Open jvanenckevort opened 3 years ago
+1
I also had this issue and tried different things. But none of them can be called more then a bad workaround. IMO the best place to fix this would be the azurerm provider. I wrote a feature request in which i also outlined my workarounds.
If this is still an issue for you, i invite you to upvote my feature request ;) https://github.com/hashicorp/terraform-provider-azurerm/issues/24681
I am running into a problem where Terraform tries to change the
private_dns_zone_group
, which is deployed by a DeployIfNotExists policy. This policy automatically creates a DNS entry for a private endpoint (source). Normally, I would use ignore_changes, but this only works for resources that are first deployed by Terraform, and then all future changes outside Terraform are ignored.How can I deploy a private endpoint without a
private_dns_zone_group
, preventing any future deployments from deleting theprivate_dns_zone_group
which is deployed by an Azure policy?Within the Cloud Adoption Framework, having a centralized DNS, which is automatically updated by Azure policies is highly favorable. But it seems like Terraform conflicts with these specific policies.