feat: Add route53_resolver_config_autodefined_reverse_flag

felipempda · felipempda · commit fcca66be2f2c · 2025-11-28T12:48:32.000-05:00
diff --git a/README.md b/README.md
@@ -304,6 +304,7 @@ No modules.
 | [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
 | [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
 | [aws_route.public_internet_gateway_ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route53_resolver_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_config) | resource |
 | [aws_route_table.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
 | [aws_route_table.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
 | [aws_route_table.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
@@ -435,6 +436,7 @@ No modules.
 | <a name="input_enable_nat_gateway"></a> [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no |
 | <a name="input_enable_network_address_usage_metrics"></a> [enable\_network\_address\_usage\_metrics](#input\_enable\_network\_address\_usage\_metrics) | Determines whether network address usage metrics are enabled for the VPC | `bool` | `null` | no |
 | <a name="input_enable_public_redshift"></a> [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no |
+| <a name="input_enable_route53_resolver_config"></a> [enable\_route53\_resolver\_config](#input\_enable\_route53\_resolver\_config) | Whether to manage Route53 configuration for VPC | `bool` | `false` | no |
 | <a name="input_enable_vpn_gateway"></a> [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |
 | <a name="input_external_nat_ip_ids"></a> [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no |
 | <a name="input_external_nat_ips"></a> [external\_nat\_ips](#input\_external\_nat\_ips) | List of EIPs to be used for `nat_public_ips` output (used in combination with reuse\_nat\_ips and external\_nat\_ip\_ids) | `list(string)` | `[]` | no |
@@ -565,6 +567,7 @@ No modules.
 | <a name="input_redshift_subnets"></a> [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no |
 | <a name="input_region"></a> [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
 | <a name="input_reuse_nat_ips"></a> [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no |
+| <a name="input_route53_resolver_config_autodefined_reverse_flag"></a> [route53\_resolver\_config\_autodefined\_reverse\_flag](#input\_route53\_resolver\_config\_autodefined\_reverse\_flag) | Indicates whether or not the Resolver will create autodefined rules for reverse DNS lookups. | `string` | `"ENABLE"` | no |
 | <a name="input_secondary_cidr_blocks"></a> [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no |
 | <a name="input_single_nat_gateway"></a> [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
@@ -686,6 +689,7 @@ No modules.
 | <a name="output_redshift_subnets"></a> [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
 | <a name="output_redshift_subnets_cidr_blocks"></a> [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
 | <a name="output_redshift_subnets_ipv6_cidr_blocks"></a> [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| <a name="output_route53_resolver_config"></a> [route53\_resolver\_config](#output\_route53\_resolver\_config) | The ID of the Route53 Resolver Config ressource |
 | <a name="output_this_customer_gateway"></a> [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
 | <a name="output_vgw_arn"></a> [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
 | <a name="output_vgw_id"></a> [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -144,6 +144,7 @@ No inputs.
 | <a name="output_redshift_subnets"></a> [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
 | <a name="output_redshift_subnets_cidr_blocks"></a> [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
 | <a name="output_redshift_subnets_ipv6_cidr_blocks"></a> [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| <a name="output_route53_resolver_config"></a> [route53\_resolver\_config](#output\_route53\_resolver\_config) | The ID of the Route53 Resolver Config ressource |
 | <a name="output_this_customer_gateway"></a> [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
 | <a name="output_vgw_arn"></a> [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
 | <a name="output_vgw_id"></a> [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -76,6 +76,9 @@ module "vpc" {
   dhcp_options_domain_name         = "service.consul"
   dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
 
+  enable_route53_resolver_config                   = true
+  route53_resolver_config_autodefined_reverse_flag = "DISABLE"
+
   tags = local.tags
 }
 
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -528,3 +528,9 @@ output "vpc_endpoints_security_group_id" {
   description = "ID of the security group"
   value       = module.vpc_endpoints.security_group_id
 }
+
+# Resolver
+output "route53_resolver_config" {
+  description = "The ID of the Route53 Resolver Config ressource"
+  value       = module.vpc.route53_resolver_config
+}
diff --git a/main.tf b/main.tf
@@ -1541,3 +1541,15 @@ resource "aws_default_route_table" "default" {
     var.default_route_table_tags,
   )
 }
+
+
+################################################################################
+# Route53 Resolver config
+################################################################################
+
+resource "aws_route53_resolver_config" "this" {
+  count = local.create_vpc && var.enable_route53_resolver_config ? 1 : 0
+
+  resource_id              = aws_vpc.this[0].id
+  autodefined_reverse_flag = var.route53_resolver_config_autodefined_reverse_flag
+}
diff --git a/outputs.tf b/outputs.tf
@@ -667,3 +667,13 @@ output "name" {
   description = "The name of the VPC specified as argument to this module"
   value       = var.name
 }
+
+
+################################################################################
+# Route53 Resolver Config
+################################################################################
+
+output "route53_resolver_config" {
+  description = "The ID of the Route53 Resolver Config ressource"
+  value       = try(aws_route53_resolver_config.this[0].id, null)
+}
diff --git a/variables.tf b/variables.tf
@@ -1678,3 +1678,19 @@ variable "putin_khuylo" {
   type        = bool
   default     = true
 }
+
+################################################################################
+# Route53 Resolver
+################################################################################
+
+variable "enable_route53_resolver_config" {
+  description = "Whether to manage Route53 configuration for VPC"
+  type        = bool
+  default     = false
+}
+
+variable "route53_resolver_config_autodefined_reverse_flag" {
+  description = "Indicates whether or not the Resolver will create autodefined rules for reverse DNS lookups."
+  type        = string
+  default     = "ENABLE"
+}
diff --git a/wrappers/main.tf b/wrappers/main.tf
@@ -162,6 +162,7 @@ module "wrapper" {
   enable_nat_gateway                                                = try(each.value.enable_nat_gateway, var.defaults.enable_nat_gateway, false)
   enable_network_address_usage_metrics                              = try(each.value.enable_network_address_usage_metrics, var.defaults.enable_network_address_usage_metrics, null)
   enable_public_redshift                                            = try(each.value.enable_public_redshift, var.defaults.enable_public_redshift, false)
+  enable_route53_resolver_config                                    = try(each.value.enable_route53_resolver_config, var.defaults.enable_route53_resolver_config, false)
   enable_vpn_gateway                                                = try(each.value.enable_vpn_gateway, var.defaults.enable_vpn_gateway, false)
   external_nat_ip_ids                                               = try(each.value.external_nat_ip_ids, var.defaults.external_nat_ip_ids, [])
   external_nat_ips                                                  = try(each.value.external_nat_ips, var.defaults.external_nat_ips, [])
@@ -382,6 +383,7 @@ module "wrapper" {
   redshift_subnets                                               = try(each.value.redshift_subnets, var.defaults.redshift_subnets, [])
   region                                                         = try(each.value.region, var.defaults.region, null)
   reuse_nat_ips                                                  = try(each.value.reuse_nat_ips, var.defaults.reuse_nat_ips, false)
+  route53_resolver_config_autodefined_reverse_flag               = try(each.value.route53_resolver_config_autodefined_reverse_flag, var.defaults.route53_resolver_config_autodefined_reverse_flag, "ENABLE")
   secondary_cidr_blocks                                          = try(each.value.secondary_cidr_blocks, var.defaults.secondary_cidr_blocks, [])
   single_nat_gateway                                             = try(each.value.single_nat_gateway, var.defaults.single_nat_gateway, false)
   tags                                                           = try(each.value.tags, var.defaults.tags, {})

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,9 @@ module "vpc" {`
`76`	`76`	`dhcp_options_domain_name = "service.consul"`
`77`	`77`	`dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]`
`78`	`78`
	`79`	`+ enable_route53_resolver_config = true`
	`80`	`+ route53_resolver_config_autodefined_reverse_flag = "DISABLE"`
	`81`	`+`
`79`	`82`	`tags = local.tags`
`80`	`83`	`}`
`81`	`84`