Maintained by @goci-io/prp-terraform
This Terraform Module provisions a new AWS Route53 Hosted Zone and optionally synchronizes Nameserver with a Parent Zone.
The domain_name can either be specified in the terraform.tfvars or autogenerated from a label module.
When autogenerating the name the following convention is applied: <name>.<stage>.<attributes>.<namespace>.tld.
The tld will be sourced either from parent_domain_zone if set or the tld variable itself.
For the following stages the stage will be omitted when using the autogenerated label (prod, production, main)
module "zone" {
source = "git::https://github.com/goci-io/aws-route53-zone.git?ref=tags/<latest-version>"
namespace = "goci"
attributes = ["eu1"]
stage = "staging"
domain_name = "staging.goci.io"
}This example will result in a hosted zone with the name staging.eu1.goci.io
Take a look into the terraform.tfvars to see more Examples. See Delegated Zone Access on how to configure Nameserver Synchronization with a parent Zone.
| Name | Description | Default |
|---|---|---|
| namespace | The company or organization prefix (eg: goci) | - |
| stage | The stage this configuration is for (eg: staging or prod) | - |
| name | Optional name (subdomain) for this hosted zone | "" |
| attributes | Additional attributes (e.g. ["eu1"]) |
[] |
| tags | Additional tags (e.g. map("BusinessUnit", "XYZ") |
{} |
| delimiter | Delimiter between namespace, stage, name and attributes | - |
| domain_name | Overwrite auto generated domain name | "" |
| enabled | Set to false to prevent the module from creating any resources | true |
| tld | The top level domain to use if not already specified via domain_name or parent_domain_name |
- |
| parent_domain_name | The parent hosted zone to sync Nameservers with | "" |
| is_parent_private_zone | Whether the parent hosted zone is private | false |
| certificate_enabled | Whether to create an AWS ACM certificate | true |
| certificate_alternative_names | Additional domains to include in the certificate. Includes always *. | [] |
| omit_prod_stage | Whether the prod stage should be omitted from the zone name (when stage is prod, production or main) | true |
| create_public_zone | If the new hosted zone is private and you want to validate for example an ACM certificate an additional public zone can be created | true |
| zone_vpcs | VPC IDs to attach to the hosted zone. This makes the hosted zone private. | [] |
| tf_bucket | The bucket name to read the remote state from (required if vpc_module_state is used) | "" |
| vpc_module_state | The key to the state file of an vpc module. Must expose vpc_id output |
"" |
| force_destroy | Whether to destroy all records (possibly managed outside of Terraform) in the zone when destroying the zone | false |
Specifying parent_domain_name allows you to delegate Access from a parent Domain to your new Hosted Zone.
This is useful when you have an AWS Root Account for example which owns your Domains and delegates stage bound Hosted Zones to your Child Accounts.
To create Nameserver Records in a Parent Domain which is not owned by your current AWS Account you can configure AWS Providers like this:
provider "aws" {
# Current Account
version = "~> 2.70"
}
provider "aws" {
alias = "parent"
version = "~> 2.70"
assume_role {
role_arn = "arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>"
}
}
module "zone" {
source = "git::https://github.com/goci-io/aws-route53-zone.git?ref=tags/<latest-version>"
...
providers = {
aws.owner = aws.parent
# aws = aws.target If you are running in a completely different Account
}
}