Terraform module for Amazon Route53 Resolver Rules

2 minute read

AWS Route53 Resolver Rules


Resolver outbound endpoint diagram


Escribí este módulo para poder crear reglas de AWS Route53 Resolver para endpoints de salida de una manera más conveniente.

Puedes verificar el módulo terraform-aws-route53-resolver-rules en el Terraform Registry o clonarlo de github.

Si quieres echar un vistazo al módulo, también dejé el archivo README en esta publicación:

terraform-aws-route53-resolver-rules

Terraform module to create AWS Route53 Resolver Rules.

Usage

Before you start to forward queries, you must create Resolver outbound endpoints in the connected VPCs. These endpoints provide a path for inbound or outbound queries. To accomplish this you can create the endpoints using the aws_route53_resolver_endpoint resource or use a module like the terraform-aws-route53-endpoint

Check the examples folder for the simple and the complete snippets.

Example (complete)

This example creates two rules in a outbound endpoint, using all the parameter expected for building the rules:

# Outbound endpoint using the rhythmictech/terraform-aws-route53-endpoint module
module "r53-outboud" {
  source            = "git::https://github.com/rhythmictech/terraform-aws-route53-endpoint"
  direction         = "outbound"
  allowed_resolvers = ["192.168.0.0/24"]
  vpc_id            = "vpc-0fffff0123456789"
  ip_addresses      = [
    {
      ip        = "172.30.1.10"
      subnet_id = "subnet-abcd123456789aaaa"
    },
    {
      ip        = "172.30.2.10"
      subnet_id = "subnet-abcd123456789bbbb"
    }
  ]
}

# AWS Route 53 Resolver rules
module "r53-resolver-rules" {
  source               = "git::https://github.com/lgallard/terraform-aws-route53-resolver-rules.git"
  resolver_endpoint_id = module.r53-outboud.endpoint_ids

  rules = [
    { rule_name   = "r53r-rule-1"
      domain_name = "bar.foo."
      ram_name    = "ram-r53r-1"
      vpc_ids     = ["vpc-0fffff0123456789"]
      ips         = ["192.168.10.10", "192.168.10.11:54"]
      principals  = ["123456789101", "101987654321"]
    },
    {
      rule_name   = "r53r-rule-2"
      domain_name = "example.com."
      ram_name    = "ram-r53r-2"
      vpc_ids     = ["vpc-0fffff0123456789"]
      ips         = ["192.168.10.10", "192.168.10.11:54"]
      principals  = ["123456789101", "101987654321"]
    }
  ]
}

Note: You can define IP and ports using the IP:PORT syntax, as shown above.

Inputs

Name Description Type Default Required
resolver_endpoint_id The ID of the outbound resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify using target_ip. string null yes
rules List of rules list [] no
tags Map of tags to apply to supported resources map(string) {} no


Each rule accept the following parameters:

Rules

Name Description Type Default Required
domain_name Domain name to forward requests for string null yes
ips List of IPs and ports to forward DNS requests to. Use IP:PORT syntax, or just the IP list(string) [] yes
principals List of account IDs to share the resolver rule with list(string) [] no
ram_name RAM share name string r53-domain_name-rule no
resolver_endpoint_id Resolver endpoint id string null yes
rule_name Route53 resolver rule name string domain_name-rule no
tags Map of tags to apply to supported resources map(string) {} no
vpc_ids List of VPC ids to associate to the rule list(string) [] yes

Referencias

Leave a Comment