{"id":20770676,"url":"https://github.com/ably/terraform-aws-privatelink-dns","last_synced_at":"2026-03-19T17:27:04.311Z","repository":{"id":37856658,"uuid":"479353348","full_name":"ably/terraform-aws-privatelink-dns","owner":"ably","description":"Terraform Module for configuring private DNS zones \u0026 records for interacting with Ably over AWS PrivateLink","archived":false,"fork":false,"pushed_at":"2023-12-18T15:40:07.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":3,"subscribers_count":22,"default_branch":"main","last_synced_at":"2025-01-18T07:12:00.237Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ably.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-08T10:53:15.000Z","updated_at":"2022-05-11T16:22:28.000Z","dependencies_parsed_at":"2024-11-18T00:04:04.479Z","dependency_job_id":null,"html_url":"https://github.com/ably/terraform-aws-privatelink-dns","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ably%2Fterraform-aws-privatelink-dns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ably%2Fterraform-aws-privatelink-dns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ably%2Fterraform-aws-privatelink-dns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ably%2Fterraform-aws-privatelink-dns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ably","download_url":"https://codeload.github.com/ably/terraform-aws-privatelink-dns/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243104204,"owners_count":20236943,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T12:11:21.249Z","updated_at":"2025-12-16T10:36:04.817Z","avatar_url":"https://github.com/ably.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [Ably](https://www.ably.io)\n\n\\_[Ably](https://ably.com) is the platform that powers synchronized digital experiences in realtime. Whether attending an event in a virtual venue, receiving realtime financial information, or monitoring live car performance data – consumers simply expect realtime digital experiences as standard. Ably provides a suite of APIs to build, extend, and deliver powerful digital experiences in realtime for more than 250 million devices across 80 countries each month. Organizations like Bloomberg, HubSpot, Verizon, and Hopin depend on Ably’s platform to offload the growing complexity of business-critical realtime data synchronization at global scale. For more information, see the [Ably documentation](https://ably.com/documentation).\\_\n\n# Ably Privatelink DNS\nUse this module to configure custom AWS Route53 DNS Records for using Ably over AWS PrivateLink.\n**NOTE:** You need an active Ably account and will need to engage with Ably's Partner \u0026 SRE teams to make use of this module. It will also require discussions about TLS certificates.\n\nFor PrivateLink documentation, see [AWS PrivateLink](https://aws.amazon.com/privatelink)\n\n## Pre-requisites\n\nBefore you can use this module, you will need to go through some setup with your Ably account manager. This includes providing the IDs of the AWS accounts you expect to make PrivateLink connections from, and agreeing which AWS regions and availability zones you will ll be connecting from. Once you have completed that setup, you will then need to create Ably VPC Endpoints. Follow instructions [Here](https://github.com/ably/terraform-aws-privatelink). In addition to the VPC Endpoints, you will also need to create a Route53 Private Hosted zone so that this module can create DNS records for you.\nThe example folder includes a starting example for reference.\n\n## Infrastructure created by this module\n\nThis module will provision the following infrastructure:\n\n- Route53 Apex DNS Record for your chosen subdomain. Type = Alias with Latency Routing policy for the relevant AWS region. E.G. subdomain.example.com (With Latency Record for relevant AWS Region)\n- Route53 DNS record for regional DNS. Type = CNAME and points your regions VPC endpoint DNS record. E.G. eu-west-1.subdomain.example.com\n- Route53 DNS record for zonal DNS. Type = CNAME and points at your AWS Region's VPC endpoint for AWS Availability Zone. E.G. eu-west-1a.subdomain.example.com\n\n## Verifying that your DNS records and VPC Endpoint are responding to requests\n\nOnce you have successfully applied the module, you can verify that the DNS Records \u0026 VPC endpoint are working correctly by running the following curl command from within your VPC.\n\n```bash\ndig +short {Your DNS Record} # This should return DNS record information\ncurl -Iv http://{Your DNS Record}/health. # This will test your Ably VPC Endpoint Connection.\n```\nYou should receive an HTTP 200 status code with the body of the response containing the phrase 'Ably Up'.\n\nDocumentation on troubleshooting AWS Interface VPC endpoints can be found here - [Troubleshooting Interface VPC Endpoints](https://aws.amazon.com/premiumsupport/knowledge-center/connect-endpoint-service-vpc/).\n\n## Usage\n\n```terraform\nmodule \"ably_privatelink\" {\n  source                          = \"ably/terraform-aws-privatelink\"\n  version                         = \"0.1.0\"\n  vpc_id                          = \"vpc_id\"\n  ably_vpc_service_endpoint_name  = \"vpc_service_endpoint\"\n  subnet_ids                      = ['subnet_id']\n  vpc_endpoint_sg_name            = \"ably-privatelink-vpc-endpoint-sg\"\n  vpc_endpoint_sg_description     = \"Ably PrivateLink VPC Endpoint SG\"\n  https_ingress_allowed_ipv4_cidr = [\"10.0.0.0/8\"]\n  http_ingress_allowed_ipv4_cidr  = [\"10.0.0.0/8\"]\n  https_ingress_allowed_ipv6_cidr = []\n  http_ingress_allowed_ipv6_cidr  = []\n  egress_allowed_ipv4_cidr        = [\"0.0.0.0/0\"]\n  egress_allowed_ipv6_cidr        = [\"::/0\"]\n}\n\nresource \"aws_route53_zone\" \"private\" {\n  name = \"example.com\"\n  vpc {\n    vpc_id = \"Your VPC ID\"\n  }\n}\n\nmodule \"ably_privatelink_dns\" {\n  source                               = \"ably/terraform-aws-privatelink-dns\"\n  version                              = \"0.1.4\"\n  for_each                             = var.region_config\n  route53_private_zone_id              = aws_route53_zone.private.id\n  ably_vpc_endpoint_dns_entry          = module.ably_privatelink[each.key].vpc_endpoint_dns_name\n  ably_vpc_endpoint_dns_hosted_zone_id = module.ably_privatelink[each.key].vpc_endpoint_dns_hosted_zone_id\n  dns_global_record                    = \"example.com\"\n  regions                              = [each.key]\n  azs                                  = toset(each.value)\n  depends_on = [\n    module.ably_privatelink\n  ]\n}\n```\n\n Variables referenced above should be of type map(map(string))\nExample\n```terraform\nvariable \"ably_vpc_service_endpoint_name\" {\n  description = \"Map containing Ably VPC Endpoint Services\"\n  type        = map(string)\n  default = {\n    eu-west-1 = \"com.amazonaws.vpce.eu-west-1.vpce-svc-XXXXX\"\n  }\n}\n\nvariable \"region_config\" {\n  type        = map(list(string))\n  description = \"Map(list) of regional information use for the privatelink dns module\"\n  default = {\n    eu-west-1 = [\"eu-west-1a\", \"eu-west-1b\", \"eu-west-1c\"]\n  }\n}\n```\n\n## Support, feedback and troubleshooting\n\nPlease visit http://support.ably.io/ for access to our knowledgebase and to ask for any assistance.\n\nYou can also view the community reported Github issues.\n\n## Contributing\n\nFor guidance on how to contribute to this project, see [CONTRIBUTING.md](CONTRIBUTING.md).\n\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 5.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | ~\u003e 5.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_metric_alarm.privatelink_disabled_status](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |\n| [aws_route53_health_check.privatelink_disabled_status](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_health_check) | resource |\n| [aws_route53_record.ably-global](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_record.ably-regional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_record.ably-zonal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_ably_vpc_endpoint_dns_entry\"\u003e\u003c/a\u003e [ably\\_vpc\\_endpoint\\_dns\\_entry](#input\\_ably\\_vpc\\_endpoint\\_dns\\_entry) | The top level DNS entry exposed by your VPC Endpoint (Non-AZ version) | `string` | n/a | yes |\n| \u003ca name=\"input_ably_vpc_endpoint_dns_hosted_zone_id\"\u003e\u003c/a\u003e [ably\\_vpc\\_endpoint\\_dns\\_hosted\\_zone\\_id](#input\\_ably\\_vpc\\_endpoint\\_dns\\_hosted\\_zone\\_id) | Hosted Zone ID for your VPC Endpoint | `string` | n/a | yes |\n| \u003ca name=\"input_ably_vpc_service_endpoint_name\"\u003e\u003c/a\u003e [ably\\_vpc\\_service\\_endpoint\\_name](#input\\_ably\\_vpc\\_service\\_endpoint\\_name) | VPC Service endpoint to use for Cloudwatch Alarms. This will be provided by Ably. | `string` | n/a | yes |\n| \u003ca name=\"input_azs\"\u003e\u003c/a\u003e [azs](#input\\_azs) | A list of AWS Availability Zones that you have created VPC endpoints in. Used to create zonal DNS entries for PrivateLink Connections. e.g. eu-west-1a.example.com and eu-west-1b.example.com | `list(string)` | n/a | yes |\n| \u003ca name=\"input_dns_global_record\"\u003e\u003c/a\u003e [dns\\_global\\_record](#input\\_dns\\_global\\_record) | The global DNS CNAME record that you wish to use in a Private DNS Hosted Zone. This should be discussed with Ably. | `string` | n/a | yes |\n| \u003ca name=\"input_dns_global_record_ttl\"\u003e\u003c/a\u003e [dns\\_global\\_record\\_ttl](#input\\_dns\\_global\\_record\\_ttl) | TTL Value in seconds for the global DNS CNAME record that you wish to use in a Private DNS Hosted Zone. | `string` | `60` | no |\n| \u003ca name=\"input_dns_regional_record_ttl\"\u003e\u003c/a\u003e [dns\\_regional\\_record\\_ttl](#input\\_dns\\_regional\\_record\\_ttl) | TTL Value in seconds for the regional DNS CNAME record that you wish to use in a Private DNS Hosted Zone. | `string` | `60` | no |\n| \u003ca name=\"input_dns_zonal_record_ttl\"\u003e\u003c/a\u003e [dns\\_zonal\\_record\\_ttl](#input\\_dns\\_zonal\\_record\\_ttl) | TTL Value in seconds for the zonal DNS CNAME record that you wish to use in a Private DNS Hosted Zone. | `string` | `60` | no |\n| \u003ca name=\"input_regions\"\u003e\u003c/a\u003e [regions](#input\\_regions) | AWS regions to use with PrivateLink. Used to create a regional DNS entry for PrivateLink Connections. E.G. eu-west-1.example.com | `list(any)` | n/a | yes |\n| \u003ca name=\"input_route53_private_zone_id\"\u003e\u003c/a\u003e [route53\\_private\\_zone\\_id](#input\\_route53\\_private\\_zone\\_id) | ID of Route53 Private Hosted Zone to use | `string` | n/a | yes |\n\n## Outputs\n\nNo outputs.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fably%2Fterraform-aws-privatelink-dns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fably%2Fterraform-aws-privatelink-dns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fably%2Fterraform-aws-privatelink-dns/lists"}