search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.28k stars 1.72k forks source link

How to add network to an existing GCP cloud dns zone via terraform #17768

Open sasikeda opened 5 months ago

sasikeda commented 5 months ago

Question

I am looking at terraform documentation, but could not find a resource that can help add new networks to the existing Cloud DNS zone, similar to AWS aws_route53_zone_association.

How can this be achieved?

Sankalp951 commented 5 months ago

Seems like that is known because unlike AWS Route 53, Google Cloud DNS doesn't have Terraform resource specifically for associating networks with zones. But there are alternatives.

Few of the reason I think google do not allow such feature is because of : Global Anycast Network & Private Zones

You can try to go with below approach to achieve similar control using Terraform Resources.

  1. Cloud DNS Record Sets: Define your DNS records (A records, MX records, etc.) within the Terraform configuration using the google_dns_record_set resource. You can specify the target resource (e.g., IP address of a Compute Engine instance) for each record. Terraform will automatically manage the record creation and updates within the Cloud DNS zone.
  2. VPC Network Firewalls: If you need more granular control over traffic flow within your VPC, leverage VPC network firewalls with required rules. These rules determine which resources can access specific IP addresses or domains, providing a layer of security alongside Cloud DNS.

Hope this information helps you to achieve your objective. Also, including below Terraform link for your reference.

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set

Thank you.

sasikeda commented 3 months ago

Cloud DNS Record Sets: Define your DNS records (A records, MX records, etc.) within the Terraform configuration using the google_dns_record_set resource. You can specify the target resource (e.g., IP address of a Compute Engine instance) for each record. Terraform will automatically manage the record creation and updates within the Cloud DNS zone.

In my observation terraform is able to add the records, but is not associating the vpc

itays333 commented 2 months ago

I also encountered this issue, since private_visibility_config in google_dns_managed_zone is authoritative, there is no way to dynamically add more VPCs. I ended up creating a peered zone that will do DNS lookups in the VPC that is attached to the original zone.