add README

terraform-modules · Jul 28, 2023 · 7ce1762 · 7ce1762
1 parent 0c3a961
commit 7ce1762
Show file tree

Hide file tree

Showing 3 changed files with 104 additions and 1 deletion.
diff --git a/examples/common-apps-remote-roles/README.md b/examples/common-apps-remote-roles/README.md
@@ -0,0 +1,38 @@
+# common/apps/remote-roles
+
+This describes how to install the code for the `remote-roles`.
+
+When using a PHZ in a different account, this setup is necessary in the account which owns the PHZ.
+This is required **before** attempting to setup a remote zone in the `vpc{N}/apps/dns directory`,
+referenced [here](../vpc-apps-dns-remote-zone).
+
+# Setup
+
+* Get the module code for `aws-vpc-setup` in the `tf-upgrade` branch.
+
+* In the PHZ owning account
+
+```script
+cd PATH-TO-ACCOUNT-GIT
+cd common/apps
+mkdir remote-roles
+cd remote-roles
+
+rsync -avRWH PATH-TO-AWS-VPC-SETUP-MODULE/examples/common-apps-remote-roles/./ ./
+tf-run apply
+```
+
+# Add to git
+
+Be sure to add the directory to git in a branch, commit, and do a PR. Attach the apply log,
+and add the `tf-apply summary` text to the body of the PR.
+
+```script
+git checkout master
+git pull origin master
+git checkout -b 'add-remote-roles'
+git add .
+git commit -m'add remote-roles' .
+git push
+# do PR
+```
diff --git a/examples/vpc-apps-dns-remote-zone/README.md b/examples/vpc-apps-dns-remote-zone/README.md
@@ -0,0 +1,65 @@
+# vpc/{region}/vpn{N}/apps/dns
+
+This describes how to install the code for the VPC PHZ remote zone association
+
+When using a PHZ in a different account, this setup is necessary in the account will use the PHZ.
+The owning account also needs some setup, documented [here](../common-apps-remote-roles).
+
+# Setup
+
+* Get the module code for `aws-vpc-setup` in the `tf-upgrade` branch.
+
+* In the PHZ using account
+
+```script
+cd PATH-TO-ACCOUNT-GIT
+cd vpc/{region}/vpc{N}/apps
+
+# if there is no remote_state.yml, do this next thing
+tf-run apply
+
+cd dns
+rsync -avRWH PATH-TO-AWS-VPC-SETUP-MODULE/examples/vpc-apps-dns-remote-zone/./ .
+```
+
+There are two files to update:
+
+* locals.tf
+* associate-zones.tf
+
+For `locals.tf`, update the REGION and VPN accordingly for the vpc number and region in which you are working.  Here
+is the relevant line to update:
+
+```hcl
+  vpc_info       = data.terraform_remote_state.vpc_REGION_VPCN.outputs.vpc_info
+```
+
+For `associate-zones.tf`, add the forward zone to the `foward_zone_list` list.
+
+Uncomment the provider and module, and replace strings accordingly as listed in the file.
+
+* replace ALIAS with that of the target, replace dash with _, like ma3-gov becomes ma3_gov
+* replace ACCOUNTID with the account_id of the target account (account for ALIAS)
+* replace REGION with the short region, east or west where the zone VPC is defined in the target account
+
+Once done, you may apply all this.  Be sure to have done the remote-roles in the owning account first or this
+will fail.
+
+```script
+tf-run apply
+```
+
+# Add to git
+
+Be sure to add the directory to git in a branch, commit, and do a PR. Attach the apply log,
+and add the `tf-apply summary` text to the body of the PR.
+
+```script
+git checkout master
+git pull origin master
+git checkout -b 'add-remote-dns'
+git add .
+git commit -m'add remote-dns' .
+git push
+# do PR
+```
diff --git a/examples/vpc-apps-dns-remote-zone/locals.tf b/examples/vpc-apps-dns-remote-zone/locals.tf
@@ -5,7 +5,7 @@ locals {
 }
 
 locals {
-  vpc_info       = data.terraform_remote_state.vpc_west_vpc2.outputs.vpc_info
+  vpc_info       = data.terraform_remote_state.vpc_REGION_VPCN.outputs.vpc_info
   vpc_id         = local.vpc_info["vpc_id"]
   domain_name    = local.vpc_info["vpc_domain_name"]
   dns_servers    = local.vpc_info["vpc_dns_servers"]