From 5b304c7eacc424289aefe6d259d8f4a8b28f8218 Mon Sep 17 00:00:00 2001 From: milldr Date: Fri, 18 Oct 2024 16:56:55 -0400 Subject: [PATCH 1/4] Deploy `dns-delegated` globally for AWS account consistency --- docs/layers/network/faq.mdx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/layers/network/faq.mdx b/docs/layers/network/faq.mdx index 3f6840a5c..536c58a73 100644 --- a/docs/layers/network/faq.mdx +++ b/docs/layers/network/faq.mdx @@ -95,6 +95,16 @@ domains are configured with CNAME (or apex alias) records to point to service do The architecture does not support other configurations, or non-standard component names. +## Why should the `dns-delegated` component be deployed globally rather than regionally? + +The `dns-delegated` component is designed to manage resources across all regions within an AWS account, such as with Route 53 DNS records. Deploying it at the regional level can lead to conflicts because it implies multiple deployments per account, which would cause Terraform to fight for control over the same resources. + +Although the `gbl` (“global”) region is not a real AWS region, it is used as a placeholder to signify that resources are meant to be managed globally, not regionally. Deploying `dns-delegated` globally ensures there is a single source of truth for these DNS records within the account. + +Deploying this component regionally can cause issues, especially if multiple regional stacks try to manage the same DNS records. This creates an anti-pattern where resources meant to be global are unintentionally duplicated, leading to configuration drift and unexpected behavior. + +For users needing to deploy “global” components to a specific AWS region, you can set `overridable_global_environment_name` to the desired environment (e.g., `use1`), which allows all “global” components to be deployed consistently without creating regional conflicts. + ## How is the EKS network configured? EKS network is designed with this network and DNS architecture in mind, but is another complex topic. For more, see the From 13c17c5916f1d5277f83e762e31c0ffbf930b029 Mon Sep 17 00:00:00 2001 From: milldr Date: Fri, 18 Oct 2024 17:05:34 -0400 Subject: [PATCH 2/4] Add link to global region definition in FAQ network layer --- docs/layers/network/faq.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/layers/network/faq.mdx b/docs/layers/network/faq.mdx index 536c58a73..8b001ec55 100644 --- a/docs/layers/network/faq.mdx +++ b/docs/layers/network/faq.mdx @@ -103,7 +103,7 @@ Although the `gbl` (“global”) region is not a real AWS region, it is used as Deploying this component regionally can cause issues, especially if multiple regional stacks try to manage the same DNS records. This creates an anti-pattern where resources meant to be global are unintentionally duplicated, leading to configuration drift and unexpected behavior. -For users needing to deploy “global” components to a specific AWS region, you can set `overridable_global_environment_name` to the desired environment (e.g., `use1`), which allows all “global” components to be deployed consistently without creating regional conflicts. +Please see the [global (Default) region](https://docs.cloudposse.com/learn/conventions/#global-default-region) definition for more on `gbl` as a convention. ## How is the EKS network configured? From c69972ec32070ec1d9e46a64e7d2a10dc64410c8 Mon Sep 17 00:00:00 2001 From: milldr Date: Fri, 18 Oct 2024 17:05:57 -0400 Subject: [PATCH 3/4] Update link to global region definition in FAQ --- docs/layers/network/faq.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/layers/network/faq.mdx b/docs/layers/network/faq.mdx index 8b001ec55..c9cf36a6a 100644 --- a/docs/layers/network/faq.mdx +++ b/docs/layers/network/faq.mdx @@ -103,7 +103,7 @@ Although the `gbl` (“global”) region is not a real AWS region, it is used as Deploying this component regionally can cause issues, especially if multiple regional stacks try to manage the same DNS records. This creates an anti-pattern where resources meant to be global are unintentionally duplicated, leading to configuration drift and unexpected behavior. -Please see the [global (Default) region](https://docs.cloudposse.com/learn/conventions/#global-default-region) definition for more on `gbl` as a convention. +Please see the [global (default) region](https://docs.cloudposse.com/learn/conventions/#global-default-region) definition for more on `gbl` as a convention. ## How is the EKS network configured? From 930b32964eda891a410c1cdccff31d01d4098124 Mon Sep 17 00:00:00 2001 From: milldr Date: Fri, 18 Oct 2024 17:06:26 -0400 Subject: [PATCH 4/4] Update link to global region definition in FAQ --- docs/layers/network/faq.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/layers/network/faq.mdx b/docs/layers/network/faq.mdx index c9cf36a6a..9d3c87e4e 100644 --- a/docs/layers/network/faq.mdx +++ b/docs/layers/network/faq.mdx @@ -103,7 +103,7 @@ Although the `gbl` (“global”) region is not a real AWS region, it is used as Deploying this component regionally can cause issues, especially if multiple regional stacks try to manage the same DNS records. This creates an anti-pattern where resources meant to be global are unintentionally duplicated, leading to configuration drift and unexpected behavior. -Please see the [global (default) region](https://docs.cloudposse.com/learn/conventions/#global-default-region) definition for more on `gbl` as a convention. +Please see the [global (default) region](/learn/conventions/#global-default-region) definition for more on `gbl` as a convention. ## How is the EKS network configured?