terraform-google-cloud-dns
terraform-google-cloud-dns copied to clipboard
Creates and manages Cloud DNS public or private zones and their records
Terraform Google Cloud DNS Module
This module makes it easy to create Google Cloud DNS zones of different types, and manage their records. It supports creating public, private, forwarding, peering, reverse_lookup and service directory zones.
The resources/services/activations/deletions that this module will create/trigger are:
- One
google_dns_managed_zone
for the zone - Zero or more
google_dns_record_set
for the zone records
Compatibility
This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v3.1.0.
Usage
Basic usage of this module for a private zone is as follows:
module "dns-private-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "4.0"
project_id = "my-project"
type = "private"
name = "example-com"
domain = "example.com."
private_visibility_config_networks = [
"https://www.googleapis.com/compute/v1/projects/my-project/global/networks/my-vpc"
]
recordsets = [
{
name = ""
type = "NS"
ttl = 300
records = [
"127.0.0.1",
]
},
{
name = "localhost"
type = "A"
ttl = 300
records = [
"127.0.0.1",
]
},
]
}
Functional examples are included in the examples directory.
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
default_key_specs_key | Object containing default key signing specifications : algorithm, key_length, key_type, kind. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone#dnssec_config for futhers details | any |
{} |
no |
default_key_specs_zone | Object containing default zone signing specifications : algorithm, key_length, key_type, kind. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone#dnssec_config for futhers details | any |
{} |
no |
description | zone description (shown in console) | string |
"Managed by Terraform" |
no |
dnssec_config | Object containing : kind, non_existence, state. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone#dnssec_config for futhers details | any |
{} |
no |
domain | Zone domain, must end with a period. | string |
n/a | yes |
enable_logging | Enable query logging for this ManagedZone | bool |
false |
no |
force_destroy | Set this true to delete all records in the zone. | bool |
false |
no |
labels | A set of key/value label pairs to assign to this ManagedZone | map(any) |
{} |
no |
name | Zone name, must be unique within the project. | string |
n/a | yes |
private_visibility_config_networks | List of VPC self links that can see this zone. | list(string) |
[] |
no |
project_id | Project id for the zone. | string |
n/a | yes |
recordsets | List of DNS record objects to manage, in the standard terraform dns structure. | list(object({ |
[] |
no |
service_namespace_url | The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id} or simply projects/{project}/locations/{location}/namespaces/{namespace_id}. | string |
"" |
no |
target_name_server_addresses | List of target name servers for forwarding zone. | list(map(any)) |
[] |
no |
target_network | Peering network. | string |
"" |
no |
type | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'reverse_lookup' and 'service_directory'. | string |
"private" |
no |
Outputs
Name | Description |
---|---|
domain | The DNS zone domain. |
name | The DNS zone name. |
name_servers | The DNS zone name servers. |
type | The DNS zone type. |
Requirements
These sections describe requirements for using this module.
Software
The following dependencies must be available:
- Terraform >= 0.13.0
- Terraform Provider for GCP plugin >= v4.40
Service Account
User or service account credentials with the following roles must be used to provision the resources of this module:
- DNS Administrator:
roles/dns.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
APIs
A project with the following APIs enabled must be used to host the resources of this module:
- Google Cloud DNS API:
dns.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Contributing
Refer to the contribution guidelines for information on contributing to this module.