Github Repo : https://github.com/dongkoony/BootGenie_AWS_Terraform
I’m using Terraform to provision AWS resources and have organized my setup into modules. The resources I’m creating include EC2, VPC, ALB, CloudFront, WAFv2, and Route 53. Here is a brief overview of my directory structure and the main.tf file
Directory Structure:
.
├── modules
│ ├── acm
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── alb
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── cloudfront
│ │ ├── main.tf
│ │ └── variables.tf
│ ├── ec2
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── jenkins
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── route53
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ ├── vpc
│ │ ├── main.tf
│ │ ├── outputs.tf
│ │ └── variables.tf
│ └── wafv2
│ ├── main.tf
│ ├── outputs.tf
│ └── variables.tf
├── script
│ ├── app_instance_docker.sh
│ ├── change_ssh_port.sh
│ ├── get_jenkins_password.sh
│ └── jenkins_container.sh
├── .gitignore
├── .terraform.lock.hcl
├── jenkins.tf
├── LICENSE
├── main.tf
├── outputs.tf
├── README.md
├── terraform.tfstate
├── terraform.tfstate.backup
├── terraform.tfvars
└── variables.tf
main.tf:
provider "aws" {
region = local.region
}
locals {
region = "ap-northeast-2"
domain_name = "donghyeonporfol.site"
}
# VPC module
module "vpc" {
source = "./modules/vpc"
vpc_name = var.vpc_name
vpc_cidr = var.vpc_cidr
availability_zones = var.availability_zones
public_subnet_cidrs = var.public_subnet_cidrs
private_subnet_cidrs = var.private_subnet_cidrs
}
# ALB module (initially HTTP only)
module "alb" {
source = "./modules/alb"
name_prefix = var.name_prefix
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnet_ids
certificate_arn = data.aws_acm_certificate.selected.arn
tags = var.tags
}
# EC2 module
module "ec2" {
source = "./modules/ec2"
name_prefix = var.name_prefix
ami = var.ami
instance_type = var.instance_type
associate_public_ip_address = true
vpc_id = module.vpc.vpc_id
ingress_rules = var.ingress_rules
key_name = var.key_name
user_data = var.user_data
root_volume_size = var.root_volume_size
tags = var.tags
availability_zones = var.availability_zones
subnet_id = module.vpc.public_subnet_ids
app_instance_count = var.app_instance_count
web_instance_count = var.web_instance_count
web_target_group_arn = module.alb.web_target_group_arn
app_target_group_arn = module.alb.app_target_group_arn
depends_on = [module.alb]
}
# Route 53 module
module "route53" {
source = "./modules/route53"
domain_name = local.domain_name
alb_dns_name = module.alb.alb_dns_name
alb_zone_id = module.alb.alb_zone_id
depends_on = [module.alb, module.ec2]
}
# ACM certificate creation and validation
module "acm" {
source = "./modules/acm"
domain_name = local.domain_name
route53_zone_id = module.route53.zone_id # Route53 module must output zone_id
ttl = var.ttl
depends_on = [module.route53]
}
# Add ALB HTTPS listener
resource "aws_lb_listener" "https" {
load_balancer_arn = module.alb.alb_arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = module.acm.acm_certificate_arn
default_action {
type = "forward"
target_group_arn = module.alb.web_target_group_arn
}
depends_on = [module.acm]
}
# <-------------------------------WAFv2 testing------------------------------->
# WAF module
# module "waf" {
# source = "./modules/wafv2"
# waf_prefix = var.waf_prefix
# waf_ip_sets = var.waf_ip_sets
# managed_rules = var.managed_rules
# environment = var.environment
# project = var.project
# waf_ip_set_name = "default-ip-set"
# waf_ip_set_description = "Default IP set for WAF"
# waf_ip_set_addresses = var.waf_ip_sets
# waf_web_acl_name = "${var.waf_prefix}-web-acl"
# waf_web_acl_description = "Web ACL for ${var.waf_prefix}"
# waf_web_acl_metric_name = "${var.waf_prefix}-metric"
# scope = "CLOUDFRONT"
# tags = var.tags
# }
# CloudFront module
# module "cloudfront" {
# source = "./modules/cloudfront"
# origin_domain_name = var.origin_domain_name
# origin_id = var.origin_id
# target_origin_id = var.target_origin_id
# web_acl_id = module.waf.web_acl_arn # Using WAF module's web ACL ARN
# environment = var.environment
# project = var.project
# }
The problem I’m encountering is that the Route 53 zone is being created twice. Once initially and then another time after the EC2 instances are created, resulting in two Route 53 zones.
I’m considering creating a separate route53.tf file and running terraform apply again after all the resources are created. However, I’m not sure if this is the best approach.
I expected the Route 53 zone to be created only once. However, it is being created twice – once initially and then again after the EC2 instances are created.
Questions:
- Why is the Route 53 zone being created twice?
- Is separating the Route 53 configuration into its own
.tffile and applying it afterward a good practice? - How can I ensure that the Route 53 zone is only created once without having to run
terraform applytwice?
Any insights or suggestions would be greatly appreciated. Thank you!
New contributor
donghyeonshin is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.