Skip to content

Latest commit

 

History

History
262 lines (212 loc) · 15.1 KB

File metadata and controls

262 lines (212 loc) · 15.1 KB

Azure Private DNS Resolver

Changelog Notice Apache V2 License OpenTofu Registry

This Terraform module creates an Azure Private DNS Resolver.

Global versioning rule for Claranet Azure modules

Module version Terraform version OpenTofu version AzureRM version
>= 8.x.x Unverified 1.8.x >= 4.0
>= 7.x.x 1.3.x >= 3.0
>= 6.x.x 1.x >= 3.0
>= 5.x.x 0.15.x >= 2.0
>= 4.x.x 0.13.x / 0.14.x >= 2.0
>= 3.x.x 0.12.x >= 2.0
>= 2.x.x 0.12.x < 2.0
< 2.x.x 0.11.x < 2.0

Contributing

If you want to contribute to this repository, feel free to use our pre-commit git hook configuration which will help you automatically update and format some files for you by enforcing our Terraform code module best-practices.

More details are available in the CONTRIBUTING.md file.

Usage

This module is optimized to work with the Claranet terraform-wrapper tool which set some terraform variables in the environment needed by this module. More details about variables set by the terraform-wrapper available in the documentation.

⚠️ Since modules version v8.0.0, we do not maintain/check anymore the compatibility with Hashicorp Terraform. Instead, we recommend to use OpenTofu.

locals {
  my_vnet_cidr = "10.0.34.0/25"
  # my_subnets_cidrs = cidrsubnets(local.my_vnet_cidr, 2, 2, 2, 2)

  vnets_cidrs_to_be_linked = cidrsubnets("172.16.34.0/25", 3, 3, 3, 3, 3, 3, 3, 3)

  private_dns_resolver_vnet_cidr     = "192.168.34.0/25"
  private_dns_resolver_subnets_cidrs = cidrsubnets(local.private_dns_resolver_vnet_cidr, 2, 2, 2, 2)
}

module "my_vnet" {
  source  = "claranet/vnet/azurerm"
  version = "x.x.x"

  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  client_name    = var.client_name
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.name

  custom_name = "my-vnet"

  cidrs = [local.my_vnet_cidr]
}

module "vnets_to_be_linked" {
  source  = "claranet/vnet/azurerm"
  version = "x.x.x"

  count = length(local.vnets_cidrs_to_be_linked)

  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  client_name    = var.client_name
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.name

  name_suffix = format("%02s", count.index + 1)

  cidrs = [element(local.vnets_cidrs_to_be_linked, count.index)]
}

module "private_dns_resolver" {
  source  = "claranet/private-dns-resolver/azurerm"
  version = "x.x.x"

  location       = module.azure_region.location
  location_short = module.azure_region.location_short
  client_name    = var.client_name
  environment    = var.environment
  stack          = var.stack

  resource_group_name = module.rg.name

  ## Bring Your Own VNet
  # If set, `virtual_network_id` will not be used
  # virtual_network_id = module.my_vnet.id

  virtual_network_cidr = local.private_dns_resolver_vnet_cidr

  inbound_endpoints = [
    {
      name = "foo"
      cidr = local.private_dns_resolver_subnets_cidrs[0]
      # cidr = local.my_subnets_cidrs[0]
    },
    {
      name        = "bar"
      custom_name = "inbound-endpoint"
      cidr        = local.private_dns_resolver_subnets_cidrs[1]
      # cidr      = local.my_subnets_cidrs[1]
      default_outbound_access_enabled = true
    },
  ]

  outbound_endpoints = [
    {
      name        = "foo"
      custom_name = "outbound-endpoint"
      cidr        = local.private_dns_resolver_subnets_cidrs[2]
      # cidr      = local.my_subnets_cidrs[2]
    },
    {
      name               = "bar"
      subnet_custom_name = "bar-outbound-endpoint-subnet"
      cidr               = local.private_dns_resolver_subnets_cidrs[3]
      # cidr             = local.my_subnets_cidrs[3]
    },
  ]

  dns_forwarding_rulesets = [
    # Virtual Networks cannot be linked to multiple forwarding ruleset
    # Therefore, keep in mind that the first ruleset is the default one because the Virtual Network of the Private DNS Resolver is linked to this ruleset
    {
      name        = "foo"
      custom_name = "forwarding-ruleset"

      # Ref to the first outbound endpoint
      target_outbound_endpoints = ["foo"]

      virtual_networks_ids = slice(module.vnets_to_be_linked[*].id, 0, 4)

      rules = [
        {
          name            = "a"
          domain_name     = "a.foo.bar.com."
          dns_servers_ips = ["1.1.1.1", "2.2.2.2"]
        },
        {
          name            = "b"
          domain_name     = "b.foo.bar.com."
          dns_servers_ips = ["3.3.3.3"]
        },
      ]
    },
    {
      name = "bar"

      # Ref to all outbound endpoints
      # Can be an outbound endpoint ID, in case you want to use this DNS forwarding ruleset with an existing outbound endpoint
      target_outbound_endpoints = [
        "foo",
        "bar",
        # "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1/providers/Microsoft.Network/dnsResolvers/dnsResolver1/outboundEndpoints/outboundEndpoint1",
      ]

      virtual_networks_ids = slice(module.vnets_to_be_linked[*].id, 4, 8)

      rules = [
        {
          name            = "c"
          domain_name     = "c.foo.bar.com."
          dns_servers_ips = ["4.4.4.4"]
        },
        {
          name            = "d"
          domain_name     = "d.foo.bar.com."
          dns_servers_ips = ["5.5.5.5"]
        },
      ]
    },
  ]
}

Providers

Name Version
azurecaf ~> 1.2.28
azurerm ~> 4.0

Modules

Name Source Version
subnets claranet/subnet/azurerm ~> 8.0.0
vnet claranet/vnet/azurerm ~> 8.0.0

Resources

Name Type
azurerm_private_dns_resolver.main resource
azurerm_private_dns_resolver_dns_forwarding_ruleset.main resource
azurerm_private_dns_resolver_forwarding_rule.main resource
azurerm_private_dns_resolver_inbound_endpoint.main resource
azurerm_private_dns_resolver_outbound_endpoint.main resource
azurerm_private_dns_resolver_virtual_network_link.main resource
azurecaf_name.dns_forwarding_rulesets data source
azurecaf_name.forwarding_rules data source
azurecaf_name.inbound_endpoints data source
azurecaf_name.outbound_endpoints data source
azurecaf_name.private_dns_resolver data source

Inputs

Name Description Type Default Required
client_name Client name/account used in naming. string n/a yes
custom_name Custom Private DNS Resolver name, generated if not set. string "" no
default_tags_enabled Option to enable or disable default tags. bool true no
dns_forwarding_rulesets List of DNS forwarding ruleset objects. The first DNS forwarding ruleset in the list is the default one because the Virtual Network of the Private DNS Resolver is linked to it.
name                      = Short DNS forwarding ruleset name, used to generate the DNS forwarding ruleset resource name.
custom_name = Custom DNS forwarding ruleset name, overrides the DNS forwarding ruleset default resource name.
target_outbound_endpoints = List of outbound endpoints to link to the DNS forwarding ruleset. Can be the short name of the outbound endpoint or an outbound endpoint ID.
virtual_networks_ids = List of Virtual Networks IDs to link to the DNS forwarding ruleset.
rules = List of forwarding rule objects that the DNS forwarding ruleset contains.
name = Short forwarding rule name, used to generate the forwarding rule resource name.
domain_name = Specifies the target domain name of the forwarding rule.
dns_servers_ips = List of target DNS servers IPs for the specified domain name.
custom_name = Custom forwarding rule name, overrides the forwarding rule default resource name.
enabled = Whether the forwarding rule is enabled or not. Default to true.
list(object({
name = string
custom_name = optional(string)
target_outbound_endpoints = optional(list(string), [])
virtual_networks_ids = optional(list(string), [])
rules = optional(list(object({
name = string
domain_name = string
dns_servers_ips = list(string)
custom_name = optional(string)
enabled = optional(bool, true)
})), [])
}))
[] no
environment Project environment. string n/a yes
extra_tags Extra tags to add. map(string) {} no
inbound_endpoints List of inbound endpoint objects.
name                            = Short inbound endpoint name, used to generate the inbound endpoint resource name.
cidr = CIDR of the inbound endpoint Subnet.
custom_name = Custom inbound endpoint name, overrides the inbound endpoint default resource name.
subnet_custom_name = Custom Subnet name, overrides the Subnet default resource name.
default_outbound_access_enabled = Enable or disable default outbound access in Azure. See documentation.
list(object({
name = string
cidr = string
custom_name = optional(string)
subnet_custom_name = optional(string)
default_outbound_access_enabled = optional(bool, false)
}))
[] no
location Azure location. string n/a yes
location_short Short string for Azure location. string n/a yes
name_prefix Optional prefix for the generated name. string "" no
name_suffix Optional suffix for the generated name. string "" no
outbound_endpoints List of outbound endpoint objects.
name                            = Short outbound endpoint name, used to generate the outbound endpoint resource name.
cidr = CIDR of the outbound endpoint Subnet.
custom_name = Custom outbound endpoint name, overrides the outbound endpoint default resource name.
subnet_custom_name = Custom Subnet name, overrides the Subnet default resource name.
default_outbound_access_enabled = Enable or disable default outbound access in Azure. See documentation.
list(object({
name = string
cidr = string
custom_name = optional(string)
subnet_custom_name = optional(string)
default_outbound_access_enabled = optional(bool, false)
}))
[] no
resource_group_name Resource Group name. string n/a yes
stack Project stack name. string n/a yes
virtual_network_cidr CIDR of the Virtual Network to create for the Private DNS Resolver. One of virtual_network_id or virtual_network_cidr must be specified. string "" no
virtual_network_custom_name Custom Virtual Network name, generated if not set. string "" no
virtual_network_id ID of the existing Virtual Network in which the Private DNS Resolver will be created. One of virtual_network_id or virtual_network_cidr must be specified. string "" no

Outputs

Name Description
dns_forwarding_rulesets Maps of Private DNS Resolver DNS forwarding rulesets.
id Private DNS Resolver ID.
inbound_endpoints Maps of Private DNS Resolver inbound endpoints.
module_subnets Subnets module outputs.
module_virtual_network Virtual Network module outputs.
name Private DNS Resolver name.
outbound_endpoints Maps of Private DNS Resolver outbound endpoints.
resource Private DNS Resolver resource object.
resource_dns_forwarding_ruleset Private DNS Resolver DNS forwarding ruleset resource object.
resource_forwarding_rule Private DNS Resolver forwarding rule resource object.
resource_inbound_endpoint Private DNS Resolver inbound endpoint resource object.
resource_outbound_endpoint Private DNS Resolver outbound endpoint resource object.
resource_virtual_network_link Private DNS Resolver Virtual Network Link resource object.
virtual_network_id Private DNS Resolver Virtual Network ID.
virtual_network_name Private DNS Resolver Virtual Network name.

Related documentation

Microsoft Azure documentation: learn.microsoft.com/en-us/azure/dns/dns-private-resolver-overview/