From 19d7f43b6ad32c8f1c0a87ccef15b31e239e648c Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 28 Mar 2023 19:48:42 -0400
Subject: [PATCH] allow for zone list

---
 route53-zone-association/vpc/README.md     |  7 ++++-
 route53-zone-association/vpc/main.tf       | 35 ++++++++++++++++++++++
 route53-zone-association/vpc/variables.tf  | 13 +++++++-
 route53-zone-association/zone/README.md    |  2 +-
 route53-zone-association/zone/variables.tf |  2 +-
 5 files changed, 55 insertions(+), 4 deletions(-)

diff --git a/route53-zone-association/vpc/README.md b/route53-zone-association/vpc/README.md
index 21a6d5a..3303b7e 100644
--- a/route53-zone-association/vpc/README.md
+++ b/route53-zone-association/vpc/README.md
@@ -31,7 +31,9 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_route53_vpc_association_authorization.peer_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_vpc_association_authorization.peer_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
 | [aws_route53_zone_association.peer_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_route53_zone_association.peer_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
@@ -44,6 +46,7 @@ No modules.
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_region.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 | [aws_region.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 
 ## Inputs
 
@@ -52,9 +55,11 @@ No modules.
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_zone"></a> [private\_zone](#input\_private\_zone) | Selection either private or public (default: private) for named zones | `bool` | `true` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID with which to associate Route53 PHZs | `string` | n/a | yes |
-| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | List of Route53 PHZs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
+| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | List of Route53 PHZ IDs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
+| <a name="input_zones"></a> [zones](#input\_zones) | List of Route53 PHZs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
 
 ## Outputs
 
diff --git a/route53-zone-association/vpc/main.tf b/route53-zone-association/vpc/main.tf
index 39dc51c..435acfd 100644
--- a/route53-zone-association/vpc/main.tf
+++ b/route53-zone-association/vpc/main.tf
@@ -17,6 +17,9 @@ locals {
   }
 }
 
+#---
+# zone ids
+#---
 resource "aws_route53_vpc_association_authorization" "peer_zone" {
   provider   = aws.peer
   for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? toset(var.zone_ids) : toset([])
@@ -35,3 +38,35 @@ resource "aws_route53_zone_association" "peer_zone" {
 
   depends_on = [aws_route53_vpc_association_authorization.peer_zone]
 }
+
+#---
+# zone list
+#---
+data "aws_route53_zone" "zones" {
+  for_each     = toset(var.zones)
+  name         = each.key
+  private_zone = var.private_zone
+}
+
+locals {
+  zones_ids = [for k, v in data.aws_route53_zone.zones : v.zone_id]
+}
+
+resource "aws_route53_vpc_association_authorization" "peer_zones" {
+  provider   = aws.peer
+  for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? toset(local.zones_ids) : toset([])
+  zone_id    = each.key
+  vpc_region = data.aws_region.peer.name
+  vpc_id     = var.vpc_id
+}
+
+resource "aws_route53_zone_association" "peer_zones" {
+  provider = aws.self
+  for_each = toset(var.zones_ids)
+
+  zone_id    = each.key
+  vpc_id     = var.vpc_id
+  vpc_region = data.aws_region.self.name
+
+  depends_on = [aws_route53_vpc_association_authorization.peer_zones]
+}
diff --git a/route53-zone-association/vpc/variables.tf b/route53-zone-association/vpc/variables.tf
index 2484e8a..8f1dde3 100644
--- a/route53-zone-association/vpc/variables.tf
+++ b/route53-zone-association/vpc/variables.tf
@@ -1,5 +1,5 @@
 variable "zone_ids" {
-  description = "List of Route53 PHZs to associate with a (local/remote) VPC"
+  description = "List of Route53 PHZ IDs to associate with a (local/remote) VPC"
   type        = list(string)
   default     = []
 }
@@ -9,3 +9,14 @@ variable "vpc_id" {
   type        = string
 }
 
+variable "zones" {
+  description = "List of Route53 PHZs to associate with a (local/remote) VPC"
+  type        = list(string)
+  default     = []
+}
+
+variable "private_zone" {
+  description = "Selection either private or public (default: private) for named zones"
+  type        = bool
+  default     = true
+}
diff --git a/route53-zone-association/zone/README.md b/route53-zone-association/zone/README.md
index f362ac3..3663737 100644
--- a/route53-zone-association/zone/README.md
+++ b/route53-zone-association/zone/README.md
@@ -54,7 +54,7 @@ No modules.
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID with which to associate Route53 PHZs | `string` | n/a | yes |
-| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | List of Route53 PHZs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
+| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | List of Route53 PHZ IDs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
 
 ## Outputs
 
diff --git a/route53-zone-association/zone/variables.tf b/route53-zone-association/zone/variables.tf
index b91bb89..5379683 100644
--- a/route53-zone-association/zone/variables.tf
+++ b/route53-zone-association/zone/variables.tf
@@ -1,5 +1,5 @@
 variable "zone_ids" {
-  description = "List of Route53 PHZs to associate with a (local/remote) VPC"
+  description = "List of Route53 PHZ IDs to associate with a (local/remote) VPC"
   type        = list(string)
   default     = []
 }