create a map of zones

route53-zone-association/zone/README.md

@@ -64,3 +64,72 @@ No modules.
 | Name | Description |
 |------|-------------|
 | <a name="output_zones"></a> [zones](#output\_zones) | Map of zone ids to zone names for PHZs |
+
+<!-- BEGIN_TF_DOCS -->
+# About aws-vpc-setup :: route53-zone-assoication :: zone
+
+Associate my Private Hosted Zone(s) (PHZ) in aws.self with a VPC in aws.peer
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.0.0 |
+| <a name="requirement_ldap"></a> [ldap](#requirement\_ldap) | >= 0.5.4 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 1.0.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.0 |
+| <a name="requirement_template"></a> [template](#requirement\_template) | >= 2.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.0.0 |
+| <a name="provider_aws.peer"></a> [aws.peer](#provider\_aws.peer) | >= 4.0.0 |
+| <a name="provider_aws.self"></a> [aws.self](#provider\_aws.self) | >= 4.0.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_vpc_association_authorization.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_vpc_association_authorization) | resource |
+| [aws_route53_zone_association.self_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_arn.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_caller_identity.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_account_alias.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_iam_account_alias.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_iam_account_alias.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_account_alias) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.peer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_region.self](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_route53_zone.zones](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_private_zone"></a> [private\_zone](#input\_private\_zone) | Selection either private or public (default: private) for named zones | `bool` | `true` | no |
+| <a name="input_region"></a> [region](#input\_region) | AWS Region to select for peer (default: from provider aws.peer) | `string` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID with which to associate Route53 PHZs | `string` | n/a | yes |
+| <a name="input_zone_ids"></a> [zone\_ids](#input\_zone\_ids) | List of Route53 PHZ IDs to associate with a (local/remote) VPC | `list(string)` | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_zones"></a> [zones](#output\_zones) | Map of zone ids to zone names for PHZs |
+<!-- END_TF_DOCS -->

route53-zone-association/zone/main.tf

@@ -15,20 +15,21 @@ locals {
     "boc:tf_module_name"    = lookup(local._module_names, local._module_name, local._module_names["_main_"])
     "boc:created_by"        = "terraform"
   }
-  zone_ids = compact(var.zone_ids)
+  zone_ids     = compact(var.zone_ids)
+  zone_ids_map = { for z in local.zone_ids : z => z }
 }
 
 resource "aws_route53_vpc_association_authorization" "self_zone" {
   provider   = aws.self
-  for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? toset(local.zone_ids) : toset([])
+  for_each   = data.aws_caller_identity.self.account_id != data.aws_caller_identity.peer.account_id ? local.zone_ids_map : toset([])
   zone_id    = each.key
   vpc_region = var.region == null ? data.aws_region.peer.name : var.region
   vpc_id     = var.vpc_id
 }
 
 resource "aws_route53_zone_association" "self_zone" {
   provider = aws.peer
-  for_each = toset(local.zone_ids)
+  for_each = local.zone_ids_map
 
   zone_id    = each.key
   vpc_id     = var.vpc_id
@@ -42,8 +43,8 @@ resource "aws_route53_zone_association" "self_zone" {
 #---
 data "aws_route53_zone" "zones" {
   provider     = aws.self
-  for_each     = toset(local.zone_ids)
-  zone_id      = each.key
+  for_each     = local.zone_ids_map
+  zone_id      = each.value
   private_zone = var.private_zone
 }