones.tf b/examples/vpc-apps-dns-remote-zone/associate-zones.tf
@@ -0,0 +1,28 @@
+locals {
+  forward_zone_list = []
+}
+
+# replace ALIAS with that of the target, replace dash with _, like ma3-gov becomes ma3_gov
+# replace ACCOUNTID with the account_id of the target account (account for ALIAS)
+# replace REGION with the short region, east or west where the zone VPC is defined in the target account
+
+## provider "aws" {
+##   alias  = "route53_ALIAS"
+##   region = var.region_map["REGION"]
+##   assume_role {
+##     role_arn     = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, "ACCOUNTID")
+##     session_name = var.os_username
+##   }
+## }
+
+## module "route53_ALIAS_zones" {
+##   providers = {
+##     aws.self = aws
+##     aws.peer = aws.route53_ALIAS
+##   }
+##
+##   source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/vpc?ref=tf-upgrade"
+##   vpc_id = local.vpc_id
+##   zones  = local.forward_zone_list
+## }
+
diff --git a/examples/vpc-apps-dns-remote-zone/locals.tf b/examples/vpc-apps-dns-remote-zone/locals.tf
@@ -0,0 +1,13 @@
+locals {
+  base_tags = {
+    "boc:created_by" = "terraform"
+  }
+}
+
+locals {
+  vpc_info       = data.terraform_remote_state.vpc_west_vpc2.outputs.vpc_info
+  vpc_id         = local.vpc_info["vpc_id"]
+  domain_name    = local.vpc_info["vpc_domain_name"]
+  dns_servers    = local.vpc_info["vpc_dns_servers"]
+  vpc_short_name = local.vpc_info["vpc_short_name"]
+}
diff --git a/examples/vpc-apps-dns-remote-zone/region.tf b/examples/vpc-apps-dns-remote-zone/region.tf
@@ -0,0 +1,3 @@
+locals {
+  region = var.region
+}
diff --git a/examples/vpc-apps-dns-remote-zone/tf-run.data b/examples/vpc-apps-dns-remote-zone/tf-run.data
@@ -0,0 +1,27 @@
+VERSION 1.2.0
+REMOTE-STATE
+COMMAND tf-directory-setup.py -l none -f
+COMMAND setup-new-directory.sh
+LINK variables.vpc.auto.tfvars
+LINK variables.vpc.tf
+COMMAND tf-init 
+
+LINKTOP includes.d/variables.account_tags.tf
+LINKTOP includes.d/variables.account_tags.auto.tfvars
+LINKTOP includes.d/variables.infrastructure_tags.tf
+LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars
+LINKTOP includes.d/variables.application_tags.tf
+LINKTOP includes.d/variables.application_tags.auto.tfvars
+
+TAG settings
+COMMENT edit locals.tf to change vpc_info to refrence this region and vpc
+COMMENT update variables.dns.auto.tfvars to set the proper comment, and whether to create the zone (false is the zone exists elseewhere)
+STOP verify these are done, and then continue with tf-run apply tag:verified-settings
+
+TAG verified-settings
+aws_route53_zone.domain_zone
+# aws_route53_zone.ptr_zone
+# aws_route53_resolver_rule_association.all_rules
+
+ALL
+COMMAND tf-directory-setup.py -l s3
diff --git a/examples/vpc-apps-dns-remote-zone/variables.dns.auto.tfvars b/examples/vpc-apps-dns-remote-zone/variables.dns.auto.tfvars
@@ -0,0 +1,2 @@
+dns_zone_description_prefix = "General dev ugw1"
+dns_zone_create             = false
diff --git a/examples/vpc-apps-dns-remote-zone/variables.dns.tf b/examples/vpc-apps-dns-remote-zone/variables.dns.tf
@@ -0,0 +1,11 @@
+variable "dns_zone_description_prefix" {
+  description = "Zone description with the org-project-program-environment"
+  type        = string
+  default     = ""
+}
+
+variable "dns_zone_create" {
+  description = "Flag determing to create (true) or associate (false) the main forward zone.  Used for the same VPC domain name across different regions or VPCs"
+  type        = bool
+  default     = true
+}
diff --git a/examples/vpc-apps-dns-remote-zone/variables.route53.tf b/examples/vpc-apps-dns-remote-zone/variables.route53.tf
@@ -0,0 +1,16 @@
+variable "route53_endpoints" {
+  description = "Map of target route53 endpoints (for inbound) central VPCs"
+  type        = map(map(string))
+  default = {
+    route53_main = {
+      "account_id"    = "057405694017"
+      "us-gov-east-1" = "vpc-0871ba8a6040d623a"
+      "us-gov-west-1" = "vpc-0f03ea065333f72c5"
+    }
+    route53_main_legacy = {
+      "account_id"    = "107742151971"
+      "us-gov-east-1" = "vpc-099a991da7c4eb8a5"
+      "us-gov-west-1" = "vpc-77877a12"
+    }
+  }
+}
diff --git a/examples/vpc-apps-dns-remote-zone/variables.username.tf b/examples/vpc-apps-dns-remote-zone/variables.username.tf
@@ -0,0 +1,5 @@
+variable "os_username" {
+  description = "OS username from environment variable, ideally as $USER"
+  type        = string
+  default     = null
+}
diff --git a/examples/vpc-apps-dns-remote-zone/versions.tf b/examples/vpc-apps-dns-remote-zone/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.0"
+    }
+  }
+}