Terraform AWS Central DNS

Description

This purpose of this module is to manage and provision a central DNS solution with an AWS estate. Under this setup all private hosted zones defined within the spoke accounts have the ability to perform DNS resolution between them.

Usage

module "dns" {
  source = "../../"

  resolver_name = "outbound-central-dns"
  tags          = var.tags

  resolver_rule_groups = [
    {
      ram_share_name = "internal"
      ram_principals = {
        "Deployments" = "arn:aws:organizations::536471746696:ou/o-7enwqk0f2c/ou-1tbg-mq4w830q"
        "Workloads"   = "arn:aws:organizations::536471746696:ou/o-7enwqk0f2c/ou-1tbg-lk6g79d4"
      }
      rules = [
        {
          name   = "aws-appvia-local"
          domain = "aws.appvia.local"
        }
      ]
    }
  ]

  network = {
    availability_zones = 2
    transit_gateway_id = var.transit_gateway_id
    private_netmask    = 24
    vpc_cidr           = "10.90.0.0/21"
  }
}

Update Documentation

The terraform-docs utility is used to generate this README. Follow the below steps to update:

1. Make changes to the .terraform-docs.yml file
2. Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
3. Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Providers

Name	Version
aws	>= 5.0.0

Inputs

Name	Description	Type	Default	Required
network	The network to use for the endpoints and optinal resolvers	object({ availability_zones = optional(number, 2) # Whether to use ipam when creating the network create = optional(bool, true) # Indicates if we should create a new network or reuse an existing one enable_default_route_table_association = optional(bool, true) # Whether to associate the default route table enable_default_route_table_propagation = optional(bool, true) # Whether to propagate the default route table ipam_pool_id = optional(string, null) # The id of the ipam pool to use when creating the network name = optional(string, "central-dns") # The name of the network to create private_netmask = optional(number, 24) # The subnet mask for private subnets, when creating the network i.e subnet-id => 10.90.0.0/24 private_subnet_ids = optional(list(string), []) # The ids of the private subnets to if we are reusing an existing network transit_gateway_id = optional(string, "") ## The transit gateway id to use for the network vpc_cidr = optional(string, "") # The cidrws range to use for the VPC, when creating the network vpc_id = optional(string, "") # The vpc id to use when reusing an existing network vpc_netmask = optional(number, null) # When using ipam this the netmask to use for the VPC })	n/a	yes
resolver_name	Name of the Route53 resolver endpoint	string	n/a	yes
tags	Map of tags to apply to resources created by this module	map(string)	n/a	yes
resolver_endpoint_type	The Route 53 Resolver endpoint IP address type. Valid values: IPV4, IPV6, DUALSTACK.	string	"IPV4"	no
resolver_protocols	List of protocols that the Route53 Outbound Resolver should support	list(string)	[ "Do53", "DoH" ]	no
resolver_rule_groups	Map of Route53 Resolver Rules by group. Every rule in each group can be shared with principals via AWS RAM.	list(object({ ram_share_name = string # The share share name will be the ram_share_name '-' rule_name ram_principals = optional(map(string), {}) ## A map of principals to share the rules with i.e. Infrastructure OU => ou-1234567890 rules = list(object({ name = string ## The name of the rule, used when creating the ram share domain = string ## The domain to forward the query to targets = optional(list(string), []) ## The name of the resolver rule rule_type = optional(string, "FORWARD") ## The type of rule to create })) ## A list of rules to create in the group }))	[]	no
route53_zone_ids	List of Route53 Zone IDs to be associated with the resolver VPC.	list(string)	[]	no

Outputs

Name	Description
all_resolver_rules	Map of all resolver rules.
endpoint	Details of the Route53 Outbound Resolver endpoint.
resource_shares	Map of AWS RAM Shares by group.
rules	Map of resolver rules by group.