Terraform-provider-aws: Support route53resolver
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Support for route53resolver https://aws.amazon.com/blogs/aws/new-amazon-route-53-resolver-for-hybrid-clouds/
New or Affected Resource(s)
- aws_route53resolver
Potential Terraform Configuration
References
https://aws.amazon.com/blogs/aws/new-amazon-route-53-resolver-for-hybrid-clouds/
- #0000
CliffHoogervorst
All 22 comments
It looks like there will potentially be a number of new resources/data sources for Route53 Resolver:
- [x] [
aws_route53_resolver_endpoint](https://github.com/terraform-providers/terraform-provider-aws/pull/6574) - [x] ~
aws_route53_resolver_endpoint_ip_address_association~ Not needed - [x] [
aws_route53_resolver_rule](https://github.com/terraform-providers/terraform-provider-aws/pull/7799) - [x] [
aws_route53_resolver_rule_association](https://github.com/terraform-providers/terraform-provider-aws/pull/7799)
It would probably be best to have separate issues and PRs for sets of related new resources and maybe use this issue to create the scaffolding needed when any new AWS service is introduced (e.g. additions to config.go and provider.go).
ewbankkit
on 20 Nov 2018
It looks like the AWS SDK support was added in v1.15.77 - https://github.com/terraform-providers/terraform-provider-aws/pull/6484.
ewbankkit
on 20 Nov 2018
@ewbankkit: Are you planning to work on this? I need aws_route53_resolver_rule to be able to write tests for aws_ram_resource_share (already WIP in #6528). I'm happy to put that together.
gazoakley
on 22 Nov 2018
@gazoakley Yes, I can get this PRed today. I'll do the minimal changes that will be needed to get the initial set of resources in; Probably just additions to config.go and adding tagsRoute53Resolver.go for shared tagging code.
I'll pull over the commit from your aws-sdk-go PR and ping you when my PR is created so you can pull the commits.
I should be able to get the resolver endpoint resource(s) done under a separate issue/PR.
Many thanks.
ewbankkit
on 22 Nov 2018
@gazoakley Relevant PR is https://github.com/terraform-providers/terraform-provider-aws/pull/6554.
ewbankkit
on 22 Nov 2018
@ewbankkit: Thanks - I've pulled your change in. Seems like turtles all the way down though, since writing tests that fully exercise aws_route53_resolver_rule is going to need resolver endpoints 😄. I'll push my changes for that as WIP, and pull your changes for resolver endpoints when ready.
gazoakley
on 24 Nov 2018
@gazoakley The Route 53 Resolver endpoint PR is https://github.com/terraform-providers/terraform-provider-aws/pull/6574. Right now there's a limitation on supporting only one ip_address per subnet (which is probably what you'd want anyway). It's still a _WIP_ until we get some resolution on that limitation,
ewbankkit
on 25 Nov 2018
Using this as I need this for a project, I find the way to use intuitive, any ETA on having this merged to master? Any help needed?
resource "aws_security_group" "resolver_isp_public_util" {
name = "${module.isp_resolver_label.id}"
description = "Allow ISP mLink DNS inbound traffic"
vpc_id = "${data.terraform_remote_state.shared.production_vpc_id}"
ingress {
from_port = 53
to_port = 53
protocol = "UDP"
cidr_blocks = ["${var.mlink_cidr}"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = "${module.isp_resolver_label.tags}"
}
resource "aws_route53_resolver_endpoint" "isp_public_util" {
name = "${module.isp_resolver_label.id}"
direction = "INBOUND"
security_group_ids = [
"${aws_security_group.resolver_isp_public_util.id}",
]
ip_address {
subnet_id = "${module.public_subnets_shared.subnet_map["ap-southeast-1a"]}"
ip = "${cidrhost(local.public_subnets_shared_zone_cidrs["ap-southeast-1a"], -3)}"
}
ip_address {
subnet_id = "${module.public_subnets_shared.subnet_map["ap-southeast-1b"]}"
ip = "${cidrhost(local.public_subnets_shared_zone_cidrs["ap-southeast-1b"], -3)}"
}
tags = "${module.isp_resolver_label.tags}"
}
so0k
on 3 Dec 2018
@so0k I just need to get the time to complete the implementation; should be able to do that today.
ewbankkit
on 3 Dec 2018
Great :)
so0k
on 4 Dec 2018
@ewbankkit - any update about this PR? Maybe some help is needed?
patryk-dev
on 16 Dec 2018
@patryk-dev See my comments here.
ewbankkit
on 17 Dec 2018
Any updates when this will be available ?
rbadillo
on 3 Jan 2019
Anything I can do to help this along?
jdn-za
on 11 Feb 2019
Would be glad to hear about updates here! We are currently in need of this functionality...
ghost
on 25 Feb 2019
This will start its full review process after we release version 2.0.0 and a subsequent release with Terraform 0.12 support (potentially version 2.1.0).
bflad
on 25 Feb 2019
Does that mean it won't be supported in tf 11 and v1.x of the provider? Or just that V12 is keeping you from working on this?
Thanks for the clarification.
aggallim
on 25 Feb 2019
Hi,
With provider.aws: version = "~> 2.1" is failed with message:
Resolver endpoint need to have at least 2 IP addresses.
But I have 3 Subnets and I want to put 3 IPs.
You have the same problem? Thanks you.
resource "aws_route53_resolver_endpoint" "inbound_resolver" {
name = "Inbound Resolver"
direction = "INBOUND"
security_group_ids = [
"${aws_security_group.route53_resolver_dns.id}",
]
ip_address {
subnet_id = "${data.aws_subnet_ids.vpc-example-eu-central-1a.id}"
ip = "${var.IP_SUBNET_A}"
}
ip_address {
subnet_id = "${data.aws_subnet_ids.vpc-example-eu-central-1b.id}"
ip = "${var.IP_SUBNET_B}"
}
ip_address {
subnet_id = "${data.aws_subnet_ids.vpc-example-eu-central-1c.id}"
ip = "${var.IP_SUBNET_C}"
}
tags {
Name = "Inbound Resolver"
Deployed = "Terraform"
Environment = "${var.ENVIRONMENT}"
}
}
dalvarezquiroga
on 14 Mar 2019
The aws_route53_resolver_rule and aws_route53_resolver_rule_association resources have been merged and will release with version 2.2.0 of the Terraform AWS Provider, likely later today.
nywilken
on 14 Mar 2019
@dalvarezquiroga thanks for reporting the issue and I'm sorry you are running into trouble. I created a new issue #7942 to track your last comment. Please feel free to update that issue with any relevant information about Terraform or configuration details.
In the meantime, @CliffHoogervorst @ewbankkit I am going to close this issue now that the resolver resources have been merged. Please feel free to reach out if you would like for me to keep it open for further tracking.
nywilken
on 14 Mar 2019
This has been released in version 2.2.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
bflad
on 15 Mar 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 31 Mar 2020
Related issues
ghost
·
3Comments
hashibot
·
3Comments
joelittlejohn
·
3Comments
ccslamstack
·
3Comments
reedloden
·
3Comments
Most helpful comment
Any updates when this will be available ?