feat: Introduce cross-account provider configuration allowing Route53 records to be managed in a separate AWS account from the Kong deployment.

updated terraform version.

Author: rahul-infra

.github/workflows/terraform-checks.yaml

@@ -15,7 +15,7 @@ jobs:
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: "1.13.1"
+          terraform_version: "1.14.0"
 
       - name: Initialize Terraform
         id: init

.github/workflows/terraform-docs.yaml

@@ -21,7 +21,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v5
         with:
-          ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.ref }}
+          ref: ${{ github.event_name == 'pull_request' && github.head_ref || github.event.pull_request.head.ref || github.ref }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Render and Push terraform docs for main module

.pre-commit-config.yaml

@@ -20,6 +20,9 @@ repos:
           - '--args=--only=terraform_workspace_remote'
           - '--args=--only=terraform_unused_required_providers'
       - id: terraform_validate
+        args:
+          - --hook-config=--retry-once-with-cleanup=true
+        files: ^examples/
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v6.0.0
     hooks:

README.md

@@ -9,7 +9,7 @@ Terraform Module to setup Kong(OSS) in ECS with self managed EC2 instances.
 
 # Assumptions
 
-This setup assumes that the `ECS cluster` that has `Auto Scaling Group (ASG)` exist with the name `default`. If you are using different name, you can provide those in the variables section of your Terraform configuration.
+This setup assumes that the `ECS cluster` that has `Auto Scaling Group (ASG)` exist with the name `default`. If you are using different name, you can provide those in the variables section of your Terraform configuration.This module also have a provision that your hosted zone can be in same amazon account where your resources are going to create or in a different amazon account. So, if you are having hosted zone in a different account you need to pass IAM role ARN for cross-account Route53 access.
 
 ## Adding Parameters to AWS Systems Manager Parameter Store
 

examples/complete/.header.md

@@ -40,6 +40,10 @@ cpu_for_kong_task              = 512
 memory_for_kong_task           = 1024
 desired_count_for_kong_service = 2
 force_new_deployment           = true
+postgres_engine_version        = 16.3
+postgres_major_engine_version  = 16
+route53_assume_role_arn        = arn:aws:iam::aws-account-id:role/role-name
+region                         = us-east-1
 ```
 
 Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.

examples/complete/README.md

@@ -1,4 +1,28 @@
 <!-- BEGIN_TF_DOCS -->
+# Complete Example
+
+This example demonstrates a **production-ready Kong deployment** with all configurable options, including RDS settings, ECS task configuration, monitoring, and cross-account Route53 support.
+
+## Use Case
+
+Use this example when you need:
+- Full control over RDS database configuration (instance class, storage, backup retention, multi-AZ, etc.)
+- Custom ECS task settings (CPU, memory, logging)
+- Performance insights and monitoring
+- Production-grade setup with deletion protection and backups
+- Flexible Route53 DNS configuration (same-account or cross-account)
+
+## Key Features
+
+- Comprehensive RDS PostgreSQL configuration with performance insights
+- Multi-AZ deployment support for high availability
+- Customizable ECS task resources and logging
+- SSL/TLS configuration with custom SSL policies
+- Cross-account Route53 support via assume role
+- Production backup and maintenance windows
+
+## Usage
+
 ### Example Variable Values
 
 Here is an example of how to define the variable values in your `terraform.tfvars` file:

examples/complete/main.tf

@@ -1,6 +1,24 @@
+provider "aws" {
+  region = var.region
+}
+
+provider "aws" {
+  alias  = "cross_account_provider"
+  region = var.region
+  assume_role {
+    role_arn = var.route53_assume_role_arn
+  }
+}
+
+
 module "kong" {
   source = "../../"
 
+  providers = {
+    aws                        = aws
+    aws.cross_account_provider = aws.cross_account_provider
+  }
+
   vpc_id                  = var.vpc_id
   public_subnet_ids       = var.public_subnet_ids
   private_subnet_ids      = var.private_subnet_ids
@@ -30,4 +48,5 @@ module "kong" {
   force_new_deployment           = var.force_new_deployment
   postgres_engine_version        = var.postgres_engine_version
   postgres_major_engine_version  = var.postgres_major_engine_version
+  route53_assume_role_arn        = var.route53_assume_role_arn
 }

examples/complete/variables.tf

@@ -132,3 +132,13 @@ variable "postgres_major_engine_version" {
   description = "The major version of the Postgres engine"
   type        = number
 }
+
+variable "route53_assume_role_arn" {
+  description = "IAM role ARN for cross-account Route53 access."
+  type        = string
+}
+
+variable "region" {
+  description = "The AWS region"
+  type        = string
+}

examples/complete/versions.tf

@@ -1,3 +1,10 @@
 terraform {
   required_version = ">= 1.13.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 6.0"
+    }
+  }
 }

examples/cross-accout/.header.md

@@ -0,0 +1,15 @@
+### Example Variable Values
+
+Here is an example of how to define the variable values in your `terraform.tfvars` file:
+
+```hcl
+vpc_id                  = "vpc-12345678"
+public_subnet_ids       = ["subnet-abcdef01", "subnet-abcdef02"]
+private_subnet_ids      = ["subnet-abcdef03", "subnet-abcdef04"]
+kong_public_domain_name = "api.example.com"
+kong_admin_domain_name  = "admin-api.example.com"
+region                  = "us-east-1"
+route53_assume_role_arn = "arn:aws:iam::account-id:role/role-id"
+```
+
+Place this `terraform.tfvars` file in the same directory as your Terraform configuration to automatically load these values. Adjust the values as needed to fit your specific environment and requirements.