Refine private-zone and public-zone modules

README.md

@@ -33,6 +33,14 @@ Terraform Modules from [this package](https://github.com/tedilabs/terraform-aws-
   - Imported Certificate
 
 
+## Examples
+
+### Route53
+
+- [route53-private-zone-simple](./examples/route53-private-zone-simple/)
+- [route53-public-zone-simple](./examples/route53-public-zone-simple/)
+
+
 ## Self Promotion
 
 Like this project? Follow the repository on [GitHub](https://github.com/tedilabs/terraform-aws-domain). And if you're feeling especially charitable, follow **[posquit0](https://github.com/posquit0)** on GitHub.

examples/route53-private-zone-simple/main.tf

@@ -0,0 +1,28 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+data "aws_vpc" "default" {
+  default = true
+}
+
+
+###################################################
+# Route53 Private Hosted Zone
+###################################################
+
+module "zone" {
+  source = "../../modules/private-zone/"
+  # source  = "tedilabs/domain/aws//modules/private-zone"
+  # version = "~> 0.2.0"
+
+  name = "mycompany.com"
+
+  primary_vpc_association = {
+    vpc_id = data.aws_vpc.default.id
+  }
+
+  tags = {
+    "project" = "terraform-aws-domain-examples"
+  }
+}

examples/route53-private-zone-simple/outputs.tf

@@ -0,0 +1,4 @@
+output "zone" {
+  description = "The Route53 Hosted Zone."
+  value       = module.zone
+}

examples/route53-private-zone-simple/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 1.6"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}

examples/route53-public-zone-simple/main.tf

@@ -0,0 +1,20 @@
+provider "aws" {
+  region = "us-east-1"
+}
+
+
+###################################################
+# Route53 Public Hosted Zone
+###################################################
+
+module "zone" {
+  source = "../../modules/public-zone/"
+  # source  = "tedilabs/domain/aws//modules/public-zone"
+  # version = "~> 0.2.0"
+
+  name = "mycompany.com"
+
+  tags = {
+    "project" = "terraform-aws-domain-examples"
+  }
+}

examples/route53-public-zone-simple/outputs.tf

@@ -0,0 +1,4 @@
+output "zone" {
+  description = "The Route53 Hosted Zone."
+  value       = module.zone
+}

examples/route53-public-zone-simple/versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = "~> 1.6"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}

modules/private-zone/README.md

@@ -11,14 +11,14 @@ This module creates following resources.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.27 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.6 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.14 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.25.0 |
 
 ## Modules
 
@@ -39,28 +39,29 @@ This module creates following resources.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_name"></a> [name](#input\_name) | (Required) The name of the Hosted Zone. | `string` | n/a | yes |
-| <a name="input_authorized_cross_account_vpc_associations"></a> [authorized\_cross\_account\_vpc\_associations](#input\_authorized\_cross\_account\_vpc\_associations) | (Optional) Authorizes a VPC in a peer account to be associated with a local Route53 Hosted Zone. `vpc_id` is required to authorize for association with the private Hosted Zone. `region` is optional. Defaults to the region of the AWS provider. | `list(map(string))` | `[]` | no |
-| <a name="input_comment"></a> [comment](#input\_comment) | (Optional) A comment for the Hosted Zone. | `string` | `"Managed by Terraform"` | no |
-| <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | (Optional) Whether to destroy all records (possibly managed outside of Terraform) in the zone when destroying the zone. | `bool` | `false` | no |
+| <a name="input_primary_vpc_association"></a> [primary\_vpc\_association](#input\_primary\_vpc\_association) | (Required) The Primary VPC to associate with the private hosted zone. `primary_vpc_association` block as defined below.<br>    (Required) `vpc_id` - The ID of the VPC to associate with the private Hosted Zone.<br>    (Optional) `region` - The region of the VPC to associate. Defaults to the region of the AWS provider. | <pre>object({<br>    region = optional(string)<br>    vpc_id = string<br>  })</pre> | n/a | yes |
+| <a name="input_cross_account_vpc_association_authorizations"></a> [cross\_account\_vpc\_association\_authorizations](#input\_cross\_account\_vpc\_association\_authorizations) | (Optional) A list of authorizations for a VPC in a peer account to be associated with the Route53 Hosted Zone. Each block of `cross_account_vpc_association_authorizations` as defined below.<br>    (Required) `vpc_id` - The ID of the VPC to authorize for association with the private Hosted Zone.<br>    (Optional) `region` - The region of the VPC to authorize. Defaults to the region of the AWS provider. | <pre>list(object({<br>    region = optional(string)<br>    vpc_id = string<br>  }))</pre> | `[]` | no |
+| <a name="input_description"></a> [description](#input\_description) | (Optional) A description for the Hosted Zone. | `string` | `"Managed by Terraform."` | no |
+| <a name="input_force_destroy"></a> [force\_destroy](#input\_force\_destroy) | (Optional) Whether to destroy all records (possibly managed outside of Terraform) in the zone when destroying the zone. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
-| <a name="input_namespace"></a> [namespace](#input\_namespace) | (Optional) The namespace of the Hosted Zone. Just for categorising overlapped hosted zones. | `string` | `"default"` | no |
-| <a name="input_primary_vpc_association"></a> [primary\_vpc\_association](#input\_primary\_vpc\_association) | (Required) The Primary VPC to associate with the private hosted zone. `vpc_id` is required to associate with the private Hosted Zone. `region` is optional. Defaults to the region of the AWS provider. `primary_vpc_association` block as defined below.<br>    (Required) `vpc_id` - The ID of the VPC to associate with the private Hosted Zone.<br>    (Optional) `region` - The region of the VPC to associate. Defaults to the region of the AWS provider. | `map(string)` | `{}` | no |
+| <a name="input_namespace"></a> [namespace](#input\_namespace) | (Optional) The namespace of the Hosted Zone. Just for categorising overlapped hosted zones. Defaults to `default`. | `string` | `"default"` | no |
 | <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
 | <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
-| <a name="input_secondary_vpc_associations"></a> [secondary\_vpc\_associations](#input\_secondary\_vpc\_associations) | (Optional) A list of secondary VPCs to associate with the private hosted zone. `vpc_id` is required to associate with the private Hosted Zone. `region` is optional. Defaults to the region of the AWS provider. | `list(map(string))` | `[]` | no |
+| <a name="input_secondary_vpc_associations"></a> [secondary\_vpc\_associations](#input\_secondary\_vpc\_associations) | (Optional) A list of secondary VPCs to associate with the private hosted zone. Each<br>  block of `secondary_vpc_associations` as defined below.<br>    (Required) `vpc_id` - The ID of the VPC to associate with the private Hosted Zone.<br>    (Optional) `region` - The region of the VPC to associate. Defaults to the region of the AWS provider. | <pre>list(object({<br>    region = optional(string)<br>    vpc_id = string<br>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | <a name="output_arn"></a> [arn](#output\_arn) | The Amazon Resource Name (ARN) of the Hosted Zone. |
-| <a name="output_authorized_cross_account_vpc_associations"></a> [authorized\_cross\_account\_vpc\_associations](#output\_authorized\_cross\_account\_vpc\_associations) | A list of authorized VPCs in cross accounts to associate with a private Hosted Zone. |
-| <a name="output_comment"></a> [comment](#output\_comment) | A comment for the Hosted Zone. |
+| <a name="output_cross_account_vpc_association_authorizations"></a> [cross\_account\_vpc\_association\_authorizations](#output\_cross\_account\_vpc\_association\_authorizations) | A list of authorized VPCs in cross accounts to associate with a private Hosted Zone. |
+| <a name="output_description"></a> [description](#output\_description) | A description for the Hosted Zone. |
 | <a name="output_id"></a> [id](#output\_id) | The Hosted Zone ID. This can be referenced by zone records. |
 | <a name="output_name"></a> [name](#output\_name) | The name of the Hosted Zone. |
 | <a name="output_name_servers"></a> [name\_servers](#output\_name\_servers) | A list of name servers in associated (or default) delegation set. |
 | <a name="output_namespace"></a> [namespace](#output\_namespace) | The namespace of the Hosted Zone. |
+| <a name="output_primary_name_server"></a> [primary\_name\_server](#output\_primary\_name\_server) | The Route 53 name server that created the SOA record. |
 | <a name="output_vpc_associations"></a> [vpc\_associations](#output\_vpc\_associations) | A list of associated VPCs with a private Hosted Zone. |
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/private-zone/main.tf

@@ -15,13 +15,19 @@ locals {
 }
 
 
+###################################################
+# Private Hosted Zone
+###################################################
+
+# INFO: Not supported attributes
+# - `delegation_set_id`
 resource "aws_route53_zone" "private" {
   name          = var.name
-  comment       = var.comment
+  comment       = var.description
   force_destroy = var.force_destroy
 
   vpc {
-    vpc_region = try(var.primary_vpc_association.region, null)
+    vpc_region = var.primary_vpc_association.region
     vpc_id     = var.primary_vpc_association.vpc_id
   }
 
@@ -45,13 +51,13 @@ resource "aws_route53_zone" "private" {
 
 resource "aws_route53_vpc_association_authorization" "this" {
   for_each = {
-    for vpc_association in var.authorized_cross_account_vpc_associations :
-    vpc_association.vpc_id => vpc_association
+    for authorization in var.cross_account_vpc_association_authorizations :
+    authorization.vpc_id => authorization
   }
 
   zone_id = aws_route53_zone.private.zone_id
 
-  vpc_region = try(each.value.region, null)
+  vpc_region = each.value.region
   vpc_id     = each.value.vpc_id
 }
 
@@ -68,7 +74,7 @@ resource "aws_route53_zone_association" "secondary" {
 
   zone_id = aws_route53_zone.private.zone_id
 
-  vpc_region = try(each.value.region, null)
+  vpc_region = each.value.region
   vpc_id     = each.value.vpc_id
 
   depends_on = [

modules/private-zone/outputs.tf

@@ -18,27 +18,44 @@ output "namespace" {
   value       = var.namespace
 }
 
-output "comment" {
-  description = "A comment for the Hosted Zone."
+output "description" {
+  description = "A description for the Hosted Zone."
   value       = aws_route53_zone.private.comment
 }
 
+output "primary_name_server" {
+  description = "The Route 53 name server that created the SOA record."
+  value       = aws_route53_zone.private.primary_name_server
+}
+
 output "name_servers" {
   description = "A list of name servers in associated (or default) delegation set."
   value       = aws_route53_zone.private.name_servers
 }
 
 output "vpc_associations" {
   description = "A list of associated VPCs with a private Hosted Zone."
-  value       = aws_route53_zone.private.vpc
+  value = concat(
+    [{
+      region = one(aws_route53_zone.private.vpc[*].vpc_region)
+      vpc_id = one(aws_route53_zone.private.vpc[*].vpc_id)
+    }],
+    [
+      for association in aws_route53_zone_association.secondary : {
+        region = association.vpc_region
+        vpc_id = association.vpc_id
+      }
+    ]
+
+  )
 }
 
-output "authorized_cross_account_vpc_associations" {
+output "cross_account_vpc_association_authorizations" {
   description = "A list of authorized VPCs in cross accounts to associate with a private Hosted Zone."
   value = [
     for authorization in values(aws_route53_vpc_association_authorization.this) : {
-      vpc_region = authorization.vpc_region
-      vpc_id     = authorization.vpc_id
+      region = authorization.vpc_region
+      vpc_id = authorization.vpc_id
     }
   ]
 }

modules/private-zone/variables.tf

@@ -1,52 +1,70 @@
 variable "name" {
   description = "(Required) The name of the Hosted Zone."
   type        = string
+  nullable    = false
 }
 
 variable "namespace" {
-  description = "(Optional) The namespace of the Hosted Zone. Just for categorising overlapped hosted zones."
+  description = "(Optional) The namespace of the Hosted Zone. Just for categorising overlapped hosted zones. Defaults to `default`."
   type        = string
   default     = "default"
   nullable    = false
 }
 
-variable "comment" {
-  description = "(Optional) A comment for the Hosted Zone."
+variable "description" {
+  description = "(Optional) A description for the Hosted Zone."
   type        = string
-  default     = "Managed by Terraform"
+  default     = "Managed by Terraform."
   nullable    = false
 }
 
 variable "force_destroy" {
-  description = "(Optional) Whether to destroy all records (possibly managed outside of Terraform) in the zone when destroying the zone."
+  description = "(Optional) Whether to destroy all records (possibly managed outside of Terraform) in the zone when destroying the zone. Defaults to `false`."
   type        = bool
   default     = false
   nullable    = false
 }
 
-variable "authorized_cross_account_vpc_associations" {
-  description = "(Optional) Authorizes a VPC in a peer account to be associated with a local Route53 Hosted Zone. `vpc_id` is required to authorize for association with the private Hosted Zone. `region` is optional. Defaults to the region of the AWS provider."
-  type        = list(map(string))
-  default     = []
-  nullable    = false
+variable "cross_account_vpc_association_authorizations" {
+  description = <<EOF
+  (Optional) A list of authorizations for a VPC in a peer account to be associated with the Route53 Hosted Zone. Each block of `cross_account_vpc_association_authorizations` as defined below.
+    (Required) `vpc_id` - The ID of the VPC to authorize for association with the private Hosted Zone.
+    (Optional) `region` - The region of the VPC to authorize. Defaults to the region of the AWS provider.
+  EOF
+  type = list(object({
+    region = optional(string)
+    vpc_id = string
+  }))
+  default  = []
+  nullable = false
 }
 
 variable "primary_vpc_association" {
   description = <<EOF
-  (Required) The Primary VPC to associate with the private hosted zone. `vpc_id` is required to associate with the private Hosted Zone. `region` is optional. Defaults to the region of the AWS provider. `primary_vpc_association` block as defined below.
+  (Required) The Primary VPC to associate with the private hosted zone. `primary_vpc_association` block as defined below.
     (Required) `vpc_id` - The ID of the VPC to associate with the private Hosted Zone.
     (Optional) `region` - The region of the VPC to associate. Defaults to the region of the AWS provider.
   EOF
-  type        = map(string)
-  default     = {}
-  nullable    = false
+  type = object({
+    region = optional(string)
+    vpc_id = string
+  })
+  nullable = false
 }
 
 variable "secondary_vpc_associations" {
-  description = "(Optional) A list of secondary VPCs to associate with the private hosted zone. `vpc_id` is required to associate with the private Hosted Zone. `region` is optional. Defaults to the region of the AWS provider."
-  type        = list(map(string))
-  default     = []
-  nullable    = false
+  description = <<EOF
+  (Optional) A list of secondary VPCs to associate with the private hosted zone. Each
+  block of `secondary_vpc_associations` as defined below.
+    (Required) `vpc_id` - The ID of the VPC to associate with the private Hosted Zone.
+    (Optional) `region` - The region of the VPC to associate. Defaults to the region of the AWS provider.
+  EOF
+  type = list(object({
+    region = optional(string)
+    vpc_id = string
+  }))
+  default  = []
+  nullable = false
 }
 
 variable "tags" {

modules/private-zone/versions.tf

@@ -1,10 +1,10 @@
 terraform {
-  required_version = ">= 1.5"
+  required_version = ">= 1.6"
 
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.27"
+      version = ">= 5.14"
     }
   }
 }