Skip to content

Instantly share code, notes, and snippets.

@sherwind

sherwind/aws_route53_resolver.tf

Created May 4, 2020 15:18
Show Gist options
  • Save sherwind/602aed11d2a074c2bd9e88175881ffec to your computer and use it in GitHub Desktop.
Save sherwind/602aed11d2a074c2bd9e88175881ffec to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aws_route53_resolver.tf
resource "aws_security_group" "main_resolver_inbound" {
name = "main-resolver-inbound"
description = "Main Route53 resolver inbound"
vpc_id = module.vpc_main.vpc_id
ingress {
from_port = 53
to_port = 53
protocol = "udp"
cidr_blocks = ["10.77.0.0/22"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_route53_resolver_endpoint" "main_resolver_inbound" {
name = "main-resolver-inbound"
direction = "INBOUND"
security_group_ids = [
aws_security_group.main_resolver_inbound.id
]
ip_address {
subnet_id = module.vpc_main.private_1a_subnet_id
}
ip_address {
subnet_id = module.vpc_main.private_1b_subnet_id
}
}
# =-=-=-=-=-=-
resource "aws_security_group" "management_resolver_outbound" {
name = "management-resolver-outbound"
description = "Management Route53 resolver outbound"
vpc_id = module.vpc_management.vpc_id
ingress {
from_port = 53
to_port = 53
protocol = "udp"
cidr_blocks = ["10.77.0.0/22"]
}
ingress {
from_port = 53
to_port = 53
protocol = "tcp"
cidr_blocks = ["10.77.0.0/22"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_route53_resolver_endpoint" "management_resolver_outbound" {
name = "management-resolver-outbound"
direction = "OUTBOUND"
security_group_ids = [
aws_security_group.management_resolver_outbound.id
]
ip_address {
subnet_id = module.vpc_management.private_1a_subnet_id
}
ip_address {
subnet_id = module.vpc_management.private_1b_subnet_id
}
ip_address {
subnet_id = module.vpc_management.private_1c_subnet_id
}
}
# =-=-=-=-=-=-
resource "aws_route53_resolver_rule" "eks_amazonaws_com" {
domain_name = "eks.amazonaws.com"
name = "eks_amazonaws_com"
rule_type = "FORWARD"
resolver_endpoint_id = aws_route53_resolver_endpoint.management_resolver_outbound.id
dynamic "target_ip" {
for_each = aws_route53_resolver_endpoint.main_resolver_inbound.ip_address
content {
ip = target_ip.value["ip"]
}
}
}
resource "aws_route53_resolver_rule_association" "eks_amazonaws_com" {
resolver_rule_id = aws_route53_resolver_rule.eks_amazonaws_com.id
vpc_id = module.vpc_management.vpc_id
}
# =-=-=-=-=-=-
output "main_resolver_inbound_id" {
value = aws_route53_resolver_endpoint.main_resolver_inbound.id
}
output "main_resolver_inbound_ip_address" {
value = aws_route53_resolver_endpoint.main_resolver_inbound.ip_address
}
output "management_resolver_outbound_id" {
value = aws_route53_resolver_endpoint.management_resolver_outbound.id
}
output "management_resolver_outbound_ip_address" {
value = aws_route53_resolver_endpoint.management_resolver_outbound.ip_address
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment