From 61b59ef40f51691694afb0fc8c9211df60d855c2 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Fri, 1 Nov 2024 18:35:00 -0400 Subject: [PATCH 1/4] create a map of zones --- route53-zone-association/zone/README.md | 69 +++++++++++++++++++++++++ route53-zone-association/zone/main.tf | 11 ++-- 2 files changed, 75 insertions(+), 5 deletions(-) diff --git a/route53-zone-association/zone/README.md b/route53-zone-association/zone/README.md index e3cf260..8f98d5a 100644 --- a/route53-zone-association/zone/README.md +++ b/route53-zone-association/zone/README.md @@ -64,3 +64,72 @@ No modules. | Name | Description | |------|-------------| | [zones](#output\_zones) | Map of zone ids to zone names for PHZs | + + +# About aws-vpc-setup :: route53-zone-assoication :: zone + +Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0.0 | +| [aws](#requirement\_aws) | >= 4.0.0 | +| [ldap](#requirement\_ldap) | >= 0.5.4 | +| [local](#requirement\_local) | >= 1.0.0 | +| [null](#requirement\_null) | >= 3.0 | +| [random](#requirement\_random) | >= 3.0 | +| [template](#requirement\_template) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 4.0.0 | +| [aws.peer](#provider\_aws.peer) | >= 4.0.0 | +| [aws.self](#provider\_aws.self) | >= 4.0.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_route53_vpc_association_authorization.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource | +| [aws_route53_zone_association.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | +| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | +| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_caller_identity.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_caller_identity.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | +| [aws_iam_account_alias.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | +| [aws_iam_account_alias.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_region.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_region.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_route53_zone.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no | +| [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no | +| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | +| [private\_zone](#input\_private\_zone) | Selection either private or public (default: private) for named zones | `bool` | `true` | no | +| [region](#input\_region) | AWS Region to select for peer (default: from provider aws.peer) | `string` | `null` | no | +| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no | +| [vpc\_id](#input\_vpc\_id) | VPC ID with which to associate Route53 PHZs | `string` | n/a | yes | +| [zone\_ids](#input\_zone\_ids) | List of Route53 PHZ IDs to associate with a (local/remote) VPC | `list(string)` | `[]` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [zones](#output\_zones) | Map of zone ids to zone names for PHZs | + \ No newline at end of file diff --git a/route53-zone-association/zone/main.tf b/route53-zone-association/zone/main.tf index 596efa6..0eb055f 100644 --- a/route53-zone-association/zone/main.tf +++ b/route53-zone-association/zone/main.tf @@ -15,12 +15,13 @@ locals { "boc:tf_module_name" = lookup(local._module_names, local._module_name, local._module_names["_main_"]) "boc:created_by" = "terraform" } - zone_ids = compact(var.zone_ids) + zone_ids = compact(var.zone_ids) + zone_ids_map = { for z in local.zone_ids : z => z } } resource "aws_route53_vpc_association_authorization" "self_zone" { provider = aws.self - for_each = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? toset(local.zone_ids) : toset([]) + for_each = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? local.zone_ids_map : toset([]) zone_id = each.key vpc_region = var.region == null ? data.aws_region.peer.name : var.region vpc_id = var.vpc_id @@ -28,7 +29,7 @@ resource "aws_route53_vpc_association_authorization" "self_zone" { resource "aws_route53_zone_association" "self_zone" { provider = aws.peer - for_each = toset(local.zone_ids) + for_each = local.zone_ids_map zone_id = each.key vpc_id = var.vpc_id @@ -42,8 +43,8 @@ resource "aws_route53_zone_association" "self_zone" { #--- data "aws_route53_zone" "zones" { provider = aws.self - for_each = toset(local.zone_ids) - zone_id = each.key + for_each = local.zone_ids_map + zone_id = each.value private_zone = var.private_zone } From 4f84e3e12548b5cd42d222ecbae5157858672e91 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 4 Nov 2024 14:35:13 -0500 Subject: [PATCH 2/4] updates from feedback --- route53-zone-association/zone/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/route53-zone-association/zone/main.tf b/route53-zone-association/zone/main.tf index 0eb055f..882e88a 100644 --- a/route53-zone-association/zone/main.tf +++ b/route53-zone-association/zone/main.tf @@ -21,7 +21,7 @@ locals { resource "aws_route53_vpc_association_authorization" "self_zone" { provider = aws.self - for_each = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? local.zone_ids_map : toset([]) + for_each = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? local.zone_ids_map : {} zone_id = each.key vpc_region = var.region == null ? data.aws_region.peer.name : var.region vpc_id = var.vpc_id @@ -44,7 +44,7 @@ resource "aws_route53_zone_association" "self_zone" { data "aws_route53_zone" "zones" { provider = aws.self for_each = local.zone_ids_map - zone_id = each.value + zone_id = each.key private_zone = var.private_zone } From d6914d45136f5a18cbed47fe2a3ee2f02841dd53 Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 4 Nov 2024 14:37:14 -0500 Subject: [PATCH 3/4] update docs --- route53-zone-association/zone/README.md | 65 +------------------------ 1 file changed, 1 insertion(+), 64 deletions(-) diff --git a/route53-zone-association/zone/README.md b/route53-zone-association/zone/README.md index 8f98d5a..825f949 100644 --- a/route53-zone-association/zone/README.md +++ b/route53-zone-association/zone/README.md @@ -2,69 +2,6 @@ Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.0 | -| [aws](#requirement\_aws) | >= 4.0.0 | -| [ldap](#requirement\_ldap) | >= 0.5.4 | -| [local](#requirement\_local) | >= 1.0.0 | -| [null](#requirement\_null) | >= 3.0 | -| [random](#requirement\_random) | >= 3.0 | -| [template](#requirement\_template) | >= 2.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 4.0.0 | -| [aws.peer](#provider\_aws.peer) | >= 4.0.0 | -| [aws.self](#provider\_aws.self) | >= 4.0.0 | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_vpc_association_authorization.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource | -| [aws_route53_zone_association.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource | -| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_caller_identity.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_caller_identity.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | -| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | -| [aws_iam_account_alias.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | -| [aws_iam_account_alias.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_region.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_region.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_route53_zone.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no | -| [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no | -| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | -| [private\_zone](#input\_private\_zone) | Selection either private or public (default: private) for named zones | `bool` | `true` | no | -| [region](#input\_region) | AWS Region to select for peer (default: from provider aws.peer) | `string` | `null` | no | -| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no | -| [vpc\_id](#input\_vpc\_id) | VPC ID with which to associate Route53 PHZs | `string` | n/a | yes | -| [zone\_ids](#input\_zone\_ids) | List of Route53 PHZ IDs to associate with a (local/remote) VPC | `list(string)` | `[]` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [zones](#output\_zones) | Map of zone ids to zone names for PHZs | - # About aws-vpc-setup :: route53-zone-assoication :: zone @@ -132,4 +69,4 @@ No modules. | Name | Description | |------|-------------| | [zones](#output\_zones) | Map of zone ids to zone names for PHZs | - \ No newline at end of file + From 6cef77b24fd231d1ecfc48dc4a6316b0a0efb54b Mon Sep 17 00:00:00 2001 From: "Matthew C. Morgan" Date: Mon, 4 Nov 2024 14:38:38 -0500 Subject: [PATCH 4/4] update docs --- route53-zone-association/zone/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/route53-zone-association/zone/README.md b/route53-zone-association/zone/README.md index 825f949..2c80f5b 100644 --- a/route53-zone-association/zone/README.md +++ b/route53-zone-association/zone/README.md @@ -23,9 +23,9 @@ Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 4.0.0 | -| [aws.peer](#provider\_aws.peer) | >= 4.0.0 | -| [aws.self](#provider\_aws.self) | >= 4.0.0 | +| [aws](#provider\_aws) | 5.74.0 | +| [aws.peer](#provider\_aws.peer) | 5.74.0 | +| [aws.self](#provider\_aws.self) | 5.74.0 | ## Modules