diff --git a/docs/reference/services/networking/route-53-hosted-zones.md b/docs/reference/services/networking/route-53-hosted-zones.md index bbd6db97c..c419acb63 100644 --- a/docs/reference/services/networking/route-53-hosted-zones.md +++ b/docs/reference/services/networking/route-53-hosted-zones.md @@ -38,6 +38,62 @@ This service contains code to deploy [Route 53 Hosted Zones](https://aws.amazon. * Automatic health checks to route traffic only to healthy endpoints * Automatic integration with other AWS services, such as ELBs +### Private hosted zone record management + +This module now supports creating records (including A/AAAA and alias) inside Private Hosted Zones, mirroring the +existing capabilities for Public Hosted Zones. You can define both apex-level records and subdomain records in the +`private_zones` input by specifying `apex_records` and `subdomains`. + +Example: + +```hcl +module "route53" { + source = "git::git@github.com:gruntwork-io/terraform-aws-service-catalog.git//modules/networking/route53?ref=" + + private_zones = { + "corp.internal" = { + comment = "Private zone with records" + vpcs = [{ id = "vpc-0123456789abcdef0", region = null }] + tags = { Env = "dev" } + force_destroy = true + + # Apex record (e.g., corp.internal) + apex_records = [ + { + type = "A" + ttl = 60 + records = ["10.0.0.5"] + } + ] + + # Subdomain records (e.g., app.corp.internal) + subdomains = { + app = { + type = "A" + ttl = 300 + records = ["10.0.1.10"] + } + + # Alias to an internal ALB/NLB + svc = { + type = "A" + alias = { + name = aws_lb.internal.dns_name + zone_id = aws_lb.internal.zone_id + evaluate_target_health = true + } + } + } + } + } +} +``` + +Notes: + +* Alias targets must be resolvable within the associated VPC(s) (e.g., internal ALB/NLB). +* Query private records from within the VPC(s) that are associated to the Private Hosted Zone. + ## Learn :::note @@ -95,7 +151,8 @@ module "route_53" { # ---------------------------------------------------------------------------------------------------- # A map of private Route 53 Hosted Zones. In this map, the key should be the - # domain name. See examples below. + # domain name. Supports optional record management similar to public zones. + # See examples below. private_zones = {} # A map of public Route 53 Hosted Zones. In this map, the key should be the @@ -136,7 +193,8 @@ inputs = { # ---------------------------------------------------------------------------------------------------- # A map of private Route 53 Hosted Zones. In this map, the key should be the - # domain name. See examples below. + # domain name. Supports optional record management similar to public zones. + # See examples below. private_zones = {} # A map of public Route 53 Hosted Zones. In this map, the key should be the @@ -170,64 +228,79 @@ inputs = { ### Optional - + -A map of private Route 53 Hosted Zones. In this map, the key should be the domain name. See examples below. +A map of private Route 53 Hosted Zones. In this map, the key should be the domain name. Supports optional record management similar to public zones. See examples below. ```hcl -map(object({ - # An optional, arbitrary comment to attach to the private Hosted Zone - comment = string - # The list of VPCs to associate with the private Hosted Zone. You must provide at least one VPC in this list. - vpcs = list(object({ - # The ID of the VPC. - id = string - # The region of the VPC. If null, defaults to the region configured on the provider. - region = string - })) - # A mapping of tags to assign to the private Hosted Zone - tags = map(string) - # Whether to destroy all records (possibly managed ouside of Terraform) in the zone when destroying the zone - force_destroy = bool - })) +Any types represent complex values of variable type. For details, please consult `variables.tf` in the source repo. ``` - +
- Example ```hcl + + Allow empty maps to be passed by default - since we sometimes define only public zones or only private zones in a given module call + +``` +
+ +
+ + +```hcl + + Example (basic private zone only): + private_zones = { - "backend.com" = { - comment = "Use for arbitrary comments" - vpcs = [{ - id = "19233983937" - region = null - }] - tags = { - CanDelete = true - } - force_destroy = true - } - "database.com" = { - comment = "This is prod - don't delete!" - vpcs = [{ - id = "129734967447" - region = null - }] - tags = { - Application = "redis" - Team = "apps" + "backend.local" = { + comment = "Use for arbitrary comments" + vpcs = [{ id = "vpc-1234567890", region = null }] + tags = { CanDelete = true } + force_destroy = true + } + } + + Example (with private A records): + + private_zones = { + "corp.internal" = { + comment = "Private zone with records" + vpcs = [{ id = "vpc-1234567890", region = null }] + tags = { Env = "dev" } + force_destroy = true + subdomains = { + api = { + type = "A" + ttl = 300 + records = ["10.0.1.10"] + } + Alternatively, alias to an internal NLB/ALB etc + app = { + type = "A" + alias = { + name = aws_lb.internal.dns_name + zone_id = aws_lb.internal.zone_id + evaluate_target_health = true } - force_destroy = false + } } + apex_records = [ + { + type = "A" + ttl = 60 + records = ["10.0.0.5"] + } + ] + } } ``` @@ -553,6 +626,6 @@ A map of domains to resource arns and hosted zones of the created Service Discov "https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/v0.127.6/modules/networking/route53/outputs.tf" ], "sourcePlugin": "service-catalog-api", - "hash": "45c13427dcbdd5ff766e9ae853e5e72e" + "hash": "c68d70d695ad84e5b8882fd2b345a1f4" } ##DOCS-SOURCER-END -->