Skip to content

Latest commit

 

History

History
110 lines (86 loc) · 8.04 KB

README.md

File metadata and controls

110 lines (86 loc) · 8.04 KB

Appvia Banner

Terraform Registry Latest Release Slack Community Contributors

Github Actions

Terraform AWS Central DNS

Description

This purpose of this module is to manage and provision a central DNS solution with an AWS estate. Under this setup all private hosted zones defined within the spoke accounts have the ability to perform DNS resolution between them.

Usage

module "dns" {
  source = "../../"

  resolver_name = "outbound-central-dns"
  tags          = var.tags

  resolver_rule_groups = [
    {
      ram_share_name = "internal"
      ram_principals = {
        "Deployments" = "arn:aws:organizations::536471746696:ou/o-7enwqk0f2c/ou-1tbg-mq4w830q"
        "Workloads"   = "arn:aws:organizations::536471746696:ou/o-7enwqk0f2c/ou-1tbg-lk6g79d4"
      }
      rules = [
        {
          name   = "aws-appvia-local"
          domain = "aws.appvia.local"
        }
      ]
    }
  ]

  network = {
    availability_zones = 2
    transit_gateway_id = var.transit_gateway_id
    private_netmask    = 24
    vpc_cidr           = "10.90.0.0/21"
  }
}

Update Documentation

The terraform-docs utility is used to generate this README. Follow the below steps to update:

  1. Make changes to the .terraform-docs.yml file
  2. Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
  3. Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Requirements

Name Version
terraform >= 1.0.7
aws >= 5.0.0

Providers

Name Version
aws >= 5.0.0

Modules

Name Source Version
dns_security_group terraform-aws-modules/security-group/aws 5.2.0
vpc appvia/network/aws 0.3.1

Resources

Name Type
aws_ram_principal_association.this resource
aws_ram_resource_association.this resource
aws_ram_resource_share.this resource
aws_route53_resolver_endpoint.this resource
aws_route53_resolver_rule.this resource
aws_route53_zone_association.this resource

Inputs

Name Description Type Default Required
network The network to use for the endpoints and optinal resolvers 
object({
    availability_zones = optional(number, 2)
    # Whether to use ipam when creating the network
    create = optional(bool, true)
    # Indicates if we should create a new network or reuse an existing one
    enable_default_route_table_association = optional(bool, true)
    # Whether to associate the default route table  
    enable_default_route_table_propagation = optional(bool, true)
    # Whether to propagate the default route table
    ipam_pool_id = optional(string, null)
    # The id of the ipam pool to use when creating the network
    name = optional(string, "central-dns")
    # The name of the network to create
    private_netmask = optional(number, 24)
    # The subnet mask for private subnets, when creating the network i.e subnet-id => 10.90.0.0/24
    private_subnet_ids = optional(list(string), [])
    # The ids of the private subnets to if we are reusing an existing network
    transit_gateway_id = optional(string, "")
    ## The transit gateway id to use for the network
    vpc_cidr = optional(string, "")
    # The cidrws range to use for the VPC, when creating the network
    vpc_id = optional(string, "")
    # The vpc id to use when reusing an existing network 
    vpc_netmask = optional(number, null)
    # When using ipam this the netmask to use for the VPC
  })
 n/a yes
resolver_name Name of the Route53 resolver endpoint string n/a yes
tags Map of tags to apply to resources created by this module map(string) n/a yes
resolver_endpoint_type The Route 53 Resolver endpoint IP address type. Valid values: IPV4, IPV6, DUALSTACK. string "IPV4" no
resolver_protocols List of protocols that the Route53 Outbound Resolver should support list(string) 
[
  "Do53",
  "DoH"
]
 no
resolver_rule_groups Map of Route53 Resolver Rules by group. Every rule in each group can be shared with principals via AWS RAM. 
list(object({
    ram_share_name = string
    # The share share name will be the ram_share_name '-' rule_name
    ram_principals = optional(map(string), {})
    ## A map of principals to share the rules with i.e. Infrastructure OU => ou-1234567890
    rules = list(object({
      name = string
      ## The name of the rule, used when creating the ram share 
      domain = string
      ## The domain to forward the query to 
      targets = optional(list(string), [])
      ## The name of the resolver rule
      rule_type = optional(string, "FORWARD")
      ## The type of rule to create 
    }))
    ## A list of rules to create in the group 
  }))
 [] no
route53_zone_ids List of Route53 Zone IDs to be associated with the resolver VPC. list(string) [] no

Outputs

Name Description
all_resolver_rules Map of all resolver rules.
endpoint Details of the Route53 Outbound Resolver endpoint.
resource_shares Map of AWS RAM Shares by group.
rules Map of resolver rules by group.