diff --git a/.github/workflows/terraform-checks.yaml b/.github/workflows/terraform-checks.yaml
index 2a9c21a..95a692e 100644
--- a/.github/workflows/terraform-checks.yaml
+++ b/.github/workflows/terraform-checks.yaml
@@ -12,10 +12,16 @@ jobs:
name: Test
runs-on: ubuntu-latest
steps:
+ - name: Checkout
+ uses: actions/checkout@v5
+ with:
+ fetch-depth: 0
+ ref: ${{ github.event.pull_request.head.sha || github.sha }}
+
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
- terraform_version: "1.13.1"
+ terraform_version: "1.13.0"
- name: Initialize Terraform
id: init
@@ -25,6 +31,27 @@ jobs:
id: fmt
run: terraform test
+ validateExamples:
+ name: Terraform Validate Examples
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v3
+ with:
+ terraform_version: "1.13.0"
+
+ - name: Validate all example folders
+ run: |
+ for dir in examples/*/; do
+ echo "Validating $dir"
+ terraform -chdir="$dir" init -input=false > /dev/null
+ terraform -chdir="$dir" validate
+ done
+
collectInputs:
name: Collect workflow inputs
needs: test
@@ -34,6 +61,9 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v5
+ with:
+ fetch-depth: 0
+ ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Get root directories
id: dirs
@@ -46,8 +76,8 @@ jobs:
strategy:
matrix:
directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
+
steps:
- # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- name: Delete huge unnecessary tools folder
run: |
rm -rf /opt/hostedtoolcache/CodeQL
@@ -57,16 +87,17 @@ jobs:
- name: Checkout
uses: actions/checkout@v5
+ with:
+ fetch-depth: 0
+ ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v2.1.0
with:
directory: ${{ matrix.directory }}
-
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
- # Run only validate pre-commit check on min version supported
- if: ${{ matrix.directory != '.' }}
+ if: ${{ matrix.directory != '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
@@ -74,8 +105,7 @@ jobs:
args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
- name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
- # Run only validate pre-commit check on min version supported
- if: ${{ matrix.directory == '.' }}
+ if: ${{ matrix.directory == '.' }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
with:
terraform-version: ${{ steps.minMax.outputs.minVersion }}
@@ -87,7 +117,6 @@ jobs:
runs-on: ubuntu-latest
needs: collectInputs
steps:
- # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- name: Delete huge unnecessary tools folder
run: |
rm -rf /opt/hostedtoolcache/CodeQL
@@ -98,13 +127,12 @@ jobs:
- name: Checkout
uses: actions/checkout@v5
with:
- ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
- token: ${{ secrets.GITHUB_TOKEN }}
+ fetch-depth: 0
+ ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Terraform min/max versions
id: minMax
uses: clowdhaus/terraform-min-max@v2.1.0
-
- name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
uses: clowdhaus/terraform-composite-actions/pre-commit@v1.14.0
with:
diff --git a/.github/workflows/terraform-docs.yaml b/.github/workflows/terraform-docs.yaml
index 45e78f5..ce875c5 100644
--- a/.github/workflows/terraform-docs.yaml
+++ b/.github/workflows/terraform-docs.yaml
@@ -21,7 +21,7 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v5
with:
- ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
+ ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.event.pull_request.head.ref || github.ref }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Render and Push terraform docs for main module
diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
index 0cbfeca..e922f27 100644
--- a/.github/workflows/terraform.yaml
+++ b/.github/workflows/terraform.yaml
@@ -4,25 +4,14 @@ on:
push:
branches:
- main
- pull_request_target:
- types:
- - opened
- - edited
- - synchronize
pull_request:
branches:
- main
-
-permissions:
- contents: write
- pull-requests: write
- actions: read
-
jobs:
- prTitlecheck:
- name: PR title check
- if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == 'main' }}
- uses: ./.github/workflows/pr-title.yaml
+ # prTitlecheck:
+ # name: PR title check
+ # if: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.base.ref == 'main' }}
+ # uses: ./.github/workflows/pr-title.yaml
preCommitCheck:
name: Terraform Checks
diff --git a/.github/workflows/update-configs.yaml b/.github/workflows/update-configs.yaml
index 86623b5..503db39 100644
--- a/.github/workflows/update-configs.yaml
+++ b/.github/workflows/update-configs.yaml
@@ -3,9 +3,6 @@
on:
workflow_dispatch:
- permissions:
- contents: write
-
jobs:
update:
runs-on: ubuntu-latest
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 83f517c..14e5c29 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -20,6 +20,9 @@ repos:
- '--args=--only=terraform_workspace_remote'
- '--args=--only=terraform_unused_required_providers'
- id: terraform_validate
+ args:
+ - --hook-config=--retry-once-with-cleanup=true
+ files: ^examples/
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
hooks:
diff --git a/README.md b/README.md
index cbec28f..a894db2 100644
--- a/README.md
+++ b/README.md
@@ -29,24 +29,26 @@ aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "Sec
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.13.0 |
-| [aws](#requirement\_aws) | >= 5.5.0 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.5.0 |
+| [aws](#provider\_aws) | >= 6.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [ecs\_kong](#module\_ecs\_kong) | infraspecdev/ecs-deployment/aws | ~> 4.3.4 |
+| [ecs\_kong](#module\_ecs\_kong) | infraspecdev/ecs-deployment/aws | 4.3.6 |
| [ecs\_task\_security\_group](#module\_ecs\_task\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
| [internal\_alb\_kong](#module\_internal\_alb\_kong) | infraspecdev/ecs-deployment/aws//modules/alb | ~> 4.3.4 |
| [internal\_alb\_security\_group](#module\_internal\_alb\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
| [kong\_internal\_dns\_record](#module\_kong\_internal\_dns\_record) | ./modules/route-53-record | n/a |
+| [kong\_internal\_dns\_record\_same\_account](#module\_kong\_internal\_dns\_record\_same\_account) | ./modules/route-53-record | n/a |
| [kong\_public\_dns\_record](#module\_kong\_public\_dns\_record) | ./modules/route-53-record | n/a |
+| [kong\_public\_dns\_record\_same\_account](#module\_kong\_public\_dns\_record\_same\_account) | ./modules/route-53-record | n/a |
| [kong\_rds](#module\_kong\_rds) | terraform-aws-modules/rds/aws | ~> 6.13.0 |
| [postgres\_security\_group](#module\_postgres\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
| [public\_alb\_security\_group](#module\_public\_alb\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.3.0 |
@@ -92,6 +94,7 @@ aws ssm put-parameter --name "/rds/POSTGRES_DB_NAME" --value "value" --type "Sec
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs for public-facing load balancers | `list(string)` | n/a | yes |
| [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | `{}` | no |
| [rds\_instance\_class](#input\_rds\_instance\_class) | The RDS instance class for Kong database (e.g., db.t3.micro, db.r5.large) | `string` | `"db.t3.micro"` | no |
+| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | ARN of the IAM role to assume in the hosted-zone account (should be null for same-account). | `string` | `null` | no |
| [ssl\_policy](#input\_ssl\_policy) | Name of the SSL Policy for the listener. | `string` | `"ELBSecurityPolicy-2016-08"` | no |
| [vpc\_id](#input\_vpc\_id) | The ID of the VPC where Kong infrastructure will be deployed | `string` | n/a | yes |
diff --git a/examples/complete/.header.md b/examples/complete/.header.md
index 03844b8..1d8565e 100644
--- a/examples/complete/.header.md
+++ b/examples/complete/.header.md
@@ -40,6 +40,10 @@ cpu_for_kong_task = 512
memory_for_kong_task = 1024
desired_count_for_kong_service = 2
force_new_deployment = true
+postgres_engine_version = 16.3
+postgres_major_engine_version = 16
+route53_assume_role_arn = arn:aws:iam::aws-account-id:role/role-name
+region = us-east-1
```
Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.
diff --git a/examples/complete/README.md b/examples/complete/README.md
index d27b930..2ffa933 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -41,6 +41,10 @@ cpu_for_kong_task = 512
memory_for_kong_task = 1024
desired_count_for_kong_service = 2
force_new_deployment = true
+postgres_engine_version = 16.3
+postgres_major_engine_version = 16
+route53_assume_role_arn = arn:aws:iam::aws-account-id:role/role-name
+region = us-east-1
```
Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.
@@ -50,6 +54,7 @@ Place this `terraform.tfvars` file in the same directory as your Terraform confi
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.13.0 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
@@ -94,6 +99,8 @@ No resources.
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |
| [rds\_db\_tags](#input\_rds\_db\_tags) | List of tags | `map(string)` | n/a | yes |
| [rds\_instance\_class](#input\_rds\_instance\_class) | The instance class to use | `string` | n/a | yes |
+| [region](#input\_region) | The AWS region | `string` | n/a | yes |
+| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | IAM role ARN for cross-account Route53 access. | `string` | n/a | yes |
| [ssl\_policy](#input\_ssl\_policy) | (Optional) Name of the SSL Policy for the listener. | `string` | n/a | yes |
| [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 5c6179e..d376aac 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -1,6 +1,24 @@
+provider "aws" {
+ region = var.region
+}
+
+provider "aws" {
+ alias = "cross_account_provider"
+ region = var.region
+ assume_role {
+ role_arn = var.route53_assume_role_arn
+ }
+}
+
+
module "kong" {
source = "../../"
+ providers = {
+ aws = aws
+ aws.cross_account_provider = aws.cross_account_provider
+ }
+
vpc_id = var.vpc_id
public_subnet_ids = var.public_subnet_ids
private_subnet_ids = var.private_subnet_ids
@@ -30,4 +48,5 @@ module "kong" {
force_new_deployment = var.force_new_deployment
postgres_engine_version = var.postgres_engine_version
postgres_major_engine_version = var.postgres_major_engine_version
+ route53_assume_role_arn = var.route53_assume_role_arn
}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 029f5b8..7301e76 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -132,3 +132,13 @@ variable "postgres_major_engine_version" {
description = "The major version of the Postgres engine"
type = number
}
+
+variable "route53_assume_role_arn" {
+ description = "IAM role ARN for cross-account Route53 access."
+ type = string
+}
+
+variable "region" {
+ description = "The AWS region"
+ type = string
+}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
index 1bb2111..a6722f9 100644
--- a/examples/complete/versions.tf
+++ b/examples/complete/versions.tf
@@ -1,3 +1,10 @@
terraform {
required_version = ">= 1.13.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 6.0"
+ }
+ }
}
diff --git a/examples/cross-accout/.header.md b/examples/cross-accout/.header.md
new file mode 100644
index 0000000..bf86731
--- /dev/null
+++ b/examples/cross-accout/.header.md
@@ -0,0 +1,15 @@
+### Example Variable Values
+
+Here is an example of how to define the variable values in your `terraform.tfvars` file:
+
+```hcl
+vpc_id = "vpc-12345678"
+public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"]
+private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"]
+kong_public_domain_name = "api.example.com"
+kong_admin_domain_name = "admin-api.example.com"
+region = "us-east-1"
+route53_assume_role_arn = "arn:aws:iam::account-id:role/role-id"
+```
+
+Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.
diff --git a/examples/cross-accout/README.md b/examples/cross-accout/README.md
new file mode 100644
index 0000000..119a8ab
--- /dev/null
+++ b/examples/cross-accout/README.md
@@ -0,0 +1,57 @@
+
+### Example Variable Values
+
+Here is an example of how to define the variable values in your `terraform.tfvars` file:
+
+```hcl
+vpc_id = "vpc-12345678"
+public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"]
+private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"]
+kong_public_domain_name = "api.example.com"
+kong_admin_domain_name = "admin-api.example.com"
+region = "us-east-1"
+route53_assume_role_arn = "arn:aws:iam::account-id:role/role-id"
+```
+
+Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 1.13.0 |
+| [aws](#requirement\_aws) | >= 6.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [kong](#module\_kong) | ../../ | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | n/a | yes |
+| [kong\_admin\_domain\_name](#input\_kong\_admin\_domain\_name) | The admin domain name for Kong | `string` | n/a | yes |
+| [kong\_public\_domain\_name](#input\_kong\_public\_domain\_name) | The public domain name for Kong | `string` | n/a | yes |
+| [postgres\_engine\_version](#input\_postgres\_engine\_version) | The version of the Postgres engine | `number` | n/a | yes |
+| [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | The major version of the Postgres engine | `number` | n/a | yes |
+| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes |
+| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |
+| [region](#input\_region) | The AWS region | `string` | n/a | yes |
+| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | The ARN of the DNS role | `string` | `null` | no |
+| [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes |
+
+## Outputs
+
+No outputs.
+
diff --git a/examples/cross-accout/main.tf b/examples/cross-accout/main.tf
new file mode 100644
index 0000000..c906bcd
--- /dev/null
+++ b/examples/cross-accout/main.tf
@@ -0,0 +1,31 @@
+provider "aws" {
+ region = var.region
+}
+
+provider "aws" {
+ alias = "cross_account_provider"
+ region = var.region
+ assume_role {
+ role_arn = var.route53_assume_role_arn
+ }
+}
+
+
+module "kong" {
+ source = "../../"
+
+ providers = {
+ aws = aws
+ aws.cross_account_provider = aws.cross_account_provider
+ }
+
+ vpc_id = var.vpc_id
+ public_subnet_ids = var.public_subnet_ids
+ private_subnet_ids = var.private_subnet_ids
+ kong_public_domain_name = var.kong_public_domain_name
+ kong_admin_domain_name = var.kong_admin_domain_name
+ cluster_name = var.cluster_name
+ postgres_engine_version = var.postgres_engine_version
+ postgres_major_engine_version = var.postgres_major_engine_version
+ route53_assume_role_arn = var.route53_assume_role_arn
+}
diff --git a/examples/minimal/outputs.tf b/examples/cross-accout/outputs.tf
similarity index 100%
rename from examples/minimal/outputs.tf
rename to examples/cross-accout/outputs.tf
diff --git a/examples/cross-accout/variables.tf b/examples/cross-accout/variables.tf
new file mode 100644
index 0000000..0951acf
--- /dev/null
+++ b/examples/cross-accout/variables.tf
@@ -0,0 +1,50 @@
+variable "vpc_id" {
+ description = "The ID of the VPC"
+ type = string
+}
+
+variable "public_subnet_ids" {
+ description = "List of public subnet IDs"
+ type = list(string)
+}
+
+variable "private_subnet_ids" {
+ description = "List of private subnet IDs"
+ type = list(string)
+}
+
+variable "kong_public_domain_name" {
+ description = "The public domain name for Kong"
+ type = string
+}
+
+variable "kong_admin_domain_name" {
+ description = "The admin domain name for Kong"
+ type = string
+}
+
+variable "cluster_name" {
+ description = "Name of the cluster"
+ type = string
+}
+
+variable "postgres_engine_version" {
+ description = "The version of the Postgres engine"
+ type = number
+}
+
+variable "postgres_major_engine_version" {
+ description = "The major version of the Postgres engine"
+ type = number
+}
+
+variable "route53_assume_role_arn" {
+ description = "The ARN of the DNS role"
+ type = string
+ default = null
+}
+
+variable "region" {
+ description = "The AWS region"
+ type = string
+}
diff --git a/examples/cross-accout/versions.tf b/examples/cross-accout/versions.tf
new file mode 100644
index 0000000..a6722f9
--- /dev/null
+++ b/examples/cross-accout/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.13.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 6.0"
+ }
+ }
+}
diff --git a/examples/minimal/main.tf b/examples/minimal/main.tf
deleted file mode 100644
index 3b34c2b..0000000
--- a/examples/minimal/main.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-module "kong" {
- source = "../../"
-
- vpc_id = var.vpc_id
- public_subnet_ids = var.public_subnet_ids
- private_subnet_ids = var.private_subnet_ids
- kong_public_domain_name = var.kong_public_domain_name
- kong_admin_domain_name = var.kong_admin_domain_name
-}
diff --git a/examples/minimal/variables.tf b/examples/minimal/variables.tf
deleted file mode 100644
index e22619f..0000000
--- a/examples/minimal/variables.tf
+++ /dev/null
@@ -1,24 +0,0 @@
-variable "vpc_id" {
- description = "The ID of the VPC"
- type = string
-}
-
-variable "public_subnet_ids" {
- description = "List of public subnet IDs"
- type = list(string)
-}
-
-variable "private_subnet_ids" {
- description = "List of private subnet IDs"
- type = list(string)
-}
-
-variable "kong_public_domain_name" {
- description = "The public domain name for Kong"
- type = string
-}
-
-variable "kong_admin_domain_name" {
- description = "The admin domain name for Kong"
- type = string
-}
diff --git a/examples/minimal/versions.tf b/examples/minimal/versions.tf
deleted file mode 100644
index 1bb2111..0000000
--- a/examples/minimal/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
- required_version = ">= 1.13.0"
-}
diff --git a/examples/minimal/.header.md b/examples/same-account/.header.md
similarity index 94%
rename from examples/minimal/.header.md
rename to examples/same-account/.header.md
index c3a26ec..59326b4 100644
--- a/examples/minimal/.header.md
+++ b/examples/same-account/.header.md
@@ -8,6 +8,7 @@ public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"]
private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"]
kong_public_domain_name = "api.example.com"
kong_admin_domain_name = "admin-api.example.com"
+region = "us-east-1"
```
Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.
diff --git a/examples/minimal/README.md b/examples/same-account/README.md
similarity index 68%
rename from examples/minimal/README.md
rename to examples/same-account/README.md
index c58a60f..e7fd326 100644
--- a/examples/minimal/README.md
+++ b/examples/same-account/README.md
@@ -9,6 +9,7 @@ public_subnet_ids = ["subnet-abcdef01", "subnet-abcdef02"]
private_subnet_ids = ["subnet-abcdef03", "subnet-abcdef04"]
kong_public_domain_name = "api.example.com"
kong_admin_domain_name = "admin-api.example.com"
+region = "us-east-1"
```
Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.
@@ -18,6 +19,7 @@ Place this `terraform.tfvars` file in the same directory as your Terraform confi
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.13.0 |
+| [aws](#requirement\_aws) | >= 6.0 |
## Providers
@@ -37,10 +39,15 @@ No resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | n/a | yes |
| [kong\_admin\_domain\_name](#input\_kong\_admin\_domain\_name) | The admin domain name for Kong | `string` | n/a | yes |
| [kong\_public\_domain\_name](#input\_kong\_public\_domain\_name) | The public domain name for Kong | `string` | n/a | yes |
+| [postgres\_engine\_version](#input\_postgres\_engine\_version) | The version of the Postgres engine | `number` | n/a | yes |
+| [postgres\_major\_engine\_version](#input\_postgres\_major\_engine\_version) | The major version of the Postgres engine | `number` | n/a | yes |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet IDs | `list(string)` | n/a | yes |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet IDs | `list(string)` | n/a | yes |
+| [region](#input\_region) | The AWS region | `string` | n/a | yes |
+| [route53\_assume\_role\_arn](#input\_route53\_assume\_role\_arn) | The ARN of the DNS role | `string` | `null` | no |
| [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes |
## Outputs
diff --git a/examples/same-account/main.tf b/examples/same-account/main.tf
new file mode 100644
index 0000000..5224114
--- /dev/null
+++ b/examples/same-account/main.tf
@@ -0,0 +1,22 @@
+provider "aws" {
+ region = var.region
+}
+
+module "kong" {
+ source = "../../"
+
+ providers = {
+ aws = aws
+ aws.cross_account_provider = aws
+ }
+
+ vpc_id = var.vpc_id
+ public_subnet_ids = var.public_subnet_ids
+ private_subnet_ids = var.private_subnet_ids
+ kong_public_domain_name = var.kong_public_domain_name
+ kong_admin_domain_name = var.kong_admin_domain_name
+ cluster_name = var.cluster_name
+ postgres_engine_version = var.postgres_engine_version
+ postgres_major_engine_version = var.postgres_major_engine_version
+ route53_assume_role_arn = var.route53_assume_role_arn
+}
diff --git a/examples/same-account/outputs.tf b/examples/same-account/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/examples/same-account/variables.tf b/examples/same-account/variables.tf
new file mode 100644
index 0000000..0951acf
--- /dev/null
+++ b/examples/same-account/variables.tf
@@ -0,0 +1,50 @@
+variable "vpc_id" {
+ description = "The ID of the VPC"
+ type = string
+}
+
+variable "public_subnet_ids" {
+ description = "List of public subnet IDs"
+ type = list(string)
+}
+
+variable "private_subnet_ids" {
+ description = "List of private subnet IDs"
+ type = list(string)
+}
+
+variable "kong_public_domain_name" {
+ description = "The public domain name for Kong"
+ type = string
+}
+
+variable "kong_admin_domain_name" {
+ description = "The admin domain name for Kong"
+ type = string
+}
+
+variable "cluster_name" {
+ description = "Name of the cluster"
+ type = string
+}
+
+variable "postgres_engine_version" {
+ description = "The version of the Postgres engine"
+ type = number
+}
+
+variable "postgres_major_engine_version" {
+ description = "The major version of the Postgres engine"
+ type = number
+}
+
+variable "route53_assume_role_arn" {
+ description = "The ARN of the DNS role"
+ type = string
+ default = null
+}
+
+variable "region" {
+ description = "The AWS region"
+ type = string
+}
diff --git a/examples/same-account/versions.tf b/examples/same-account/versions.tf
new file mode 100644
index 0000000..a6722f9
--- /dev/null
+++ b/examples/same-account/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+ required_version = ">= 1.13.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 6.0"
+ }
+ }
+}
diff --git a/main.tf b/main.tf
index 9dfbbb8..6e0ff7f 100644
--- a/main.tf
+++ b/main.tf
@@ -204,7 +204,12 @@ data "aws_ecs_cluster" "this" {
module "ecs_kong" {
source = "infraspecdev/ecs-deployment/aws"
- version = "~> 4.3.4"
+ version = "4.3.6"
+
+ providers = {
+ aws = aws
+ aws.cross_account_provider = aws.cross_account_provider
+ }
vpc_id = var.vpc_id
cluster_name = data.aws_ecs_cluster.this.cluster_name
@@ -321,10 +326,17 @@ module "ecs_kong" {
domain_name = var.kong_public_domain_name
validation_domain = var.kong_public_domain_name
}
- record_zone_id = module.kong_public_dns_record.zone_id
+
+ record_zone_id = (
+ var.route53_assume_role_arn != null
+ ? module.kong_public_dns_record[0].zone_id
+ : module.kong_public_dns_record_same_account[0].zone_id
+ )
}
}
+ route53_assume_role_arn = var.route53_assume_role_arn
+
depends_on = [module.kong_rds]
}
@@ -389,23 +401,57 @@ module "internal_alb_kong" {
################################################################################
# Route53 Record For Public ALB
################################################################################
-
-module "kong_public_dns_record" {
+module "kong_public_dns_record_same_account" {
+ count = var.route53_assume_role_arn == null ? 1 : 0
source = "./modules/route-53-record"
domain = var.kong_public_domain_name
alb_dns_name = module.ecs_kong.alb_dns_name
alb_zone_id = module.ecs_kong.alb_zone_id
+
+ providers = {
+ aws = aws
+ }
}
################################################################################
# Route53 Record For Internal ALB
################################################################################
+module "kong_internal_dns_record_same_account" {
+ count = var.route53_assume_role_arn == null ? 1 : 0
+ source = "./modules/route-53-record"
+
+ domain = var.kong_admin_domain_name
+ alb_dns_name = module.internal_alb_kong.dns_name
+ alb_zone_id = module.ecs_kong.alb_zone_id
+
+ providers = {
+ aws = aws
+ }
+}
+
+module "kong_public_dns_record" {
+ count = var.route53_assume_role_arn != null ? 1 : 0
+ source = "./modules/route-53-record"
+
+ domain = var.kong_public_domain_name
+ alb_dns_name = module.ecs_kong.alb_dns_name
+ alb_zone_id = module.ecs_kong.alb_zone_id
+
+ providers = {
+ aws = aws.cross_account_provider
+ }
+}
module "kong_internal_dns_record" {
+ count = var.route53_assume_role_arn != null ? 1 : 0
source = "./modules/route-53-record"
domain = var.kong_admin_domain_name
alb_dns_name = module.internal_alb_kong.dns_name
alb_zone_id = module.ecs_kong.alb_zone_id
+
+ providers = {
+ aws = aws.cross_account_provider
+ }
}
diff --git a/variables.tf b/variables.tf
index 085e67c..477c516 100644
--- a/variables.tf
+++ b/variables.tf
@@ -181,3 +181,9 @@ variable "postgres_major_engine_version" {
error_message = "The major PostgreSQL engine version must be 16 or higher."
}
}
+
+variable "route53_assume_role_arn" {
+ description = "ARN of the IAM role to assume in the hosted-zone account (should be null for same-account)."
+ type = string
+ default = null
+}
diff --git a/versions.tf b/versions.tf
index 51899a0..59896a8 100644
--- a/versions.tf
+++ b/versions.tf
@@ -4,7 +4,10 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
- version = ">= 5.5.0"
+ version = ">= 6.0"
+ configuration_aliases = [
+ aws.cross_account_provider
+ ]
}
}
}