feat: add new variable apiary_domain_private_zone to support zone pri… (

#261) * feat: add new variable apiary_domain_private_zone to support zone private or public * fix: remove vpc_id filter * fix: fix hms alias route53 records * fix: fix typo --------- Co-authored-by: janli <[email protected]>
ExpediaGroup · May 31, 2024 · 5a30c71 · 5a30c71
1 parent cddd0a5
commit 5a30c71
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [7.1.6] - 2024-05-31
+### Added
+- Add `apiary_domain_private_zone` to provide option to use private or public zone.
+
 ## [7.1.5] - 2024-05-22
 ### Fixed
 - Add `copy_tags_to_snapshot` to aws_rds_cluster.

diff --git a/VARIABLES.md b/VARIABLES.md
@@ -13,6 +13,7 @@
 | apiary\_deny\_iamrole\_actions                            | List of S3 actions that 'apiary\_deny\_iamroles' are not allowed to perform.                                                                                                                                         | `list(string)`           | <pre>[<br>  "s3:Abort*",<br>  "s3:Bypass*",<br>  "s3:Delete*",<br>  "s3:GetObject",<br>  "s3:GetObjectTorrent",<br>  "s3:GetObjectVersion",<br>  "s3:GetObjectVersionTorrent",<br>  "s3:ObjectOwnerOverrideToBucketOwner",<br>  "s3:Put*",<br>  "s3:Replicate*",<br>  "s3:Restore*"<br>]</pre> |    no    |
 | apiary\_deny\_iamroles                                    | AWS IAM roles denied access to Apiary managed S3 buckets.                                                                                                                                                            | `list(string)`           | `[]`                                                                                                                                                                                                                                                                                           |    no    |
 | apiary\_domain\_name                                      | Apiary domain name for Route 53.                                                                                                                                                                                     | `string`                 | `""`                                                                                                                                                                                                                                                                                           |    no    |
+| apiary\_domain\_private\_zone                                      | Apiary domain private zone 53.                                                                                                                                                                                     | `bool`                 | `true`                                                                                                                                                                                                                                                                                           |    no    |
 | apiary\_governance\_iamroles                              | AWS IAM governance roles allowed read and tagging access to managed Apiary S3 buckets.                                                                                                                               | `list(string)`           | `[]`                                                                                                                                                                                                                                                                                           |    no    |
 | apiary\_log\_bucket                                       | Bucket for Apiary logs.If this is blank, module will create a bucket.                                                                                                                                                | `string`                 | `""`                                                                                                                                                                                                                                                                                           |    no    |
 | apiary\_log\_prefix                                       | Prefix for Apiary logs.                                                                                                                                                                                              | `string`                 | `""`                                                                                                                                                                                                                                                                                           |    no    |

diff --git a/common.tf b/common.tf
@@ -76,9 +76,9 @@ data "aws_vpc" "apiary_vpc" {
 }
 
 data "aws_route53_zone" "apiary_zone" {
-  count  = local.enable_route53_records ? 1 : 0
-  name   = var.apiary_domain_name
-  vpc_id = var.vpc_id
+  count        = local.enable_route53_records ? 1 : 0
+  name         = var.apiary_domain_name
+  private_zone = var.apiary_domain_private_zone
 }
 
 data "aws_secretsmanager_secret" "datadog_key" {

diff --git a/route53.tf b/route53.tf
@@ -8,26 +8,18 @@ resource "aws_route53_record" "hms_readwrite_alias" {
   count   = local.enable_route53_records ? 1 : 0
   zone_id = data.aws_route53_zone.apiary_zone[0].zone_id
   name    = "${local.instance_alias}-hms-readwrite"
-  type    = "A"
-
-  alias {
-    name                   = aws_lb.apiary_hms_rw_lb[0].dns_name
-    zone_id                = aws_lb.apiary_hms_rw_lb[0].zone_id
-    evaluate_target_health = true
-  }
+  type    = "CNAME"
+  ttl     = "300"
+  records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_rw_lb[0].dns_name : kubernetes_service.hms_readwrite[0].status.0.load_balancer.0.ingress.*.hostname
 }
 
 resource "aws_route53_record" "hms_readonly_alias" {
   count   = local.enable_route53_records ? 1 : 0
   zone_id = data.aws_route53_zone.apiary_zone[0].zone_id
   name    = "${local.instance_alias}-hms-readonly"
-  type    = "A"
-
-  alias {
-    name                   = aws_lb.apiary_hms_ro_lb[0].dns_name
-    zone_id                = aws_lb.apiary_hms_ro_lb[0].zone_id
-    evaluate_target_health = true
-  }
+  type    = "CNAME"
+  ttl     = "300"
+  records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_ro_lb[0].dns_name : kubernetes_service.hms_readonly[0].status.0.load_balancer.0.ingress.*.hostname
 }
 
 resource "aws_route53_zone" "apiary" {

diff --git a/variables.tf b/variables.tf
@@ -21,6 +21,12 @@ variable "apiary_domain_name" {
   default     = ""
 }
 
+variable "apiary_domain_private_zone" {
+  description = "Apiary domain zone private"
+  type        = bool
+  default     = true
+}
+
 variable "ecs_domain_extension" {
   description = "Domain name to use for hosted zone created by ECS service discovery."
   type        = string