Adds modules for private and public A records for DNS

Public module only creates forward A record.
Private module creates reverse DNS entry as well.
Will need other modules for CNAME or Alias records.

Updates the 'interconnect' instances to use the new DNS.

base/dns/private_dns_zone/main.tf → base/dns/private_dns/main.tf

@@ -1,8 +1,6 @@
 locals {
   first_vpc = var.vpcs[0]
   remaining_vpcs = [ for vpc in var.vpcs: vpc if vpc != local.first_vpc ]
-
-  other_partition = var.aws_partition == "aws-us-gov" ? "aws" : "aws-us-gov"
 }
 
 # debug
@@ -12,7 +10,7 @@ locals {
 
 # Create the private zones
 resource "aws_route53_zone" "private" {
-  name = var.private_dns[var.aws_partition].name
+  name = var.dns_info["private"]["zone"]
   tags = merge(var.standard_tags, var.tags)
 
   vpc {
@@ -36,8 +34,30 @@ resource "aws_route53_zone_association" "associations" {
   vpc_id  = each.value
 }
 
-output "zone_id" {
-  value = aws_route53_zone.private.id
+# Create the private reverse zone
+resource "aws_route53_zone" "reverse" {
+  name = var.dns_info["reverse"]["zone"]
+  tags = merge(var.standard_tags, var.tags)
+
+  vpc {
+    vpc_id = local.first_vpc
+  }
+
+  # For the rationale here, see the notes at:
+  # https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone_association
+  #
+  # tldr; We can't create without an association, but we can't add associations without changing this record.
+  # So we add one, and then we add it again and ignore any further changes.
+  lifecycle {
+    ignore_changes = [vpc]
+  }
+}
+
+resource "aws_route53_zone_association" "reverse_associations" {
+  for_each = toset(local.remaining_vpcs)
+
+  zone_id = aws_route53_zone.reverse.zone_id
+  vpc_id  = each.value
 }
 
 ###################################
@@ -59,10 +79,6 @@ resource "aws_route53_resolver_endpoint" "private_resolver" {
   tags = merge(var.standard_tags, var.tags)
 }
 
-output dns_servers {
-  value = [ for ipblock in aws_route53_resolver_endpoint.private_resolver.ip_address: ipblock["ip"] ]
-}
-
 resource "aws_security_group" "resolver_security_group" {
   name        = "route53_resolver"
   description = "Allow DNS inbound traffic"

base/dns/private_dns/outputs.tf

@@ -0,0 +1,11 @@
+output "zone_id" {
+  value = aws_route53_zone.private.id
+}
+
+output "reverse_zone_id" {
+  value = aws_route53_zone.reverse.id
+}
+
+output dns_servers {
+  value = [ for ipblock in aws_route53_resolver_endpoint.private_resolver.ip_address: ipblock["ip"] ]
+}

base/dns/private_dns_zone/vars.tf → base/dns/private_dns/vars.tf

@@ -1,8 +1,8 @@
-variable private_dns { type = map }
 variable vpcs { type = list(string) }
 variable subnets { type = list(string) }
 
 # inherited variables
+variable dns_info { type = map }
 variable tags { type = map }
 variable standard_tags { type = map }
 variable aws_account_id { type = string }

base/interconnects/main.tf

@@ -77,23 +77,53 @@ resource "aws_instance" "interconnects" {
   #}
 }
 
-# DNS Records
-resource "aws_route53_record" "interconnects" {
-  count = var.interconnects_count
-  name = "interconnect-${ var.environment }-${ count.index }"
-  type = "A"
-  ttl  = 300
-  zone_id = var.dns_public["id"]
-  records = [ aws_eip.interconnects[count.index].public_ip ]
-  provider = aws.legacy
+# DNS Records don't support count yet! Time to migrate to 0.13 beta!
+# Seriously, though, if we change the count, we will have to change
+# this module, _if_ we want DNS entries.
+module "private_dns_record_0" {
+  source = "../../submodules/dns/private_A_record"
+
+  name = "interconnect-0"
+  ip_addresses = [ aws_instance.interconnects[0].private_ip ]
+  dns_info = var.dns_info
+  
+  providers = {
+    aws.c2 = aws.c2
+  }
 }
 
-resource "aws_route53_record" "interconnects_pvt" {
-  count = var.interconnects_count
-  name = "interconnect-${ count.index }"
-  type = "A"
-  ttl  = 300
-  zone_id = var.dns_private["id"]
-  records = [ aws_instance.interconnects[count.index].private_ip ]
-  provider = aws.legacy
+module "private_dns_record_1" {
+  source = "../../submodules/dns/private_A_record"
+
+  name = "interconnect-1"
+  ip_addresses = [ aws_instance.interconnects[1].private_ip ]
+  dns_info = var.dns_info
+  
+  providers = {
+    aws.c2 = aws.c2
+  }
+}
+
+module "public_dns_record_0" {
+  source = "../../submodules/dns/public_A_record"
+
+  name = "interconnect-0"
+  ip_addresses = [ aws_eip.interconnects[0].public_ip ]
+  dns_info = var.dns_info
+
+  providers = {
+    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
+  }
+}
+
+module "public_dns_record_1" {
+  source = "../../submodules/dns/public_A_record"
+
+  name = "interconnect-1"
+  ip_addresses = [ aws_eip.interconnects[1].public_ip ]
+  dns_info = var.dns_info
+
+  providers = {
+    aws.mdr-common-services-commercial = aws.mdr-common-services-commercial
+  }
 }

base/interconnects/outputs.tf

@@ -15,10 +15,15 @@ output "public_ips" {
     value = aws_eip.interconnects[*].public_ip
 }
 
-output "public_dns" {
-  value = aws_route53_record.interconnects[*].fqdn
+output "private_dns" {
+  value = merge(module.private_dns_record_0.forward, module.private_dns_record_1.forward)
 }
 
-output "private_dns" {
-  value = aws_route53_record.interconnects_pvt[*].fqdn
+output "private_dns_reverse" {
+  value = merge(module.private_dns_record_0.reverse, module.private_dns_record_1.reverse)
 }
+
+output "public_dns" {
+  value = merge(module.public_dns_record_0.forward, module.public_dns_record_1.forward)
+}
+

base/interconnects/vars.tf

@@ -7,6 +7,9 @@ variable interconnects_instance_type { type = string }
 variable interconnects_key_name { type = string }
 variable interconnects_count { type = number }
 
+# Required for DNS module
+variable "dns_info" { type = map }
+
 variable "instance_termination_protection" { type = bool }
 variable "standard_tags" { type        = map }
 variable "aws_marketplace_ubuntu_owner_id" { type        = string }
@@ -17,6 +20,8 @@ variable "aws_partition" { type = string }
 variable "aws_partition_alias" { type = string }
 variable "aws_account_id" { type = string }
 variable "default_ami" { type = string }
+variable "security_vpc_cidr" { type = string }
+
+# Legacy dns, remove this
 variable "dns_public" { type = map }
 variable "dns_private" { type = map }
-variable "security_vpc_cidr" { type = string }

submodules/dns/private_A_record/main.tf

@@ -0,0 +1,26 @@
+locals {
+  # For reverse dns:
+  # 1) Split the ip addresses into 4 octets
+  octets = [ for ip in var.ip_addresses: regex("^(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)$", ip) ]
+  # 2) Reverse them, but only if the first octet is 10 (maybe handle 192.168 and 172.16 later)
+  reverse_addresses = [ for octets in local.octets: join(".", reverse(slice(octets, 1, 4))) if octets[0] == "10" ] 
+}
+
+resource "aws_route53_record" "dns" {
+  name = var.name
+  type = "A"
+  ttl  = 300
+  zone_id = var.dns_info["private"]["zone_id"]
+  records = var.ip_addresses
+  provider = aws.c2
+}
+
+resource "aws_route53_record" "reverse_dns" {
+  for_each = toset(local.reverse_addresses)
+  name = each.value
+  type = "PTR"
+  ttl  = 300
+  zone_id = var.dns_info["reverse"]["zone_id"]
+  records = [ "${var.name}.${var.dns_info["private"]["zone"]}" ]
+  provider = aws.c2
+}

submodules/dns/private_A_record/outputs.tf

@@ -0,0 +1,8 @@
+output "forward" { 
+  # Parenthesis required to resolve ambiguity
+  value = { (aws_route53_record.dns.fqdn) = aws_route53_record.dns.records }
+}
+
+output "reverse" {
+  value = { for entry in aws_route53_record.reverse_dns: entry.fqdn => entry.records }
+}

submodules/dns/private_A_record/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  alias = "c2"
+}

submodules/dns/private_A_record/vars.tf

@@ -0,0 +1,3 @@
+variable "name" { type = string }
+variable "ip_addresses" { type = list }
+variable "dns_info" { type = map }

submodules/dns/public_A_record/main.tf

@@ -0,0 +1,8 @@
+resource "aws_route53_record" "dns" {
+  name = var.name
+  type = "A"
+  ttl  = 300
+  zone_id = var.dns_info["public"]["zone_id"]
+  records = var.ip_addresses
+  provider = aws.mdr-common-services-commercial
+}

submodules/dns/public_A_record/outputs.tf

@@ -0,0 +1,4 @@
+output "forward" { 
+  # Parenthesis required to resolve ambiguity
+  value = { (aws_route53_record.dns.fqdn) = aws_route53_record.dns.records }
+}

submodules/dns/public_A_record/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  alias = "mdr-common-services-commercial"
+}

submodules/dns/public_A_record/vars.tf

@@ -0,0 +1,3 @@
+variable "name" { type = string }
+variable "ip_addresses" { type = list }
+variable "dns_info" { type = map }