From 190f01fa1c8b4bf1ec5277c34d5c7e03344d7474 Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 28 Jul 2023 07:22:58 -0400 Subject: [PATCH] add code for remote zone --- .../.terraform-docs.yml | 44 +++++++++++++++++++ .../associate-zones.tf | 28 ++++++++++++ examples/vpc-apps-dns-remote-zone/locals.tf | 13 ++++++ examples/vpc-apps-dns-remote-zone/region.tf | 3 ++ examples/vpc-apps-dns-remote-zone/tf-run.data | 27 ++++++++++++ .../variables.dns.auto.tfvars | 2 + .../vpc-apps-dns-remote-zone/variables.dns.tf | 11 +++++ .../variables.route53.tf | 16 +++++++ .../variables.username.tf | 5 +++ examples/vpc-apps-dns-remote-zone/versions.tf | 9 ++++ 10 files changed, 158 insertions(+) create mode 100644 examples/vpc-apps-dns-remote-zone/.terraform-docs.yml create mode 100644 examples/vpc-apps-dns-remote-zone/associate-zones.tf create mode 100644 examples/vpc-apps-dns-remote-zone/locals.tf create mode 100644 examples/vpc-apps-dns-remote-zone/region.tf create mode 100644 examples/vpc-apps-dns-remote-zone/tf-run.data create mode 100644 examples/vpc-apps-dns-remote-zone/variables.dns.auto.tfvars create mode 100644 examples/vpc-apps-dns-remote-zone/variables.dns.tf create mode 100644 examples/vpc-apps-dns-remote-zone/variables.route53.tf create mode 100644 examples/vpc-apps-dns-remote-zone/variables.username.tf create mode 100644 examples/vpc-apps-dns-remote-zone/versions.tf diff --git a/examples/vpc-apps-dns-remote-zone/.terraform-docs.yml b/examples/vpc-apps-dns-remote-zone/.terraform-docs.yml new file mode 100644 index 0000000..8391b9d --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/.terraform-docs.yml @@ -0,0 +1,44 @@ +formatter: markdown table + +header-from: main.tf +footer-from: "" + +sections: +## hide: [] + show: + - data-sources + - header + - footer + - inputs + - modules + - outputs + - providers + - requirements + - resources + +output: + file: README.md + mode: inject + template: |- + + {{ .Content }} + + +## output-values: +## enabled: false +## from: "" +## +## sort: +## enabled: true +## by: name +## +## settings: +## anchor: true +## color: true +## default: true +## description: false +## escape: true +## indent: 2 +## required: true +## sensitive: true +## type: true diff --git a/examples/vpc-apps-dns-remote-zone/associate-zones.tf b/examples/vpc-apps-dns-remote-zone/associate-zones.tf new file mode 100644 index 0000000..0d27afa --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/associate-zones.tf @@ -0,0 +1,28 @@ +locals { + forward_zone_list = [] +} + +# replace ALIAS with that of the target, replace dash with _, like ma3-gov becomes ma3_gov +# replace ACCOUNTID with the account_id of the target account (account for ALIAS) +# replace REGION with the short region, east or west where the zone VPC is defined in the target account + +## provider "aws" { +## alias = "route53_ALIAS" +## region = var.region_map["REGION"] +## assume_role { +## role_arn = format("arn:%v:iam::%v:role/r-inf-terraform-route53", data.aws_arn.current.partition, "ACCOUNTID") +## session_name = var.os_username +## } +## } + +## module "route53_ALIAS_zones" { +## providers = { +## aws.self = aws +## aws.peer = aws.route53_ALIAS +## } +## +## source = "git@github.e.it.census.gov:terraform-modules/aws-vpc-setup.git//route53-zone-association/vpc?ref=tf-upgrade" +## vpc_id = local.vpc_id +## zones = local.forward_zone_list +## } + diff --git a/examples/vpc-apps-dns-remote-zone/locals.tf b/examples/vpc-apps-dns-remote-zone/locals.tf new file mode 100644 index 0000000..8edb5e6 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/locals.tf @@ -0,0 +1,13 @@ +locals { + base_tags = { + "boc:created_by" = "terraform" + } +} + +locals { + vpc_info = data.terraform_remote_state.vpc_west_vpc2.outputs.vpc_info + vpc_id = local.vpc_info["vpc_id"] + domain_name = local.vpc_info["vpc_domain_name"] + dns_servers = local.vpc_info["vpc_dns_servers"] + vpc_short_name = local.vpc_info["vpc_short_name"] +} diff --git a/examples/vpc-apps-dns-remote-zone/region.tf b/examples/vpc-apps-dns-remote-zone/region.tf new file mode 100644 index 0000000..f617506 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/region.tf @@ -0,0 +1,3 @@ +locals { + region = var.region +} diff --git a/examples/vpc-apps-dns-remote-zone/tf-run.data b/examples/vpc-apps-dns-remote-zone/tf-run.data new file mode 100644 index 0000000..73fbcf0 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/tf-run.data @@ -0,0 +1,27 @@ +VERSION 1.2.0 +REMOTE-STATE +COMMAND tf-directory-setup.py -l none -f +COMMAND setup-new-directory.sh +LINK variables.vpc.auto.tfvars +LINK variables.vpc.tf +COMMAND tf-init + +LINKTOP includes.d/variables.account_tags.tf +LINKTOP includes.d/variables.account_tags.auto.tfvars +LINKTOP includes.d/variables.infrastructure_tags.tf +LINKTOP includes.d/variables.infrastructure_tags.auto.tfvars +LINKTOP includes.d/variables.application_tags.tf +LINKTOP includes.d/variables.application_tags.auto.tfvars + +TAG settings +COMMENT edit locals.tf to change vpc_info to refrence this region and vpc +COMMENT update variables.dns.auto.tfvars to set the proper comment, and whether to create the zone (false is the zone exists elseewhere) +STOP verify these are done, and then continue with tf-run apply tag:verified-settings + +TAG verified-settings +aws_route53_zone.domain_zone +# aws_route53_zone.ptr_zone +# aws_route53_resolver_rule_association.all_rules + +ALL +COMMAND tf-directory-setup.py -l s3 diff --git a/examples/vpc-apps-dns-remote-zone/variables.dns.auto.tfvars b/examples/vpc-apps-dns-remote-zone/variables.dns.auto.tfvars new file mode 100644 index 0000000..4bb8c66 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/variables.dns.auto.tfvars @@ -0,0 +1,2 @@ +dns_zone_description_prefix = "General dev ugw1" +dns_zone_create = false diff --git a/examples/vpc-apps-dns-remote-zone/variables.dns.tf b/examples/vpc-apps-dns-remote-zone/variables.dns.tf new file mode 100644 index 0000000..07cc349 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/variables.dns.tf @@ -0,0 +1,11 @@ +variable "dns_zone_description_prefix" { + description = "Zone description with the org-project-program-environment" + type = string + default = "" +} + +variable "dns_zone_create" { + description = "Flag determing to create (true) or associate (false) the main forward zone. Used for the same VPC domain name across different regions or VPCs" + type = bool + default = true +} diff --git a/examples/vpc-apps-dns-remote-zone/variables.route53.tf b/examples/vpc-apps-dns-remote-zone/variables.route53.tf new file mode 100644 index 0000000..140e7f2 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/variables.route53.tf @@ -0,0 +1,16 @@ +variable "route53_endpoints" { + description = "Map of target route53 endpoints (for inbound) central VPCs" + type = map(map(string)) + default = { + route53_main = { + "account_id" = "057405694017" + "us-gov-east-1" = "vpc-0871ba8a6040d623a" + "us-gov-west-1" = "vpc-0f03ea065333f72c5" + } + route53_main_legacy = { + "account_id" = "107742151971" + "us-gov-east-1" = "vpc-099a991da7c4eb8a5" + "us-gov-west-1" = "vpc-77877a12" + } + } +} diff --git a/examples/vpc-apps-dns-remote-zone/variables.username.tf b/examples/vpc-apps-dns-remote-zone/variables.username.tf new file mode 100644 index 0000000..46f8f47 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/variables.username.tf @@ -0,0 +1,5 @@ +variable "os_username" { + description = "OS username from environment variable, ideally as $USER" + type = string + default = null +} diff --git a/examples/vpc-apps-dns-remote-zone/versions.tf b/examples/vpc-apps-dns-remote-zone/versions.tf new file mode 100644 index 0000000..c791e91 --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.0" + } + } +}