search

Azure / terraform-azurerm-avm-ptn-hubnetworking

Azure Verified Module for the Multi-hub networking pattern
https://registry.terraform.io/modules/Azure/avm-ptn-hubnetworking
MIT License
4 stars 4 forks source link

Support for avm-res-network-dnsresolver #88

Open cjtous1 opened 1 month ago

cjtous1 commented 1 month ago

Is there an existing issue for this?

Description

I would like to be able to deploy a DNS resolver as part of the hub configuration via this pattern module. Would it be possible to add an optional object to define a private DNS resolver and its configuration leveraging the "terraform-avm-res-network-dnsresolver"?

Ideally, I would like to be able to define the resolver and then be able to configure the Azure Firewall as a DNS proxy and point it to the inbound endpoint of the DNS resolver.

New or Affected Resource(s)/Data Source(s)

azurerm-avm-ptn-hubnetworking, azurerm-avm-res-network-dnsresolver

Potential Terraform Configuration

      subnets = {
        ResolverInboundSubnet = {
          name = "ResolverInboundSubnet"
          address_prefixes = ["10.101.1.0/24"]
          delegation = {
            name = "Microsoft.Network.dnsResolvers"
            service_delegation = {
              name = "Microsoft.Network.dnsResolvers"
              actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
            }
          }
        }
      }
      dns_resolver = {
        name = "resolver1"
        inbound_endpoints = {
          "inbound1" = {
            name = "inbound1"
            subnet_name = "ResolverInboundSubnet"
          }
        }
        outbound_endpoints = {
          "outbound1" = {...}
        }
      }
      firewall = {
        sku_name = "AZFW_VNet"
        sku_tier = "Standard"
        subnet_address_prefix = "10.101.0.0/24"
        firewall_policy = {
          name = "policy"
          sku = "Standard"
          dns = {
            proxy_enabled = true
            servers = //Some way to specify the inbound endpoint of the DNS resolver here?
          }
        }
      }

References

No response

jaredfholgate commented 1 month ago

Hi. We will definitely look into this as time allows. Thanks for raising.

cjtous1 commented 1 month ago

Since this is tagged as long term, do you have a suggestion on how we could do this with the current capabilities that are available now?