├── .gitignore ├── README.md ├── main.tf ├── outputs.tf ├── terraform.tfvars └── variables.tf /.gitignore: -------------------------------------------------------------------------------- 1 | *.tfstate 2 | *.tfstate.* 3 | **/.terraform/* 4 | *.tfvars 5 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | #### Route53Resolver Endpoint 2 | 3 | This module creates a route53 resolver endpoint. The module leverages the aws cli, so it's important you have the aws cli `~/.aws/config` populated. Note: This module does not create the route53 resolver rule required to associate an endpoint to outbound VPC traffic. 4 | 5 | 6 | ##### Inputs 7 | | Name | Description | Default | Type |Required | 8 | |------|-------------|:-----:|:-----:|:-----:| 9 | | direction| The direction of the resolver endpoint | - | string | yes | 10 | | subnet-ids|The subnet ids for the endpoint to be applied to| - | list | yes | 11 | | security-groups| The security groups to be applied | - | list | yes | 12 | | ip-addresses| The ip address for the endpoins to leverage, 1 per subnet | - | list | yes | 13 | | endpoint-name| The name of the endpoint | - | string | yes | 14 | | aws-profile| The aws profile name to use | - | string | yes | 15 | | delete| This will delete the endpoint created | false | string | no | 16 | | tags | The tags to apply for the endpoint | - | string | yes | 17 | 18 | 19 | 20 | 21 | 22 | ##### Outputs 23 | 24 | | Name | Description | 25 | |------|-------------| 26 | |aws-cli-output| The aws cli output from the command| 27 | |endpoint-id| The resolver endpoint ID| 28 | 29 | 30 | 31 | Usage Example: 32 | ```terraform 33 | module "route53resolver-endpoint" { 34 | direction = "INBOUND" 35 | security-groups = "sg-123456789 sg-abcdefg" 36 | subnet-ids = ["subnet-123456789asaf", "subnet-123456789asaf"] 37 | ip-addresses = ["10.1.1.111", "10.1.2.111"] 38 | endpoint-name = "terraform-testing" 39 | profile = "test-env" 40 | tags = "Key=Owner,Value=admin 41 | } 42 | 43 | 44 | output "cli-output" { 45 | value = "${module.route53resolver-endpoint.aws-cli-output}" 46 | } 47 | 48 | output "resolver-id" { 49 | value = "${module.route53resolver-endpoint.endpoint-id}" 50 | } 51 | ``` 52 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | resource "null_resource" "create-endpoint" { 2 | provisioner "local-exec" { 3 | command = "aws route53resolver create-resolver-endpoint --creator-request-id ${var.creator-request-id} --security-group-ids ${local.security-groups} --direction ${var.direction} --ip-addresses ${local.list-ip-template} --name ${var.endpoint-name} --tags ${var.tags} --profile ${var.aws-profile} > ${data.template_file.log_name.rendered}" 4 | } 5 | } 6 | 7 | resource "null_resource" "output-id" { 8 | provisioner "local-exec" { 9 | command = "aws route53resolver list-resolver-endpoints --profile ${var.aws-profile} --output text --query 'ResolverEndpoints[?Name==`${var.endpoint-name}`].Id' > ${data.template_file.endpoint-id.rendered}" 10 | } 11 | depends_on = ["null_resource.create-endpoint"] 12 | } 13 | 14 | resource "null_resource" "deleteEndpoint" { 15 | count = "${var.delete != "false" ? 1 :0}" 16 | provisioner "local-exec" { 17 | command = "aws route53resolver delete-resolver-endpoint resolver-endpoint-id ${trimspace(data.local_file.readId.content)} --profile ${var.aws-profile} > ${data.template_file.log_name.rendered}" 18 | } 19 | depends_on = ["null_resource.create-endpoint"] 20 | } 21 | 22 | # ------------------------------------------------------------ 23 | data "template_file" "log_name" { 24 | template = "${path.module}/output.log" 25 | } 26 | 27 | data "template_file" "endpoint-id" { 28 | template = "${path.module}/id.log" 29 | } 30 | 31 | data "local_file" "create-endpoint" { 32 | filename = "${data.template_file.log_name.rendered}" 33 | depends_on = ["null_resource.create-endpoint"] 34 | } 35 | 36 | data "local_file" "readId" { 37 | filename = "${data.template_file.endpoint-id.rendered}" 38 | depends_on = ["null_resource.output-id"] 39 | } 40 | 41 | data "template_file" "ip-template" { 42 | count = "${length(var.subnet-ids)}" 43 | template = "SubnetId=${var.subnet-ids[count.index]},Ip=${var.ip_addresses[count.index]} " 44 | } 45 | 46 | data "template_file" "security-groups" { 47 | count = "${length(var.security-groups)}" 48 | template = "${var.security-groups[count.index]} " 49 | } 50 | 51 | #------------------------------------------------------------------ 52 | locals { 53 | list-ip-template = "${join(" ",data.template_file.ip-template.*.rendered)}" 54 | security-groups = "${join(" ",data.template_file.security-groups.*.rendered)}" 55 | } 56 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "aws-cli-output" { 2 | value = "${data.local_file.create-endpoint.content}" 3 | } 4 | 5 | output "endpoint-id" { 6 | value = "${trimspace(data.local_file.readId.content)}" 7 | } 8 | -------------------------------------------------------------------------------- /terraform.tfvars: -------------------------------------------------------------------------------- 1 | creator-request-id = "tf-created" 2 | direction = "INBOUND" 3 | subnet-ids = ["subnet-0c198d46", "subnet-0fdfc630"] 4 | security-groups = ["sg-bf067cf7", "sg-07d713a3ded836992"] 5 | ip_addresses = ["172.31.16.11", "172.31.48.11"] 6 | endpoint-name = "onpremEndpoint" 7 | aws-profile = "default" 8 | tags = "Key=Owner,Value=Admin" 9 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | variable "creator-request-id" { 2 | type = "string" 3 | description = "Name to identify the request" 4 | } 5 | 6 | variable "direction" { 7 | type = "string" 8 | description = "INBOUND OR OUTBOUND" 9 | } 10 | 11 | variable "subnet-ids" { 12 | type = "list" 13 | description = "The ID of subnets that contain the IP addresess" 14 | } 15 | 16 | variable "security-groups" { 17 | type = "list" 18 | description = "The ID of security groups that you want to use to control access to this VPC" 19 | } 20 | 21 | variable "ip_addresses" { 22 | type = "list" 23 | description = "The IP addresses to apply" 24 | } 25 | 26 | variable "endpoint-name" { 27 | type = "string" 28 | description = "A name for your endpoint" 29 | } 30 | 31 | variable "aws-profile" { 32 | type = "string" 33 | description = "The AWS profile as found in the ~/.aws/config file" 34 | } 35 | 36 | variable "tags" { 37 | type = "string" 38 | } 39 | 40 | variable "delete" { 41 | type = "string" 42 | default = "false" 43 | description = "Used to delete the the endpoint" 44 | } 45 | --------------------------------------------------------------------------------