Skip to content

feat: Allows lookup of private hosted zones #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -221,7 +221,7 @@ module "api_gateway" {
| <a name="input_body"></a> [body](#input\_body) | An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs | `string` | `null` | no |
| <a name="input_cors_configuration"></a> [cors\_configuration](#input\_cors\_configuration) | The cross-origin resource sharing (CORS) configuration. Applicable for HTTP APIs | <pre>object({<br/> allow_credentials = optional(bool)<br/> allow_headers = optional(list(string))<br/> allow_methods = optional(list(string))<br/> allow_origins = optional(list(string))<br/> expose_headers = optional(list(string), [])<br/> max_age = optional(number)<br/> })</pre> | `null` | no |
| <a name="input_create"></a> [create](#input\_create) | Controls if resources should be created | `bool` | `true` | no |
| <a name="input_create_certificate"></a> [create\_certificate](#input\_create\_certificate) | Whether to create a certificate for the domain | `bool` | `true` | no |
| <a name="input_create_certificate"></a> [create\_certificate](#input\_create\_certificate) | Whether to create a certificate for the domain. Since certificate validate only works on public domains, this will be ignore if `private_zone` is set to `true` | `bool` | `true` | no |
| <a name="input_create_domain_name"></a> [create\_domain\_name](#input\_create\_domain\_name) | Whether to create API domain name resource | `bool` | `true` | no |
| <a name="input_create_domain_records"></a> [create\_domain\_records](#input\_create\_domain\_records) | Whether to create Route53 records for the domain name | `bool` | `true` | no |
| <a name="input_create_routes_and_integrations"></a> [create\_routes\_and\_integrations](#input\_create\_routes\_and\_integrations) | Whether to create routes and integrations resources | `bool` | `true` | no |
@@ -238,6 +238,7 @@ module "api_gateway" {
| <a name="input_ip_address_type"></a> [ip\_address\_type](#input\_ip\_address\_type) | The IP address types that can invoke the API. Valid values: ipv4, dualstack. Use ipv4 to allow only IPv4 addresses to invoke your API, or use dualstack to allow both IPv4 and IPv6 addresses to invoke your API. Defaults to ipv4. | `string` | `null` | no |
| <a name="input_mutual_tls_authentication"></a> [mutual\_tls\_authentication](#input\_mutual\_tls\_authentication) | The mutual TLS authentication configuration for the domain name | `map(string)` | `{}` | no |
| <a name="input_name"></a> [name](#input\_name) | The name of the API. Must be less than or equal to 128 characters in length | `string` | `""` | no |
| <a name="input_private_zone"></a> [private\_zone](#input\_private\_zone) | Indicates the hosted zone being looked up is private. Certificate validation will fail if this is set to true. | `bool` | `false` | no |
| <a name="input_protocol_type"></a> [protocol\_type](#input\_protocol\_type) | The API protocol. Valid values: `HTTP`, `WEBSOCKET` | `string` | `"HTTP"` | no |
| <a name="input_route_key"></a> [route\_key](#input\_route\_key) | Part of quick create. Specifies any route key. Applicable for HTTP APIs | `string` | `null` | no |
| <a name="input_route_selection_expression"></a> [route\_selection\_expression](#input\_route\_selection\_expression) | The route selection expression for the API. Defaults to `$request.method $request.path` | `string` | `null` | no |
5 changes: 3 additions & 2 deletions main.tf
Original file line number Diff line number Diff line change
@@ -136,7 +136,8 @@ locals {
data "aws_route53_zone" "this" {
count = local.create_domain_name && var.create_domain_records ? 1 : 0

name = coalesce(var.hosted_zone_name, local.stripped_domain_name)
name = coalesce(var.hosted_zone_name, local.stripped_domain_name)
private_zone = var.private_zone
}

resource "aws_route53_record" "this" {
@@ -158,7 +159,7 @@ resource "aws_route53_record" "this" {
################################################################################

locals {
create_certificate = local.create_domain_name && var.create_certificate
create_certificate = local.create_domain_name && var.create_certificate && !var.private_zone

is_wildcard = startswith(var.domain_name, "*.")
}
8 changes: 7 additions & 1 deletion variables.tf
Original file line number Diff line number Diff line change
@@ -156,6 +156,12 @@ variable "hosted_zone_name" {
default = null
}

variable "private_zone" {
description = "Indicates the hosted zone being looked up is private. Certificate validation will fail if this is set to true."
type = bool
default = false
}

variable "domain_name_certificate_arn" {
description = "The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source"
type = string
@@ -201,7 +207,7 @@ variable "subdomain_record_types" {
################################################################################

variable "create_certificate" {
description = "Whether to create a certificate for the domain"
description = "Whether to create a certificate for the domain. Since certificate validate only works on public domains, this will be ignore if `private_zone` is set to `true`"
type = bool
default = true
}
1 change: 1 addition & 0 deletions wrappers/main.tf
Original file line number Diff line number Diff line change
@@ -27,6 +27,7 @@ module "wrapper" {
ip_address_type = try(each.value.ip_address_type, var.defaults.ip_address_type, null)
mutual_tls_authentication = try(each.value.mutual_tls_authentication, var.defaults.mutual_tls_authentication, {})
name = try(each.value.name, var.defaults.name, "")
private_zone = try(each.value.private_zone, var.defaults.private_zone, false)
protocol_type = try(each.value.protocol_type, var.defaults.protocol_type, "HTTP")
route_key = try(each.value.route_key, var.defaults.route_key, null)
route_selection_expression = try(each.value.route_selection_expression, var.defaults.route_selection_expression, null)