feature: Route53 resolver module #1
Conversation
angautam
force-pushed
the
feat/inception
branch
from
7ef9723 to
52356f6
Compare
Terraform Format and Style 🖌
|
| Terraform module to create Route53 resolver. This will be useful when creating the Route53 Resolver either inbound or outbound. | ||
|
|
||
| Please note that this module does not cover the Resolver query logging. |
There was a problem hiding this comment.
This Terraform module provisions an AWS Route 53 Resolver Endpoint for inbound or outbound DNS resolution.
There was a problem hiding this comment.
Query logging is not a core functionality so no need to mention that it's not there imo
|
|
||
| IMPORTANT: We do not pin modules to versions in our examples. We highly recommend that in your code you pin the version to the exact version you are using so that your infrastructure remains stable. | ||
|
|
||
| ## Terraform AWS Route53 Resolver Module |
There was a problem hiding this comment.
| ## Terraform AWS Route53 Resolver Module |
|
|
||
| ## Licensing | ||
|
|
||
| 100% Open Source and licensed under the Apache License Version 2.0. See [LICENSE](https://github.com/schubergphilis/terraform-aws-mcaf-user/blob/master/LICENSE) for full details. |
There was a problem hiding this comment.
| 100% Open Source and licensed under the Apache License Version 2.0. See [LICENSE](https://github.com/schubergphilis/terraform-aws-mcaf-user/blob/master/LICENSE) for full details. | |
| 100% Open Source and licensed under the Apache License Version 2.0. See [LICENSE](https://github.com/schubergphilis/terraform-aws-mcaf-route53-resolver/blob/master/LICENSE) for full details. |
| name = var.security_group_name | ||
| name_prefix = var.security_group_name_prefix | ||
| tags = var.tags | ||
| vpc_id = var.vpc_id |
There was a problem hiding this comment.
https://github.com/schubergphilis/terraform-aws-mcaf-lambda/blob/master/main.tf#L58
if you add a data source for this then you don't need the vpc_id variable anymore
| count = var.create_security_group ? 1 : 0 | ||
|
|
||
| source = "schubergphilis/mcaf-security-group/aws" | ||
| version = "0.1.0" |
There was a problem hiding this comment.
| version = "0.1.0" | |
| version = "~> 0.1.0" |
|
|
||
| variable "protocols" { | ||
| type = list(string) | ||
| default = [] |
There was a problem hiding this comment.
Would it make sense to default to ["Do53", "DoH"] ?
| variable "security_group_description" { | ||
| type = string | ||
| default = null | ||
| description = "This security group is created to allow port 53 for DNS resolver" |
There was a problem hiding this comment.
| description = "This security group is created to allow port 53 for DNS resolver" | |
| description = "Route53 Resolver Endpoint Security Group, allows port 53 for DNS resolving" |
| variable "security_group_egress_cidr_blocks" { | ||
| type = string | ||
| default = "0.0.0.0/0" | ||
| description = "A list of CIDR blocks to allow on security group egress rules" |
There was a problem hiding this comment.
Discussion point: take security group module out.. if not then we need to support multiple cidr_blocks and add looping
No description provided.