rubenandre commented 2 months ago

Description

With Route 53 Profiles, you can apply and manage DNS-related Route 53 configurations across many VPCs and in different AWS accounts. Profiles make managing the DNS settings for many VPCs as easy as managing them for a single VPC and when you update a Profile, its settings are propagated to all the VPCs associated to the Profile. You can also share a Profile with AWS accounts in the same Regions by using AWS RAM. (extracted from: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/profiles.html)

Requested Resource(s) and/or Data Source(s)

Resources:

aws_route53profiles_profile -> Creates an empty route53 profile
aws_route53profiles_resource_association -> Associates DNS FW rule, private hosted zones or resolver rules to the route53 profile
aws_route53profiles_association -> Associates the Route53 profile to the VPC (at the moment only supports vpc's even tough the property is called ResourceId - so I'm a little bit dubious what should be named this resource)

Data Sources:

aws_route53profiles_profile
aws_route53profiles_association
aws_route53profiles_resource_association

Potential Terraform Configuration

resource "aws_route53profiles_profile" "example" {
  name = "my-profile"
  tags = {}
}

resource "aws_route53profiles_resource_association" "dns_firewall_rule" {
  name                = "my-dns-firewall-rule"
  profile_id          = aws_route53profiles_profile.example.id
  resource_arn        = "arn:aws:route53resolver:us-east-1:123456789012:firewall-rule-group/rslvr-frg-cfe7f72example"
  resource_properties = "{\"priority\": 102}"
}

resource "aws_route53profiles_association" "example" {
  name        = "my-vpc-association"
  profile_id  = aws_route53profiles_profile.example.id
  resource_id = "vpc-0af3b96b3example"
  tags        = {}
}

data "aws_route53profiles_profile" "example" {
  profile_id = "rp-4987774726example"
}

data "aws_route53profiles_association" "example" {
  profile_association_id = "rpassoc-489ce212fexample"
}

data "aws_route53profiles_resource_association" "example" {
  profile_resource_association_id = "rpr-001913120a7example"
}

References

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/profiles.html

Resources:

https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_CreateProfile.html (aws_route53profiles_profile) https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateResourceToProfile.html (aws_route53profiles_resource_association) https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_AssociateProfile.html (aws_route53profiles_association)

Data Sources: https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_GetProfile.html (aws_route53profiles_profile) https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_GetProfileAssociation.html (aws_route53profiles_association) https://docs.aws.amazon.com/Route53/latest/APIReference/API_route53profiles_GetProfileResourceAssociation.html (aws_route53profiles_resource_association)

Would you like to implement a fix?

Yes

github-actions[bot] commented 2 months ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

pablo19sc commented 2 months ago

@rubenandre hi! are you working on this? We were thinking on adding the support for this feature, so happy to own it or support you if you are already working on it.

rubenandre commented 2 months ago

@pablo19sc hi! I worked on the service client for it. Yesterday I started to work on the first resource aws_route53profiles_profile. ~~but I'm still trying to be more acquainted with the codebase and grasp the direction for new resources, if it's preferred to go with "terraform plugin framework" or if SDKv2 it's still acceptable~~.

I'd be happy to work with you on these features, ~~but since I'm quite new to this codebase, I totally understand if you prefer to go full-on this~~.

Edit: Add strike-through to elements already grasped. The implementation of the first resource aws_route53profiles_profile was made in bellow attached PR using Terraform Plugin Framework.

If someone pretend to start the creation of the other resources, let me know so we could join synergies together, and avoid dual work.

RubenFr commented 1 month ago

@rubenandre - Is there any update on this feature?

aristosvo commented 3 weeks ago

Hi! Just to give a small update - I contacted the HC AWS provider team and they will almost certainly take this up next quarter, based on the popularity/👍🏽s on this issue. @rubenandre is dependent on their review on #37124.

aristosvo commented 2 weeks ago

@rubenandre I extended your work a bit in #38172, which is very much WIP but already has working tests for the two association resources. Hope you wouldn't mind!

rubenandre commented 1 week ago

@aristosvo Thank you very much. I'll not be able to move further with other resources. The Route53 profiles solution has a salty price for the use case that the company I belong to has.

hashicorp / terraform-provider-aws