diff --git a/README.md b/README.md
index 96e8267a0..7f819d65f 100644
--- a/README.md
+++ b/README.md
@@ -304,6 +304,7 @@ No modules.
| [aws_route.private_nat_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.public_internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
| [aws_route.public_internet_gateway_ipv6](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_route53_resolver_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_resolver_config) | resource |
| [aws_route_table.database](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
| [aws_route_table.elasticache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
| [aws_route_table.intra](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route_table) | resource |
@@ -435,6 +436,7 @@ No modules.
| [enable\_nat\_gateway](#input\_enable\_nat\_gateway) | Should be true if you want to provision NAT Gateways for each of your private networks | `bool` | `false` | no |
| [enable\_network\_address\_usage\_metrics](#input\_enable\_network\_address\_usage\_metrics) | Determines whether network address usage metrics are enabled for the VPC | `bool` | `null` | no |
| [enable\_public\_redshift](#input\_enable\_public\_redshift) | Controls if redshift should have public routing table | `bool` | `false` | no |
+| [enable\_route53\_resolver\_config](#input\_enable\_route53\_resolver\_config) | Whether to manage Route53 configuration for VPC | `bool` | `false` | no |
| [enable\_vpn\_gateway](#input\_enable\_vpn\_gateway) | Should be true if you want to create a new VPN Gateway resource and attach it to the VPC | `bool` | `false` | no |
| [external\_nat\_ip\_ids](#input\_external\_nat\_ip\_ids) | List of EIP IDs to be assigned to the NAT Gateways (used in combination with reuse\_nat\_ips) | `list(string)` | `[]` | no |
| [external\_nat\_ips](#input\_external\_nat\_ips) | List of EIPs to be used for `nat_public_ips` output (used in combination with reuse\_nat\_ips and external\_nat\_ip\_ids) | `list(string)` | `[]` | no |
@@ -565,6 +567,7 @@ No modules.
| [redshift\_subnets](#input\_redshift\_subnets) | A list of redshift subnets inside the VPC | `list(string)` | `[]` | no |
| [region](#input\_region) | Region where the resource(s) will be managed. Defaults to the region set in the provider configuration | `string` | `null` | no |
| [reuse\_nat\_ips](#input\_reuse\_nat\_ips) | Should be true if you don't want EIPs to be created for your NAT Gateways and will instead pass them in via the 'external\_nat\_ip\_ids' variable | `bool` | `false` | no |
+| [route53\_resolver\_config\_autodefined\_reverse\_flag](#input\_route53\_resolver\_config\_autodefined\_reverse\_flag) | Indicates whether or not the Resolver will create autodefined rules for reverse DNS lookups. | `string` | `"ENABLE"` | no |
| [secondary\_cidr\_blocks](#input\_secondary\_cidr\_blocks) | List of secondary CIDR blocks to associate with the VPC to extend the IP Address pool | `list(string)` | `[]` | no |
| [single\_nat\_gateway](#input\_single\_nat\_gateway) | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | `bool` | `false` | no |
| [tags](#input\_tags) | A map of tags to add to all resources | `map(string)` | `{}` | no |
@@ -686,6 +689,7 @@ No modules.
| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [route53\_resolver\_config](#output\_route53\_resolver\_config) | The ID of the Route53 Resolver Config ressource |
| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
diff --git a/examples/complete/README.md b/examples/complete/README.md
index 8909d97d0..e1a9baed0 100644
--- a/examples/complete/README.md
+++ b/examples/complete/README.md
@@ -144,6 +144,7 @@ No inputs.
| [redshift\_subnets](#output\_redshift\_subnets) | List of IDs of redshift subnets |
| [redshift\_subnets\_cidr\_blocks](#output\_redshift\_subnets\_cidr\_blocks) | List of cidr\_blocks of redshift subnets |
| [redshift\_subnets\_ipv6\_cidr\_blocks](#output\_redshift\_subnets\_ipv6\_cidr\_blocks) | List of IPv6 cidr\_blocks of redshift subnets in an IPv6 enabled VPC |
+| [route53\_resolver\_config](#output\_route53\_resolver\_config) | The ID of the Route53 Resolver Config ressource |
| [this\_customer\_gateway](#output\_this\_customer\_gateway) | Map of Customer Gateway attributes |
| [vgw\_arn](#output\_vgw\_arn) | The ARN of the VPN Gateway |
| [vgw\_id](#output\_vgw\_id) | The ID of the VPN Gateway |
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index b4a8c012c..aeca315ca 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -76,6 +76,9 @@ module "vpc" {
dhcp_options_domain_name = "service.consul"
dhcp_options_domain_name_servers = ["127.0.0.1", "10.10.0.2"]
+ enable_route53_resolver_config = true
+ route53_resolver_config_autodefined_reverse_flag = "DISABLE"
+
tags = local.tags
}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
index 5b2dd50bf..ca2b7dde9 100644
--- a/examples/complete/outputs.tf
+++ b/examples/complete/outputs.tf
@@ -528,3 +528,9 @@ output "vpc_endpoints_security_group_id" {
description = "ID of the security group"
value = module.vpc_endpoints.security_group_id
}
+
+# Resolver
+output "route53_resolver_config" {
+ description = "The ID of the Route53 Resolver Config ressource"
+ value = module.vpc.route53_resolver_config
+}
diff --git a/main.tf b/main.tf
index 31deb5988..1281825d5 100644
--- a/main.tf
+++ b/main.tf
@@ -1541,3 +1541,15 @@ resource "aws_default_route_table" "default" {
var.default_route_table_tags,
)
}
+
+
+################################################################################
+# Route53 Resolver config
+################################################################################
+
+resource "aws_route53_resolver_config" "this" {
+ count = local.create_vpc && var.enable_route53_resolver_config ? 1 : 0
+
+ resource_id = aws_vpc.this[0].id
+ autodefined_reverse_flag = var.route53_resolver_config_autodefined_reverse_flag
+}
diff --git a/outputs.tf b/outputs.tf
index 1d1d2783a..c0ddd9823 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -667,3 +667,13 @@ output "name" {
description = "The name of the VPC specified as argument to this module"
value = var.name
}
+
+
+################################################################################
+# Route53 Resolver Config
+################################################################################
+
+output "route53_resolver_config" {
+ description = "The ID of the Route53 Resolver Config ressource"
+ value = try(aws_route53_resolver_config.this[0].id, null)
+}
diff --git a/variables.tf b/variables.tf
index ea23a3e52..30854a90b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1678,3 +1678,19 @@ variable "putin_khuylo" {
type = bool
default = true
}
+
+################################################################################
+# Route53 Resolver
+################################################################################
+
+variable "enable_route53_resolver_config" {
+ description = "Whether to manage Route53 configuration for VPC"
+ type = bool
+ default = false
+}
+
+variable "route53_resolver_config_autodefined_reverse_flag" {
+ description = "Indicates whether or not the Resolver will create autodefined rules for reverse DNS lookups."
+ type = string
+ default = "ENABLE"
+}
diff --git a/wrappers/main.tf b/wrappers/main.tf
index bef0c73fc..218eefdec 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -162,6 +162,7 @@ module "wrapper" {
enable_nat_gateway = try(each.value.enable_nat_gateway, var.defaults.enable_nat_gateway, false)
enable_network_address_usage_metrics = try(each.value.enable_network_address_usage_metrics, var.defaults.enable_network_address_usage_metrics, null)
enable_public_redshift = try(each.value.enable_public_redshift, var.defaults.enable_public_redshift, false)
+ enable_route53_resolver_config = try(each.value.enable_route53_resolver_config, var.defaults.enable_route53_resolver_config, false)
enable_vpn_gateway = try(each.value.enable_vpn_gateway, var.defaults.enable_vpn_gateway, false)
external_nat_ip_ids = try(each.value.external_nat_ip_ids, var.defaults.external_nat_ip_ids, [])
external_nat_ips = try(each.value.external_nat_ips, var.defaults.external_nat_ips, [])
@@ -382,6 +383,7 @@ module "wrapper" {
redshift_subnets = try(each.value.redshift_subnets, var.defaults.redshift_subnets, [])
region = try(each.value.region, var.defaults.region, null)
reuse_nat_ips = try(each.value.reuse_nat_ips, var.defaults.reuse_nat_ips, false)
+ route53_resolver_config_autodefined_reverse_flag = try(each.value.route53_resolver_config_autodefined_reverse_flag, var.defaults.route53_resolver_config_autodefined_reverse_flag, "ENABLE")
secondary_cidr_blocks = try(each.value.secondary_cidr_blocks, var.defaults.secondary_cidr_blocks, [])
single_nat_gateway = try(each.value.single_nat_gateway, var.defaults.single_nat_gateway, false)
tags = try(each.value.tags, var.defaults.tags, {})