Skip to content

fix(core): z102 extra resolver rule #345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Aug 19, 2020
Merged

fix(core): z102 extra resolver rule #345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cdcfee3
removed resolver rule creation for private domains
nachundu-amzn Aug 19, 2020
4387227
added comments
nachundu-amzn Aug 19, 2020
067e0f1
updated the bash path
nachundu-amzn Aug 19, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions reference-artifacts/upgradev117-cleanup/resolver-rule-cleanup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
#!/usr/bin/env bash

# Domain name to search for resolver rule
Domain="dept.cloud-nuage.gc.ca"

# Finds the resolver rule Id for the given domain name
function get_resolver_id() {
resolver_id=$(aws route53resolver list-resolver-rules --filters Name=DomainName,Values=$Domain --query ResolverRules[].Id --output text)
}

# Finds VPCs associated to the resolver rule Id
function get_vpc_ids() {
vpc_ids=$(aws route53resolver list-resolver-rule-associations --filters Name=ResolverRuleId,Values=$1 --query ResolverRuleAssociations[].VPCId --output json | awk '{print $1}' | tr -d '[]",')
}

# Checks association of VPCs from the resolver rule
function _checkStatus() {
while [ -n "$vpc_ids" ]
do
echo "waiting to disassociate VPCs from resolver rule $resolver_id"
sleep 5
get_vpc_ids $resolver_id
done
echo "completed disassociating VPCs from resolver rule $resolver_id"
}

# Verify and disassicate VPCs from resolver rule
function disassociate_vpc_ids() {
get_resolver_id
if [ -z "$resolver_id" ]
then
echo "Resolver rule not found with domain $Domain"
else
echo "Found resolver rule with domain $Domain... $resolver_id"
get_vpc_ids $resolver_id
if [ -z "$vpc_ids" ]
then
echo "VPCs are not associated to resolver rule $resolver_id"
else
echo "started disassociating VPCs from resolver rule $resolver_id"
for vpc_id in $vpc_ids; do
result=$(aws route53resolver disassociate-resolver-rule --resolver-rule-id ${resolver_id} --vpc-id $vpc_id)
done
_checkStatus
fi
fi
}

disassociate_vpc_ids
16 changes: 0 additions & 16 deletions src/deployments/cdk/src/common/global-options.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,22 +130,6 @@ export class GlobalOptionsDeployment extends cdk.Construct {
resolverRulesOutput.onPremRules = onPremRules;
}

// For each Private hosted Zone created in 1) above, create a Resolver rule which points to the Inbound-Endpoint-IP's
if (r53ResolverEndpoints.inboundEndpointRef && r53ResolverEndpoints.outboundEndpointRef) {
for (const [domain, _] of r53Zones.privateZoneToDomainMap.entries()) {
const rule = new Route53ResolverRule(this, `${domainToName(domain)}-phz-rule`, {
domain,
endpoint: r53ResolverEndpoints.outboundEndpointRef,
ipAddresses: r53ResolverEndpoints.inboundEndpointIps,
ruleType: 'FORWARD',
name: `${domainToName(domain)}-phz-rule`,
vpcId: vpcOutput.vpcId,
});
rule.node.addDependency(r53ResolverEndpoints);
resolverRulesOutput.inBoundRule = rule.ruleId;
}
}

// Adding VPC Inbound Endpoint to Output
if (r53ResolverEndpoints.inboundEndpointRef) {
vpcInBoundMapping.set(vpcConfig.name, r53ResolverEndpoints.inboundEndpointRef);
Expand Down