From 7ce17621dfb17cd6eeb082615ea8e2fdf6fb604a Mon Sep 17 00:00:00 2001 From: badra001 Date: Fri, 28 Jul 2023 08:31:09 -0400 Subject: [PATCH] add README --- examples/common-apps-remote-roles/README.md | 38 ++++++++++++ examples/vpc-apps-dns-remote-zone/README.md | 65 +++++++++++++++++++++ examples/vpc-apps-dns-remote-zone/locals.tf | 2 +- 3 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 examples/common-apps-remote-roles/README.md create mode 100644 examples/vpc-apps-dns-remote-zone/README.md diff --git a/examples/common-apps-remote-roles/README.md b/examples/common-apps-remote-roles/README.md new file mode 100644 index 0000000..f027f87 --- /dev/null +++ b/examples/common-apps-remote-roles/README.md @@ -0,0 +1,38 @@ +# common/apps/remote-roles + +This describes how to install the code for the `remote-roles`. + +When using a PHZ in a different account, this setup is necessary in the account which owns the PHZ. +This is required **before** attempting to setup a remote zone in the `vpc{N}/apps/dns directory`, +referenced [here](../vpc-apps-dns-remote-zone). + +# Setup + +* Get the module code for `aws-vpc-setup` in the `tf-upgrade` branch. + +* In the PHZ owning account + +```script +cd PATH-TO-ACCOUNT-GIT +cd common/apps +mkdir remote-roles +cd remote-roles + +rsync -avRWH PATH-TO-AWS-VPC-SETUP-MODULE/examples/common-apps-remote-roles/./ ./ +tf-run apply +``` + +# Add to git + +Be sure to add the directory to git in a branch, commit, and do a PR. Attach the apply log, +and add the `tf-apply summary` text to the body of the PR. + +```script +git checkout master +git pull origin master +git checkout -b 'add-remote-roles' +git add . +git commit -m'add remote-roles' . +git push +# do PR +``` diff --git a/examples/vpc-apps-dns-remote-zone/README.md b/examples/vpc-apps-dns-remote-zone/README.md new file mode 100644 index 0000000..85a4a8c --- /dev/null +++ b/examples/vpc-apps-dns-remote-zone/README.md @@ -0,0 +1,65 @@ +# vpc/{region}/vpn{N}/apps/dns + +This describes how to install the code for the VPC PHZ remote zone association + +When using a PHZ in a different account, this setup is necessary in the account will use the PHZ. +The owning account also needs some setup, documented [here](../common-apps-remote-roles). + +# Setup + +* Get the module code for `aws-vpc-setup` in the `tf-upgrade` branch. + +* In the PHZ using account + +```script +cd PATH-TO-ACCOUNT-GIT +cd vpc/{region}/vpc{N}/apps + +# if there is no remote_state.yml, do this next thing +tf-run apply + +cd dns +rsync -avRWH PATH-TO-AWS-VPC-SETUP-MODULE/examples/vpc-apps-dns-remote-zone/./ . +``` + +There are two files to update: + +* locals.tf +* associate-zones.tf + +For `locals.tf`, update the REGION and VPN accordingly for the vpc number and region in which you are working. Here +is the relevant line to update: + +```hcl + vpc_info = data.terraform_remote_state.vpc_REGION_VPCN.outputs.vpc_info +``` + +For `associate-zones.tf`, add the forward zone to the `foward_zone_list` list. + +Uncomment the provider and module, and replace strings accordingly as listed in the file. + +* replace ALIAS with that of the target, replace dash with _, like ma3-gov becomes ma3_gov +* replace ACCOUNTID with the account_id of the target account (account for ALIAS) +* replace REGION with the short region, east or west where the zone VPC is defined in the target account + +Once done, you may apply all this. Be sure to have done the remote-roles in the owning account first or this +will fail. + +```script +tf-run apply +``` + +# Add to git + +Be sure to add the directory to git in a branch, commit, and do a PR. Attach the apply log, +and add the `tf-apply summary` text to the body of the PR. + +```script +git checkout master +git pull origin master +git checkout -b 'add-remote-dns' +git add . +git commit -m'add remote-dns' . +git push +# do PR +``` diff --git a/examples/vpc-apps-dns-remote-zone/locals.tf b/examples/vpc-apps-dns-remote-zone/locals.tf index 8edb5e6..73c5521 100644 --- a/examples/vpc-apps-dns-remote-zone/locals.tf +++ b/examples/vpc-apps-dns-remote-zone/locals.tf @@ -5,7 +5,7 @@ locals { } locals { - vpc_info = data.terraform_remote_state.vpc_west_vpc2.outputs.vpc_info + vpc_info = data.terraform_remote_state.vpc_REGION_VPCN.outputs.vpc_info vpc_id = local.vpc_info["vpc_id"] domain_name = local.vpc_info["vpc_domain_name"] dns_servers = local.vpc_info["vpc_dns_servers"]