Add support for creating temporary aws_route53_vpc_association_authorization #25438
Labels
enhancement
Requests to existing resources that expand the functionality or scope.
service/route53
Issues and PRs that pertain to the route53 service.
Community Note
Description
AWS recommends deleting Route53 VPC association authorizations after the DNS zone has been associated with the VPC, but this is difficult to do with Terraform's resource management model.
While there's not apparent or immediate danger to keeping the authorization around, it still bears a potential security risk when the VPC ID gets reused later. It might also cause an issue when the association is deleted unilaterally and reassociation should be prevented.
New or Affected Resource(s)
Potential Terraform Configuration
This is what's currently required, with the authorization being left over:
aws.local_account
is a provider config for the AWS account that contains the private DNS zone.aws_route53_zone.local.id
is the ID of the zone.aws.central_account
is a provider config for the AWS account that contains the VPC where the private zone should be associated.aws_vpc.central.id
is the ID of the VPC.By consolidating the two API calls into one resource, it may be possible to immediately delete the authorization after creating the association:
References
The text was updated successfully, but these errors were encountered: