You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This purpose of this module is to manage and provision a central DNS solution with an AWS estate. Under this setup all private hosted zones defined within the spoke accounts have the ability to perform DNS resolution between them.
| <a name="input_network"></a> [network](#input\_network) | The network to use for the endpoints and optinal resolvers | <pre>object({<br> availability_zones = optional(number, 2)<br> # Whether to use ipam when creating the network<br> create = optional(bool, true)<br> # Indicates if we should create a new network or reuse an existing one<br> enable_default_route_table_association = optional(bool, true)<br> # Whether to associate the default route table <br> enable_default_route_table_propagation = optional(bool, true)<br> # Whether to propagate the default route table<br> ipam_pool_id = optional(string, null)<br> # The id of the ipam pool to use when creating the network<br> name = optional(string, "central-dns")<br> # The name of the network to create<br> private_netmask = optional(number, 24)<br> # The subnet mask for private subnets, when creating the network i.e subnet-id => 10.90.0.0/24<br> private_subnet_ids = optional(list(string), [])<br> # The ids of the private subnets to if we are reusing an existing network<br> transit_gateway_id = optional(string, "")<br> ## The transit gateway id to use for the network<br> vpc_cidr = optional(string, "")<br> # The cidrws range to use for the VPC, when creating the network<br> vpc_id = optional(string, "")<br> # The vpc id to use when reusing an existing network <br> vpc_netmask = optional(number, null)<br> # When using ipam this the netmask to use for the VPC<br> })</pre> | n/a | yes |
64
88
| <aname="input_resolver_name"></a> [resolver\_name](#input\_resolver\_name)| Name of the Route53 resolver endpoint |`string`| n/a | yes |
65
-
| <aname="input_resolver_subnet_ids"></a> [resolver\_subnet\_ids](#input\_resolver\_subnet\_ids)| List of subnet IDs in which to create the Route53 Outbound Resolver |`list(string)`| n/a | yes |
66
-
| <aname="input_resolver_vpc_id"></a> [resolver\_vpc\_id](#input\_resolver\_vpc\_id)| The ID of the VPC in which to create the Route53 Outbound Resolver |`string`| n/a | yes |
89
+
| <aname="input_tags"></a> [tags](#input\_tags)| Map of tags to apply to resources created by this module |`map(string)`| n/a | yes |
67
90
| <aname="input_resolver_endpoint_type"></a> [resolver\_endpoint\_type](#input\_resolver\_endpoint\_type)| The Route 53 Resolver endpoint IP address type. Valid values: IPV4, IPV6, DUALSTACK. |`string`|`"IPV4"`| no |
68
-
| <aname="input_resolver_protocols"></a> [resolver\_protocols](#input\_resolver\_protocols)| List of protocols that the Route53 Outbound Resolver should support |`list(string)`| <pre>[<br> "Do53"<br>]</pre> | no |
69
-
| <aname="input_resolver_rule_groups"></a> [resolver\_rule\_groups](#input\_resolver\_rule\_groups)| Map of Route53 Resolver Rules by group. Every rule in each group can be shared with principals via AWS RAM. | <pre>map(object({<br> name = optional(string)<br> ram_principals = optional(list(string), [])<br><br> rules = list(object({<br> domain = string<br> targets = list(string)<br> name = optional(string)<br> rule_type = optional(string, "FORWARD")<br> }))<br> }))</pre> |`{}`| no |
91
+
| <aname="input_resolver_protocols"></a> [resolver\_protocols](#input\_resolver\_protocols)| List of protocols that the Route53 Outbound Resolver should support |`list(string)`| <pre>[<br> "Do53",<br> "DoH"<br>]</pre> | no |
92
+
| <aname="input_resolver_rule_groups"></a> [resolver\_rule\_groups](#input\_resolver\_rule\_groups)| Map of Route53 Resolver Rules by group. Every rule in each group can be shared with principals via AWS RAM. | <pre>list(object({<br> ram_share_name = string<br># The share share name will be the ram_share_name '-' rule_name<br> ram_principals = optional(map(string), {})<br> ## A map of principals to share the rules with i.e. Infrastructure OU => ou-1234567890<br> rules = list(object({<br> name = string<br> ## The name of the rule, used when creating the ram share <br> domain = string<br> ## The domain to forward the query to <br> targets = optional(list(string), [])<br> ## The name of the resolver rule<br> rule_type = optional(string, "FORWARD")<br> ## The type of rule to create <br> }))<br> ## A list of rules to create in the group <br> }))</pre> |`[]`| no |
70
93
| <aname="input_route53_zone_ids"></a> [route53\_zone\_ids](#input\_route53\_zone\_ids)| List of Route53 Zone IDs to be associated with the resolver VPC. |`list(string)`|`[]`| no |
71
-
| <aname="input_tags"></a> [tags](#input\_tags)| Map of tags to apply to resources created by this module |`map(string)`|`{}`| no |
72
94
73
95
## Outputs
74
96
75
97
| Name | Description |
76
98
|------|-------------|
99
+
| <aname="output_all_resolver_rules"></a> [all\_resolver\_rules](#output\_all\_resolver\_rules)| Map of all resolver rules. |
77
100
| <aname="output_endpoint"></a> [endpoint](#output\_endpoint)| Details of the Route53 Outbound Resolver endpoint. |
78
101
| <aname="output_resource_shares"></a> [resource\_shares](#output\_resource\_shares)| Map of AWS RAM Shares by group. |
79
102
| <aname="output_rules"></a> [rules](#output\_rules)| Map of resolver rules by group. |
| <aname="input_tags"></a> [tags](#input\_tags)| Map of tags to apply to resources created by this module |`map(string)`| <pre>{<br> "Environment": "Testing",<br> "GitRepo": "https://github.com/appvia/terraform-aws-dns"<br>}</pre> | no |
28
+
| <aname="input_transit_gateway_id"></a> [transit\_gateway\_id](#input\_transit\_gateway\_id)| The id of the transit gateway to use for the network |`string`|`"tgw-04ad8f026be8b7eb6"`| no |
0 commit comments