OPS-6392 Add private records for ALB

Flaconi · Dec 11, 2024 · bda162a · bda162a
1 parent 4a58799
commit bda162a
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -138,6 +138,14 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_vault_route53_private_dns_name"></a> [vault\_route53\_private\_dns\_name](#input\_vault\_route53\_private\_dns\_name)
+
+Description: The Route53 private DNS name for the vault ELB. If not set, no Route53 record will be created.
+
+Type: `string`
+
+Default: `""`
+
 ### <a name="input_ssh_user"></a> [ssh\_user](#input\_ssh\_user)
 
 Description: User name used for SSH-connections.

diff --git a/data.tf b/data.tf
@@ -10,12 +10,12 @@ data "aws_route53_zone" "public" {
 }
 
 data "aws_route53_zone" "private" {
-  count = var.vault_route53_public_dns_name != "" ? 1 : 0
+  count = var.vault_route53_private_dns_name != "" ? 1 : 0
 
   private_zone = true
 
   # Removes the first sub-domain part from the FQDN to use as hosted zone.
-  name = "${replace(var.vault_route53_public_dns_name, "/^.+?\\./", "")}."
+  name = "${replace(var.vault_route53_private_dns_name, "/^.+?\\./", "")}."
 }
 
 data "aws_security_groups" "alb" {

diff --git a/main.tf b/main.tf
@@ -119,18 +119,22 @@ module "vault_alb" {
   }
 
   # Route53 Record(s)
-  route53_records = var.vault_route53_public_dns_name != "" ? {
-    public = {
-      name    = var.vault_route53_public_dns_name
-      type    = "A"
-      zone_id = data.aws_route53_zone.public[0].id
-    }
-    private = {
-      name    = var.vault_route53_public_dns_name
-      type    = "A"
-      zone_id = data.aws_route53_zone.private[0].id
-    }
-  } : {}
+  route53_records = merge(
+    var.vault_route53_public_dns_name != "" ? {
+      public = {
+        name    = var.vault_route53_public_dns_name
+        type    = "A"
+        zone_id = data.aws_route53_zone.public[0].id
+      }
+    } : {},
+    var.vault_route53_private_dns_name != "" ? {
+      private = {
+        name    = var.vault_route53_private_dns_name
+        type    = "A"
+        zone_id = data.aws_route53_zone.private[0].id
+      }
+    } : {}
+  )
 
   tags = var.tags
 }

diff --git a/variables.tf b/variables.tf
@@ -43,6 +43,12 @@ variable "vault_route53_public_dns_name" {
   type        = string
 }
 
+variable "vault_route53_private_dns_name" {
+  description = "The Route53 private DNS name for the vault ELB. If not set, no Route53 record will be created."
+  default     = ""
+  type        = string
+}
+
 variable "ssh_user" {
   description = "User name used for SSH-connections."
   type        = string