From 353cc94f788ab78b995b1063b3a87501bbff6dd7 Mon Sep 17 00:00:00 2001 From: Dan Miller Date: Fri, 18 Oct 2024 17:07:30 -0400 Subject: [PATCH] feat: FAQ for `dns-delegated` `gbl` deployment (#710) --- docs/layers/network/faq.mdx | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/layers/network/faq.mdx b/docs/layers/network/faq.mdx index 3f6840a5c..9d3c87e4e 100644 --- a/docs/layers/network/faq.mdx +++ b/docs/layers/network/faq.mdx @@ -95,6 +95,16 @@ domains are configured with CNAME (or apex alias) records to point to service do The architecture does not support other configurations, or non-standard component names. +## Why should the `dns-delegated` component be deployed globally rather than regionally? + +The `dns-delegated` component is designed to manage resources across all regions within an AWS account, such as with Route 53 DNS records. Deploying it at the regional level can lead to conflicts because it implies multiple deployments per account, which would cause Terraform to fight for control over the same resources. + +Although the `gbl` (“global”) region is not a real AWS region, it is used as a placeholder to signify that resources are meant to be managed globally, not regionally. Deploying `dns-delegated` globally ensures there is a single source of truth for these DNS records within the account. + +Deploying this component regionally can cause issues, especially if multiple regional stacks try to manage the same DNS records. This creates an anti-pattern where resources meant to be global are unintentionally duplicated, leading to configuration drift and unexpected behavior. + +Please see the [global (default) region](/learn/conventions/#global-default-region) definition for more on `gbl` as a convention. + ## How is the EKS network configured? EKS network is designed with this network and DNS architecture in mind, but is another complex topic. For more, see the