Added option to define whether route53 records are created or not. (#46)

* Added a new variable to enable or disable creation of route53 records * conditional creation of websites route53 records * Outputs updated to reflect amendments to route53 record related resources * Corrected new variable name * route53 record related outputs now return null when records haven't been created * readme updated * fied incorrect return type on updated output * formatting Co-authored-by: Ian Shaw <ian.shaw@digitaltactics.co.uk>
cn-terraform · Dec 6, 2022 · 6a396ab · 6a396ab
1 parent 48a249c
commit 6a396ab
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -95,6 +95,7 @@ In order to run all checks at any point run the following command:
 | <a name="input_comment_for_cloudfront_website"></a> [comment\_for\_cloudfront\_website](#input\_comment\_for\_cloudfront\_website) | Comment for the Website CloudFront Distribution | `string` | `""` | no |
 | <a name="input_create_acm_certificate"></a> [create\_acm\_certificate](#input\_create\_acm\_certificate) | Enable or disable automatic ACM certificate creation. If set to false, the variable acm\_certificate\_arn\_to\_use is required. Defaults to true | `bool` | `true` | no |
 | <a name="input_create_route53_hosted_zone"></a> [create\_route53\_hosted\_zone](#input\_create\_route53\_hosted\_zone) | Enable or disable Route 53 hosted zone creation. If set to false, the variable route53\_hosted\_zone\_id is required. Defaults to true | `bool` | `true` | no |
+| <a name="input_create_route53_website_records"></a> [create\_route53\_website\_records](#input\_create\_route53\_website\_records) | Enable or disable creation of Route 53 records in the hosted zone. Defaults to true | `bool` | `true` | no |
 | <a name="input_is_ipv6_enabled"></a> [is\_ipv6\_enabled](#input\_is\_ipv6\_enabled) | (Optional) - Whether the IPv6 is enabled for the distribution. Defaults to true | `bool` | `true` | no |
 | <a name="input_log_bucket_force_destroy"></a> [log\_bucket\_force\_destroy](#input\_log\_bucket\_force\_destroy) | (Optional, Default:false) A boolean that indicates all objects (including any locked objects) should be deleted from the log bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no |
 | <a name="input_log_bucket_versioning_mfa_delete"></a> [log\_bucket\_versioning\_mfa\_delete](#input\_log\_bucket\_versioning\_mfa\_delete) | (Optional) Specifies whether MFA delete is enabled in the bucket versioning configuration. Valid values: Enabled or Disabled. Defaults to Disabled | `string` | `"Disabled"` | no |

diff --git a/outputs.tf b/outputs.tf
@@ -129,22 +129,22 @@ output "hosted_zone_tags_all" {
 
 output "route_53_record_website_name" {
   description = "The name of the record."
-  value       = aws_route53_record.website_cloudfront_record.name
+  value       = var.create_route53_website_records == true ? aws_route53_record.website_cloudfront_record[0].name : null
 }
 
 output "route_53_record_website_fqdn" {
   description = "FQDN built using the zone domain and name."
-  value       = aws_route53_record.website_cloudfront_record.fqdn
+  value       = var.create_route53_website_records == true ? aws_route53_record.website_cloudfront_record[0].fqdn : null
 }
 
 output "route_53_record_www_website_name" {
   description = "The name of the record."
-  value       = aws_route53_record.www_website_record.name
+  value       = var.create_route53_website_records == true ? aws_route53_record.www_website_record[0].name : null
 }
 
 output "route_53_record_www_website_fqdn" {
   description = "FQDN built using the zone domain and name."
-  value       = aws_route53_record.www_website_record.fqdn
+  value       = var.create_route53_website_records == true ? aws_route53_record.www_website_record[0].fqdn : null
 }
 
 #------------------------------------------------------------------------------

diff --git a/variables.tf b/variables.tf
@@ -261,6 +261,12 @@ variable "route53_hosted_zone_id" {
   default     = ""
 }
 
+variable "create_route53_website_records" {
+  description = "Enable or disable creation of Route 53 records in the hosted zone. Defaults to true"
+  type        = bool
+  default     = true
+}
+
 #------------------------------------------------------------------------------
 # ACM Certificate
 #------------------------------------------------------------------------------

diff --git a/website.tf b/website.tf
@@ -233,6 +233,8 @@ resource "aws_cloudfront_distribution" "website" { # tfsec:ignore:AWS045
 resource "aws_route53_record" "website_cloudfront_record" {
   provider = aws.main
 
+  count = var.create_route53_website_records ? 1 : 0
+
   zone_id = var.create_route53_hosted_zone ? aws_route53_zone.hosted_zone[0].zone_id : var.route53_hosted_zone_id
   name    = local.website_bucket_name
   type    = "A"
@@ -247,6 +249,8 @@ resource "aws_route53_record" "website_cloudfront_record" {
 resource "aws_route53_record" "www_website_record" {
   provider = aws.main
 
+  count = var.create_route53_website_records ? 1 : 0
+
   zone_id = var.create_route53_hosted_zone ? aws_route53_zone.hosted_zone[0].zone_id : var.route53_hosted_zone_id
   name    = local.www_website_bucket_name
   type    = "A"