added basic example

Author: m13t

README.md

@@ -12,8 +12,8 @@ Add example usage here
 
 ```hcl
 module "example" {
-  source  = "appvia/<NAME>/aws"
-  version = "0.0.1"
+  source  = "appvia/dns/aws"
+  version = "1.0.0"
 
   # insert variables here
 }

examples/basic/README.md

@@ -5,15 +5,16 @@
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.0.0 |
-| <a name="requirement_awscc"></a> [awscc](#requirement\_awscc) | >= 0.11.0 |
 
 ## Providers
 
 No providers.
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_central_dns"></a> [central\_dns](#module\_central\_dns) | appvia/dns/aws | n/a |
 
 ## Resources
 

examples/basic/main.tf

@@ -1,5 +1,57 @@
-#####################################################################################
-# Terraform module examples are meant to show an _example_ on how to use a module
-# per use-case. The code below should not be copied directly but referenced in order
-# to build your own root module that invokes this module
-#####################################################################################
+locals {
+  vpc_provided_dns = "10.0.0.2"
+}
+
+module "central_dns" {
+  source = "../../"
+
+  resolver_name = "central"
+
+  # ID of the VPC where the outbound resolver should be created.
+  resolver_vpc_id = "vpc-0f839083ca150be0f"
+
+  # At least 2 subnets (in different AZs) where the outbound resolver endpoints
+  # will be created.
+  resolver_subnet_ids = [
+    "subnet-05268db2ad256445e",
+    "subnet-0e52076f0f87ba47d",
+  ]
+
+  # We define our resolver rules in groups. For each group we define we add the rules
+  # defined to an AWS RAM resource share and share with the defined principals.
+  resolver_rule_groups = {
+    main = {
+      # Name is optional and defaults to the key of the map if not defined.
+      name = "MyCompany"
+
+      # List of principal ARNs to share the RAM share with.
+      ram_principals = [
+        "arn:aws:organizations::012345678910:organization/o-6doxpl2e1d",
+      ]
+
+      # List of rule definitions
+      rules = [{
+        # Domain name for which we want to forward rules. Domains specified here are inclusive
+        # of the domain itself and all subdomains.
+        domain = "mycompany.internal"
+
+        # List of IP addresses that will resolve the query for this domain. For utilising Route53
+        # private hosted zones, this should be the Amazon provided DNS server address for the VPC.
+        targets = [
+          local.vpc_provided_dns,
+        ]
+      }]
+    }
+  }
+
+  # In order to resolve DNS queries for private hosted zones that exist in other accounts
+  # we need to associate those zones with the VPC that we're creating our resolver. You
+  # must ensure that the zones specified below are pre-authorized to be associated with
+  # the VPC specified in `resolver_vpc_id`.
+  route53_zone_ids = [
+    "Z069099416OO53SIZNSAH",
+    "Z0104059RZRYA0EE84IM",
+    "Z082763213W4KUUPYB6YW",
+    "Z04370363H60F9DXTVYIU",
+  ]
+}

examples/basic/outputs.tf

@@ -1,2 +1 @@
-
 provider "aws" {}

examples/basic/providers.tf

@@ -1,4 +1,3 @@
-
 terraform {
   required_version = ">= 1.0.0"
 
@@ -7,9 +6,5 @@ terraform {
       source  = "hashicorp/aws"
       version = ">= 5.0.0"
     }
-    awscc = {
-      source  = "hashicorp/awscc"
-      version = ">= 0.11.0"
-    }
   }
 }

examples/basic/terraform.tf

@@ -0,0 +1,42 @@
+mock_provider "aws" {
+
+}
+
+run "basic_resolver" {
+  command = plan
+
+  variables {
+    resolver_name   = "test"
+    resolver_vpc_id = "vpc-abc123"
+
+    resolver_subnet_ids = [
+      "subnet-abc123",
+      "subnet-def456",
+    ]
+  }
+
+  assert {
+    condition     = aws_route53_resolver_endpoint.this.direction == "OUTBOUND"
+    error_message = "Endpoint direction incorrect"
+  }
+
+  assert {
+    condition     = length(aws_route53_resolver_endpoint.this.protocols) == 1
+    error_message = "Only one protocol expected to be defined"
+  }
+
+  assert {
+    condition     = contains(aws_route53_resolver_endpoint.this.protocols, "Do53")
+    error_message = "Resolver endpoint should contain Do53 protocol"
+  }
+
+  assert {
+    condition     = aws_route53_resolver_endpoint.this.resolver_endpoint_type == "IPV4"
+    error_message = "Resolver endpoint type should be IPV4"
+  }
+
+  assert {
+    condition     = aws_security_group.this.name == "${var.resolver_name}-sg"
+    error_message = "Expected security group name to have -sg suffix"
+  }
+}