AWS EKS endpoint resolution from peered VPC

dhineshbabuelango · October 8, 2019, 7:06am

Hi All, We are using AWS EKS. Since EKS endpoint will not get resolved from peered VPC, we always use route53 resovler by creating inbound and outbound endpoint and then create rule.

Here we haev created the inbound and outbound endpoint but while creating the rule, we need to pass the ip address created from the inbound connection, but its throwing an error when we try to use dynamic blocks.

variable “region” {
default = “ap-southeast-1”
}
provider “aws” {
region = “${var.region}”
}

resource “aws_route53_resolver_endpoint” “eks-resolver” {
name = “test-eks-dev_inboundendpoint”
direction = “INBOUND”

security_group_ids = [
“${var.inbound-sg}”,
]

ip_address {
subnet_id = “${var.subnet-inbound}”
}

ip_address {
subnet_id = “${var.subnet-inbound-2}”

}

resource “aws_route53_resolver_endpoint” “eks-resolver-outbound” {
name = “test-eks-dev_outboundendpoint”
direction = “OUTBOUND”

security_group_ids = [
“${var.outbound-sg}”,
]

ip_address {
subnet_id = “${var.subnet-outbound}”
}

ip_address {
subnet_id = “${var.subnet-outbound-2}”

}

output “eks-resolver” {
value = “${aws_route53_resolver_endpoint.eks-resolver.ip_address}”
}

output “eks-resolver-outbound” {
value = “${aws_route53_resolver_endpoint.eks-resolver-outbound}”
}

resource “aws_route53_resolver_rule” “double” {

domain_name = “EE3891EAE6181FEDECD789EF73FAD9C8.yl4.XX-XXXXXXX-1.eks.amazonaws.com”
name = “eks-resolver-rule”
rule_type = “FORWARD”
resolver_endpoint_id = “${aws_route53_resolver_endpoint.eks-resolver-outbound.id}”

dynamic “target_ip” {
for_each = “${aws_route53_resolver_endpoint.eks-resolver.ip_address}”

content {
    ip = target_ip.ip
 }

}
}

outthought · October 8, 2019, 11:13am

Try to use target_ip.value

resource "aws_route53_resolver_rule" "double" {

  domain_name          = "EE3891EAE6181FEDECD789EF73FAD9C8.yl4.XX-XXXXXXX-1.eks.amazonaws.com"
  name                 = "eks-resolver-rule"
  rule_type            = "FORWARD"
  resolver_endpoint_id = "${aws_route53_resolver_endpoint.eks-resolver-outbound.id}"

  dynamic "target_ip" {
    for_each = aws_route53_resolver_endpoint.eks-resolver.ip_address

    content {
      ip = target_ip.value
    }
  }
}

Dynamic block expression docs:

dhineshbabuelango · October 9, 2019, 1:56am

Thanks Robert for your response, Its working fine as expected
Could you please help to give some inputs on this topic as well

Shellscript variable to another resource in terraform Terraform

Hi All, We are planning to create a terraform resource for creating private hosted Zone and associate a load balancer to the private hosted zone but to get the load balancer name we have to run a shell script. Is there a way I can pass the output of the shell script as a variable to the private hosted zone resource.

Actually we are trying to AWS route 53 private hosted zone through terraform for a load balancer that as not created as part of terraform. So we plan to run a shell script inside a null resource and get the load balancer name and store it in terraform output, the other resource for private hosted zone creation in terraform will use this output to create private hosted zone

Topic		Replies	Views
Segregation of output in terraform Terraform	1	457	October 8, 2019
Route53 Resolver Associations, problem with my module AWS	0	1853	August 17, 2020
Is 'ingres' rule do something for aws_ec2_client_vpn_endpoint? AWS	0	179	August 3, 2023
Count or for_each not working, help please! Terraform	9	1985	March 14, 2023
How to dynamically generate NACL rule set for AWS Gateway Endpoints? Terraform	5	795	March 25, 2023

AWS EKS endpoint resolution from peered VPC

Related topics