Merge pull request #64 from pablo19sc/main

DNS configuration (Alias record creation) + Access Log support

Author: pablo19sc

.header.md

@@ -1 +1 @@
-* @aws-ia/aws-ia 
+* @aws-ia/aws-ia

CODEOWNERS

@@ -1 +1 @@
-v0.2.0
+v1.0.0

README.md

@@ -12,11 +12,18 @@ locals {
   sn_identifier_provided = contains(keys(var.service_network), "identifier")
   # Checking if Service Network auth policy should be created
   sn_auth_policy = (try(var.service_network.auth_type, "NONE") == "AWS_IAM") && (contains(keys(var.service_network), "auth_policy"))
-
+  # Checking the access log destinations for the service network
+  sn_access_log_cloudwatch = contains(keys(var.service_network), "access_log_cloudwatch")
+  sn_access_log_s3         = contains(keys(var.service_network), "access_log_s3")
+  sn_access_log_firehose   = contains(keys(var.service_network), "access_log_firehose")
 
   # ---------- VPC Lattice Service variables ---------
   # Service Association - if Service Network is created or passed
   create_service_association = local.create_service_network || local.sn_identifier_provided
+  # Checking if a global Private Hosted Zone has been defined
+  global_phz = contains(keys(var.dns_configuration), "hosted_zone_id")
+  # Obtaining a map of VPC Lattice services that require the creation of DNS configuration
+  services_with_dns_config = local.global_phz ? var.services : { for k, v in var.services : k => v if contains(keys(v), "hosted_zone_id") }
 
   # ---------- VPC Lattice Target Groups ----------
   # We create a map of target group IDs
@@ -43,7 +50,7 @@ locals {
 # Sanitizes tags for aws provider
 module "tags" {
   source  = "aws-ia/label/aws"
-  version = "0.0.5"
+  version = "0.0.6"
 
   tags = var.tags
 }

VERSION

@@ -0,0 +1,7 @@
+# Amazon VPC Lattice - Example: DNS configuration
+
+This example shows how you can use the VPC Lattice module to configure DNS resolution (creation of Alias records) when creation VPC Lattice services with custom domain names. This example creates the following:
+
+* Two Amazon Route 53 private hosted zones, and one VPC (needed for the configuration of the hosted zone as *private*).
+* Eight VPC Lattice services with basic configuration (without listeners or targets).
+* When configured, the custom domain name provided in each service's definition will create an Alias record either in the *global* Private Hosted Zone (defined in `var.dns_configuration.private_hosted_zone_id`) or in the *specific* PHZ (defined in the attribute `private_hosted_zone_id` under the service's configuration in `var.services`).

data.tf

@@ -0,0 +1,50 @@
+<!-- BEGIN_TF_DOCS -->
+# Amazon VPC Lattice - Example: DNS configuration
+
+This example shows how you can use the VPC Lattice module to configure DNS resolution (creation of Alias records) when creation VPC Lattice services with custom domain names. This example creates the following:
+
+* Two Amazon Route 53 private hosted zones, and one VPC (needed for the configuration of the hosted zone as *private*).
+* Eight VPC Lattice services with basic configuration (without listeners or targets).
+* When configured, the custom domain name provided in each service's definition will create an Alias record either in the *global* Private Hosted Zone (defined in `var.dns_configuration.private_hosted_zone_id`) or in the *specific* PHZ (defined in the attribute `private_hosted_zone_id` under the service's configuration in `var.services`).
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.66.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_dns_resolution_example1"></a> [dns\_resolution\_example1](#module\_dns\_resolution\_example1) | ../.. | n/a |
+| <a name="module_dns_resolution_example3"></a> [dns\_resolution\_example3](#module\_dns\_resolution\_example3) | ../.. | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_route53_zone.global_private_hosted_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
+| [aws_route53_zone.specific_private_hosted_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | resource |
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
+| [aws_vpclattice_service.service2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service) | resource |
+| [aws_vpclattice_service.service4](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service) | resource |
+| [aws_vpclattice_service.service6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpclattice_service) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS Region to use. | `string` | `"eu-west-1"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/dns_configuration/.header.md

@@ -0,0 +1,94 @@
+# --- examples/dns_configuration/main.tf ---
+
+# Private Hosted Zones
+resource "aws_route53_zone" "global_private_hosted_zone" {
+  name = "global.com"
+
+  vpc {
+    vpc_id = aws_vpc.vpc.id
+  }
+}
+
+resource "aws_route53_zone" "specific_private_hosted_zone" {
+  name = "specific.com"
+
+  vpc {
+    vpc_id = aws_vpc.vpc.id
+  }
+}
+
+resource "aws_vpc" "vpc" {
+  cidr_block = "10.0.0.0/24"
+}
+
+module "dns_resolution_example1" {
+  source = "../.."
+
+  dns_configuration = {
+    hosted_zone_id = aws_route53_zone.global_private_hosted_zone.id
+  }
+
+  services = {
+    # EXAMPLE 1: VPC Lattice service created by the module and Alias record created in the "global" PHZ
+    service1 = {
+      name               = "service1"
+      auth_type          = "NONE"
+      custom_domain_name = "service1.global.com"
+    }
+
+    # EXAMPLE 2: VPC Lattice service created outside the module and Alias record created in the "global" PHZ
+    service2 = {
+      identifier = aws_vpclattice_service.service2.arn
+    }
+
+    # EXAMPLE 3: VPC Lattice service created by the module and Alias record created in the "specific" PHZ
+    service3 = {
+      name               = "service3"
+      auth_type          = "NONE"
+      custom_domain_name = "service3.specific.com"
+      hosted_zone_id     = aws_route53_zone.specific_private_hosted_zone.id
+    }
+
+    # EXAMPLE 4: VPC Lattice service created outside the module and Alias record created in the "specific" PHZ
+    service4 = {
+      identifier     = aws_vpclattice_service.service4.arn
+      hosted_zone_id = aws_route53_zone.specific_private_hosted_zone.id
+    }
+  }
+}
+
+resource "aws_vpclattice_service" "service2" {
+  name               = "service2"
+  auth_type          = "NONE"
+  custom_domain_name = "service2.global.com"
+}
+
+resource "aws_vpclattice_service" "service4" {
+  name               = "service4"
+  auth_type          = "NONE"
+  custom_domain_name = "service4.global.com"
+}
+
+module "dns_resolution_example3" {
+  source = "../.."
+
+  services = {
+    # EXAMPLE 5: VPC Lattice service created by the module (no Alias record created)
+    service5 = {
+      name      = "service7"
+      auth_type = "NONE"
+    }
+
+    # EXAMPLE 5: VPC Lattice service created outside the module and Alias record created in the "specific" PHZ
+    service6 = {
+      identifier     = aws_vpclattice_service.service6.arn
+      hosted_zone_id = aws_route53_zone.specific_private_hosted_zone.id
+    }
+  }
+}
+
+resource "aws_vpclattice_service" "service6" {
+  name               = "service8"
+  auth_type          = "NONE"
+  custom_domain_name = "service6.specific.com"
+}

examples/dns_configuration/README.md

@@ -0,0 +1 @@
+# --- examples/dns_configuration/outputs.tf ---

examples/dns_configuration/main.tf

@@ -1,4 +1,4 @@
-# --- examples/vpc_associations/providers.tf ---
+# --- examples/dns_configuration/providers.tf ---
 
 terraform {
   required_version = ">= 1.3.0"