This module makes it easy to create Google Cloud DNS zones of different types, and manage their records. It supports creating public, private, forwarding, peering, reverse_lookup and service directory zones.
The resources/services/activations/deletions that this module will create/trigger are:
- One
google_dns_managed_zonefor the zone - Zero or more
google_dns_record_setfor the zone records
This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue. If you haven't upgraded and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is v3.1.0.
Basic usage of this module for a private zone is as follows:
module "dns-private-zone" { source = "terraform-google-modules/cloud-dns/google" version = "4.0" project_id = "my-project" type = "private" name = "example-com" domain = "example.com." private_visibility_config_networks = [ "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/my-vpc" ] recordsets = [ { name = "" type = "NS" ttl = 300 records = [ "127.0.0.1", ] }, { name = "localhost" type = "A" ttl = 300 records = [ "127.0.0.1", ] }, ] } Functional examples are included in the examples directory.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| default_key_specs_key | Object containing default key signing specifications : algorithm, key_length, key_type, kind. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone#dnssec_config for futhers details | any | {} | no |
| default_key_specs_zone | Object containing default zone signing specifications : algorithm, key_length, key_type, kind. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone#dnssec_config for futhers details | any | {} | no |
| description | zone description (shown in console) | string | "Managed by Terraform" | no |
| dnssec_config | Object containing : kind, non_existence, state. Please see https://www.terraform.io/docs/providers/google/r/dns_managed_zone#dnssec_config for futhers details | any | {} | no |
| domain | Zone domain, must end with a period. | string | n/a | yes |
| enable_logging | Enable query logging for this ManagedZone | bool | false | no |
| force_destroy | Set this true to delete all records in the zone. | bool | false | no |
| labels | A set of key/value label pairs to assign to this ManagedZone | map(any) | {} | no |
| name | Zone name, must be unique within the project. | string | n/a | yes |
| private_visibility_config_networks | List of VPC self links that can see this zone. | list(string) | [] | no |
| project_id | Project id for the zone. | string | n/a | yes |
| recordsets | List of DNS record objects to manage, in the standard terraform dns structure. | list(object({ | [] | no |
| service_namespace_url | The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id} or simply projects/{project}/locations/{location}/namespaces/{namespace_id}. | string | "" | no |
| target_name_server_addresses | List of target name servers for forwarding zone. | list(map(any)) | [] | no |
| target_network | Peering network. | string | "" | no |
| type | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'reverse_lookup' and 'service_directory'. | string | "private" | no |
| Name | Description |
|---|---|
| domain | The DNS zone domain. |
| name | The DNS zone name. |
| name_servers | The DNS zone name servers. |
| type | The DNS zone type. |
These sections describe requirements for using this module.
The following dependencies must be available:
- Terraform >= 0.13.0
- Terraform Provider for GCP plugin >= v4.40
User or service account credentials with the following roles must be used to provision the resources of this module:
- DNS Administrator:
roles/dns.admin
The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.
A project with the following APIs enabled must be used to host the resources of this module:
- Google Cloud DNS API:
dns.googleapis.com
The Project Factory module can be used to provision a project with the necessary APIs enabled.
Refer to the contribution guidelines for information on contributing to this module.