Terraform Google Cloud DNS Module
This module makes it easy to create Google Cloud DNS zones of different types, and manage their records. It supports creating public, private, forwarding, and peering zones.
The resources/services/activations/deletions that this module will create/trigger are:
- One
google_dns_managed_zonefor the zone - Zero or more
google_dns_record_setfor the zone records
Compatibility
This module is meant for use with Terraform 0.12. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.11.x is 1.0.0.
Usage
Basic usage of this module for a private zone is as follows:
module "dns-private-zone" {
source = "terraform-google-modules/cloud-dns/google"
version = "3.0.0"
project_id = "my-project"
type = "private"
name = "example-com"
domain = "example.com."
private_visibility_config_networks = [
"https://www.googleapis.com/compute/v1/projects/my-project/global/networks/my-vpc"
]
recordsets = [
{
name = ""
type = "NS"
ttl = 300
records = [
"127.0.0.1",
]
},
{
name = "localhost"
type = "A"
ttl = 300
records = [
"127.0.0.1",
]
},
]
}
Functional examples are included in the examples directory.
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| default_key_specs_key | Object containing default key signing specifications : algorithm, key_length, key_type, kind. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config for futhers details | any | <map> |
no |
| default_key_specs_zone | Object containing default zone signing specifications : algorithm, key_length, key_type, kind. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config for futhers details | any | <map> |
no |
| description | domain description ( shown in console ) | string | "domain managed by Terraform" |
no |
| dnssec_config | Object containing : kind, non_existence, state. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config for futhers details | any | <map> |
no |
| domain | Zone domain, must end with a period. | string | n/a | yes |
| name | Zone name, must be unique within the project. | string | n/a | yes |
| private_visibility_config_networks | List of VPC self links that can see this zone. | list(string) | <list> |
no |
| project_id | Project id for the zone. | string | n/a | yes |
| recordsets | List of DNS record objects to manage, in the standard terraform dns structure. | object | <list> |
no |
| target_name_server_addresses | List of target name servers for forwarding zone. | list(string) | <list> |
no |
| target_network | Peering network. | string | "" |
no |
| type | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering'. | string | "private" |
no |
Outputs
| Name | Description |
|---|---|
| domain | The DNS zone domain. |
| name | The DNS zone name. |
| name_servers | The DNS zone name servers. |
| type | The DNS zone type. |
Requirements
These sections describe requirements for using this module.
Software
The following dependencies must be available:
- Terraform v0.12
- Terraform Provider for GCP plugin v2.14
Service Account
User or service account credentials with the following roles must be used to provision the resources of this module:
- Storage Admin:
roles/dns.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
APIs
A project with the following APIs enabled must be used to host the resources of this module:
- Google Cloud DNS API:
dns.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Contributing
Refer to the contribution guidelines for information on contributing to this module.