From 0fb0daee7f5a0744c7182528ccf44dedb655c4ff Mon Sep 17 00:00:00 2001 From: janli Date: Thu, 30 May 2024 17:32:13 -0700 Subject: [PATCH 1/4] feat: add new variable apiary_domain_private_zone to support zone private or public --- CHANGELOG.md | 4 ++++ VARIABLES.md | 1 + common.tf | 7 ++++--- variables.tf | 6 ++++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 703e049..03f8197 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [7.1.6] - 2024-05-31 +### Added +- Add `apiary_domain_private_zone` to provide option to use private or public zone. + ## [7.1.5] - 2024-05-22 ### Fixed - Add `copy_tags_to_snapshot` to aws_rds_cluster. diff --git a/VARIABLES.md b/VARIABLES.md index 7b1164b..305d8da 100644 --- a/VARIABLES.md +++ b/VARIABLES.md @@ -13,6 +13,7 @@ | apiary\_deny\_iamrole\_actions | List of S3 actions that 'apiary\_deny\_iamroles' are not allowed to perform. | `list(string)` | 
[
  "s3:Abort*",
  "s3:Bypass*",
  "s3:Delete*",
  "s3:GetObject",
  "s3:GetObjectTorrent",
  "s3:GetObjectVersion",
  "s3:GetObjectVersionTorrent",
  "s3:ObjectOwnerOverrideToBucketOwner",
  "s3:Put*",
  "s3:Replicate*",
  "s3:Restore*"
]
| no | | apiary\_deny\_iamroles | AWS IAM roles denied access to Apiary managed S3 buckets. | `list(string)` | `[]` | no | | apiary\_domain\_name | Apiary domain name for Route 53. | `string` | `""` | no | +| apiary\_domain\_private\_zone | Apiary domain private zone 53. | `bool` | `true` | no | | apiary\_governance\_iamroles | AWS IAM governance roles allowed read and tagging access to managed Apiary S3 buckets. | `list(string)` | `[]` | no | | apiary\_log\_bucket | Bucket for Apiary logs.If this is blank, module will create a bucket. | `string` | `""` | no | | apiary\_log\_prefix | Prefix for Apiary logs. | `string` | `""` | no | diff --git a/common.tf b/common.tf index 4990bcd..eb8ddd8 100644 --- a/common.tf +++ b/common.tf @@ -76,9 +76,10 @@ data "aws_vpc" "apiary_vpc" { } data "aws_route53_zone" "apiary_zone" { - count = local.enable_route53_records ? 1 : 0 - name = var.apiary_domain_name - vpc_id = var.vpc_id + count = local.enable_route53_records ? 1 : 0 + name = var.apiary_domain_name + vpc_id = var.vpc_id + private_zone = var.apiary_domain_private_zone } data "aws_secretsmanager_secret" "datadog_key" { diff --git a/variables.tf b/variables.tf index 9a3516b..efe75d8 100644 --- a/variables.tf +++ b/variables.tf @@ -21,6 +21,12 @@ variable "apiary_domain_name" { default = "" } +variable "apiary_domain_private_zone" { + description = "Apiary domain zone private" + type = bool + default = true +} + variable "ecs_domain_extension" { description = "Domain name to use for hosted zone created by ECS service discovery." type = string From b67d6a78cb26ae46163c46a3804777e321930162 Mon Sep 17 00:00:00 2001 From: janli Date: Thu, 30 May 2024 17:54:42 -0700 Subject: [PATCH 2/4] fix: remove vpc_id filter --- common.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/common.tf b/common.tf index eb8ddd8..57df24d 100644 --- a/common.tf +++ b/common.tf @@ -78,7 +78,6 @@ data "aws_vpc" "apiary_vpc" { data "aws_route53_zone" "apiary_zone" { count = local.enable_route53_records ? 1 : 0 name = var.apiary_domain_name - vpc_id = var.vpc_id private_zone = var.apiary_domain_private_zone } From c655fa8ab78f827f925608dd80b741d82c28e256 Mon Sep 17 00:00:00 2001 From: janli Date: Thu, 30 May 2024 18:11:54 -0700 Subject: [PATCH 3/4] fix: fix hms alias route53 records --- route53.tf | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/route53.tf b/route53.tf index a994b71..e037915 100644 --- a/route53.tf +++ b/route53.tf @@ -8,26 +8,18 @@ resource "aws_route53_record" "hms_readwrite_alias" { count = local.enable_route53_records ? 1 : 0 zone_id = data.aws_route53_zone.apiary_zone[0].zone_id name = "${local.instance_alias}-hms-readwrite" - type = "A" - - alias { - name = aws_lb.apiary_hms_rw_lb[0].dns_name - zone_id = aws_lb.apiary_hms_rw_lb[0].zone_id - evaluate_target_health = true - } + type = "CNAME" + ttl = "300" + records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_rw_lb[0].dns_name : kubernetes_service.hms_readwrite[0].status.0.load_balancer.0.ingress.*.hostname } resource "aws_route53_record" "hms_readonly_alias" { count = local.enable_route53_records ? 1 : 0 zone_id = data.aws_route53_zone.apiary_zone[0].zone_id name = "${local.instance_alias}-hms-readonly" - type = "A" - - alias { - name = aws_lb.apiary_hms_ro_lb[0].dns_name - zone_id = aws_lb.apiary_hms_ro_lb[0].zone_id - evaluate_target_health = true - } + type = "CNAME" + ttl = "300" + records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_ro_lb[0].dns_name : kubernetes_service.hms_readwrite[0].status.0.load_balancer.0.ingress.*.hostname } resource "aws_route53_zone" "apiary" { From 246efdd6d33bc1f34689a9b1dbaa82bc9c849fe2 Mon Sep 17 00:00:00 2001 From: janli Date: Thu, 30 May 2024 18:12:47 -0700 Subject: [PATCH 4/4] fix: fix typo --- route53.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/route53.tf b/route53.tf index e037915..814d8f8 100644 --- a/route53.tf +++ b/route53.tf @@ -19,7 +19,7 @@ resource "aws_route53_record" "hms_readonly_alias" { name = "${local.instance_alias}-hms-readonly" type = "CNAME" ttl = "300" - records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_ro_lb[0].dns_name : kubernetes_service.hms_readwrite[0].status.0.load_balancer.0.ingress.*.hostname + records = var.hms_instance_type == "ecs" ? aws_lb.apiary_hms_ro_lb[0].dns_name : kubernetes_service.hms_readonly[0].status.0.load_balancer.0.ingress.*.hostname } resource "aws_route53_zone" "apiary" {