From 5a30c71d4d80373f9e98d7ea139799e11eb1004c Mon Sep 17 00:00:00 2001 From: githubjianli <51385385+githubjianli@users.noreply.github.com> Date: Fri, 31 May 2024 09:45:11 -0700 Subject: [PATCH] =?UTF-8?q?feat:=20add=20new=20variable=20apiary=5Fdomain?= =?UTF-8?q?=5Fprivate=5Fzone=20to=20support=20zone=20pri=E2=80=A6=20(#261)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: add new variable apiary_domain_private_zone to support zone private or public * fix: remove vpc_id filter * fix: fix hms alias route53 records * fix: fix typo --------- Co-authored-by: janli --- CHANGELOG.md | 4 ++++ VARIABLES.md | 1 + common.tf | 6 +++--- route53.tf | 20 ++++++-------------- variables.tf | 6 ++++++ 5 files changed, 20 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 703e049..03f8197 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [7.1.6] - 2024-05-31 +### Added +- Add `apiary_domain_private_zone` to provide option to use private or public zone. + ## [7.1.5] - 2024-05-22 ### Fixed - Add `copy_tags_to_snapshot` to aws_rds_cluster. diff --git a/VARIABLES.md b/VARIABLES.md index 7b1164b..305d8da 100644 --- a/VARIABLES.md +++ b/VARIABLES.md @@ -13,6 +13,7 @@ | apiary\_deny\_iamrole\_actions | List of S3 actions that 'apiary\_deny\_iamroles' are not allowed to perform. | `list(string)` |
[
"s3:Abort*",
"s3:Bypass*",
"s3:Delete*",
"s3:GetObject",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionTorrent",
"s3:ObjectOwnerOverrideToBucketOwner",
"s3:Put*",
"s3:Replicate*",
"s3:Restore*"
]
| no | | apiary\_deny\_iamroles | AWS IAM roles denied access to Apiary managed S3 buckets. | `list(string)` | `[]` | no | | apiary\_domain\_name | Apiary domain name for Route 53. | `string` | `""` | no | +| apiary\_domain\_private\_zone | Apiary domain private zone 53. | `bool` | `true` | no | | apiary\_governance\_iamroles | AWS IAM governance roles allowed read and tagging access to managed Apiary S3 buckets. | `list(string)` | `[]` | no | | apiary\_log\_bucket | Bucket for Apiary logs.If this is blank, module will create a bucket. | `string` | `""` | no | | apiary\_log\_prefix | Prefix for Apiary logs. | `string` | `""` | no | diff --git a/common.tf b/common.tf index 4990bcd..57df24d 100644 --- a/common.tf +++ b/common.tf @@ -76,9 +76,9 @@ data "aws_vpc" "apiary_vpc" { } data "aws_route53_zone" "apiary_zone" { - count = local.enable_route53_records ? 1 : 0 - name = var.apiary_domain_name - vpc_id = var.vpc_id + count = local.enable_route53_records ? 1 : 0 + name = var.apiary_domain_name + private_zone = var.apiary_domain_private_zone } data "aws_secretsmanager_secret" "datadog_key" { diff --git a/route53.tf b/route53.tf index a994b71..814d8f8 100644 --- a/route53.tf +++ b/route53.tf @@ -8,26 +8,18 @@ resource "aws_route53_record" "hms_readwrite_alias" { count = local.enable_route53_records ? 1 : 0 zone_id = data.aws_route53_zone.apiary_zone[0].zone_id name = "${local.instance_alias}-hms-readwrite" - type = "A" - - alias { - name = aws_lb.apiary_hms_rw_lb[0].dns_name - zone_id = aws_lb.apiary_hms_rw_lb[0].zone_id - evaluate_target_health = true - } + type = "CNAME" + ttl = "300" + records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_rw_lb[0].dns_name : kubernetes_service.hms_readwrite[0].status.0.load_balancer.0.ingress.*.hostname } resource "aws_route53_record" "hms_readonly_alias" { count = local.enable_route53_records ? 1 : 0 zone_id = data.aws_route53_zone.apiary_zone[0].zone_id name = "${local.instance_alias}-hms-readonly" - type = "A" - - alias { - name = aws_lb.apiary_hms_ro_lb[0].dns_name - zone_id = aws_lb.apiary_hms_ro_lb[0].zone_id - evaluate_target_health = true - } + type = "CNAME" + ttl = "300" + records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_ro_lb[0].dns_name : kubernetes_service.hms_readonly[0].status.0.load_balancer.0.ingress.*.hostname } resource "aws_route53_zone" "apiary" { diff --git a/variables.tf b/variables.tf index 9a3516b..efe75d8 100644 --- a/variables.tf +++ b/variables.tf @@ -21,6 +21,12 @@ variable "apiary_domain_name" { default = "" } +variable "apiary_domain_private_zone" { + description = "Apiary domain zone private" + type = bool + default = true +} + variable "ecs_domain_extension" { description = "Domain name to use for hosted zone created by ECS service discovery." type = string