data/aws: create an api-int dns name

wired to the same load balancer. But does mean you can change the certs
and CA for the apiserver on the public name, but let us continue to own
certs for the -int name.

Author: eparis

data/data/aws/route53/base.tf

@@ -30,6 +30,18 @@ resource "aws_route53_record" "api_external" {
 }
 
 resource "aws_route53_record" "api_internal" {
+  zone_id = "${aws_route53_zone.int.zone_id}"
+  name    = "api-int.${var.cluster_domain}"
+  type    = "A"
+
+  alias {
+    name                   = "${var.api_internal_lb_dns_name}"
+    zone_id                = "${var.api_internal_lb_zone_id}"
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "api_external_internal_zone" {
   zone_id = "${aws_route53_zone.int.zone_id}"
   name    = "api.${var.cluster_domain}"
   type    = "A"