Comments (6)
Yes, the authorization is just for illustration only (if you were to create everything in Terraform) and that probably don't need to be imported if already handled outside Terraform. What's more important is the the zone association should be imported in the context of account B, not account A. So you might need to supply a provider
argument for account B to the import
block, and have a separate aws_route53_zone_association
resource for the association that belong to account B.
from terraform-provider-aws.
@acwwat Great, thank you for the guidance. I'm going to mess around more with this and report back findings. I've already pulled the resources into different groups or organizational sanity purposes prior to filing this issue. Trying to correct the sins of pre-Terraform adoption, I figured it'd be good to do. This will be our first stack with multiple provider
definitions going across different accounts, so need to figure that out.
from terraform-provider-aws.
Community Note
Voting for Prioritization
- Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
- Please see our prioritization guide for information on how we prioritize.
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
- If you are interested in working on this issue, please leave a comment.
- If this would be your first contribution, please review the contribution guide.
from terraform-provider-aws.
Additionally, running aws route53 get-hosted-zone --id ZEXAMPLEZONE
shows that the VPC(s) from the other account are, in fact, associated with this zone. The ID displayed there is no different than the one used in the Terraform import statement. Output:
{
"HostedZone": {
"Id": "/hostedzone/ZEXAMPLEZONE",
"Name": "foo.bar.com.",
"CallerReference": "<guid>",
"Config": {
"Comment": "Internal hosts",
"PrivateZone": true
},
"ResourceRecordSetCount": 118
},
"VPCs": [
{
"VPCRegion": "us-west-2",
"VPCId": "vpc-0123456789abcdef0"
},
...
]
}
I also tried a "naked" ID (e.g. vpc-0123456789abcdef0
) and a "fully-qualified" ID (e.g. ZEXAMPLEZONE:vpc-0123456789abcdef0:us-west-2
), but these don't work either, with the former giving a format error as expected.
from terraform-provider-aws.
I could be wrong, but based on the example usage provided in the aws_route53_vpc_association_authorization
resource doc, it seems that the aws_route53_zone_association
object is supposed to be associated with the account which owns the VPC. I created a little diagram to illustrate it - account A owns the hosted zone and account B owns the VPC to be associated with the hosted zone.
Based on this, I suspect that the import
should be associated with a provider for the account that owns the VPC.
from terraform-provider-aws.
Thanks @acwwat for the references. Indeed, that's how those associations were created in the first place. However since these are import
blocks, I would expect that the authorization step is not required since the association already exists. The AWS CLI nor the Console provides no details as to what the foreign VPC account ID.
from terraform-provider-aws.
Related Issues (20)
- [Enhancement]: deprecate `block_duration_minutes` from `aws_spot_instance_request` resource HOT 1
- [Enhancement]: Allow configuration of RDS `EngineLifecycleSupport` HOT 1
- [Bug]: aws_ssm_patch_group can not contain multiple patch baselines HOT 5
- [Enhancement]: Allow cross-account attachment references in aws_globalaccelerator_endpoint_group endpoint configuration HOT 1
- [Bug]: cannot create aws_ce_anomaly_monitor when in linked account that does not have access to cost alocation tags HOT 4
- [Enhancement]: aws_securityhub_automation_rule resource doesn't support "ProductionFields" criteria HOT 1
- [Bug]: Terraform wants to replace the instance if it was just stopped HOT 1
- [New Resource]: Add support for Grafana Service Account and Token HOT 4
- [Bug]: Assume Role Renewal happens exactly around expiration, causes some waitFor* operations to error due to expiration HOT 1
- [Enhancement]: Expand aws_msk_cluster data_source block to include SecurityGroups and ClientSubnets HOT 1
- [Enhancement]: Implement `ListTags` for Lightsail resources HOT 4
- [Docs]: add more details for name on resource: aws_s3_access_point HOT 1
- [Enhancement]: Add support for Performance Insights and Enhanced monitoring to the aws_rds_cluster resource HOT 2
- [Bug]: aws_pipes_pipe > target_parameters > ecs_task_parameters > overrides > container_override > name is not optional HOT 2
- [Enhancement]: SageMaker EndpointConfig VpcConfig and ExecutionRoleArn supports HOT 1
- [Bug]: The aws_lambda_function data source always returns -1 for reserved_concurrent_executions. HOT 2
- [Bug]: Different default value for `aws_codebuild_project.git_clone_depth` HOT 1
- [New Service]: AWS Backup Restore Testing HOT 2
- [Bug]: Unable to create new domains via aws_route53domains_registered_domain HOT 2
- [New Data Source]: DataSource for aws_transfer_connector HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-aws.