add ssm_parameter

terraform-modules · Apr 3, 2023 · c72377f · c72377f
1 parent 7d13792
commit c72377f
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 12 deletions.
diff --git a/route53-zone-association/vpc/README.md b/route53-zone-association/vpc/README.md
@@ -34,6 +34,7 @@ No modules.
 | [aws_route53_vpc_association_authorization.peer_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
 | [aws_route53_zone_association.peer_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
 | [aws_route53_zone_association.peer_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_ssm_parameter.self_zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
@@ -54,6 +55,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
+| <a name="input_enable_ssm_parameter"></a> [enable\_ssm\_parameter](#input\_enable\_ssm\_parameter) | Flag to enable SSM parameter to be set for zones in other accounts, used for finding the zone\_id | `bool` | `true` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
 | <a name="input_private_zone"></a> [private\_zone](#input\_private\_zone) | Selection either private or public (default: private) for named zones | `bool` | `true` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region to select for self (default: from provider aws.self) | `string` | `null` | no |

diff --git a/route53-zone-association/vpc/main.tf b/route53-zone-association/vpc/main.tf
@@ -72,17 +72,21 @@ resource "aws_route53_zone_association" "peer_zones" {
   depends_on = [aws_route53_vpc_association_authorization.peer_zones]
 }
 
-output "zones" {
-  description = "Map of zone ids to zone names for PHZs"
-  value       = { for k, v in data.aws_route53_zone.zones : v.zone_id => k }
-}
-
-output "zones_account_id" {
-  description = "AWS Account ID where zone(s) is defined"
-  value       = data.aws_caller_identity.peer.account_id
-}
+resource "aws_ssm_parameter" "self_zones" {
+  for_each    = var.enable_ssm_parameter ? { for k, v in data.aws_route53_zone.zones : k => v.zone_id } : {}
+  name        = format("/local/%v/route53/zones/%v", local.region, each.key)
+  description = format("Route53 Zone Details for %v", each.key)
+  type        = "String"
+  value = jsonencode({
+    name       = var.vpc_domain_name
+    account_id = module.east_ma13_zones.zones_account_id
+    region     = module.east_ma13_zones.zones_region
+    zone_id    = each.value
+    #    create_time = try(time_static.vpce[0].unix, null)
+  })
 
-output "zones_region" {
-  description = "AWS Region where zone(s) is defined"
-  value       = data.aws_region.peer.name
+  tags = merge(
+    local.base_tags,
+    var.tags,
+  )
 }
diff --git a/route53-zone-association/vpc/outputs.tf b/route53-zone-association/vpc/outputs.tf
@@ -0,0 +1,14 @@
+output "zones" {
+  description = "Map of zone ids to zone names for PHZs"
+  value       = { for k, v in data.aws_route53_zone.zones : v.zone_id => k }
+}
+
+output "zones_account_id" {
+  description = "AWS Account ID where zone(s) is defined"
+  value       = data.aws_caller_identity.peer.account_id
+}
+
+output "zones_region" {
+  description = "AWS Region where zone(s) is defined"
+  value       = data.aws_region.peer.name
+}
diff --git a/route53-zone-association/vpc/variables.tf b/route53-zone-association/vpc/variables.tf
@@ -26,3 +26,9 @@ variable "region" {
   type        = string
   default     = null
 }
+
+variable "enable_ssm_parameter" {
+  description = "Flag to enable SSM parameter to be set for zones in other accounts, used for finding the zone_id"
+  type        = bool
+  default     = true
+}