» google_dns_policy

A policy is a collection of DNS rules applied to one or more Virtual Private Cloud resources.

To get more information about Policy, see:

» Example Usage - Dns Policy Basic

resource "google_dns_policy" "example-policy" {
  provider = "google-beta"

  name = "example-policy"
  enable_inbound_forwarding = true

  enable_logging = true

  alternative_name_server_config {
    target_name_servers {
      ipv4_address = "172.16.1.10"
    }
    target_name_servers {
      ipv4_address = "172.16.1.20"
    }
  }

  networks {
    network_url =  "${google_compute_network.network-1.self_link}"
  }
  networks {
    network_url =  "${google_compute_network.network-2.self_link}"
  }
}

resource "google_compute_network" "network-1" {
  provider = "google-beta"

  name = "network-1"
  auto_create_subnetworks = false
}

resource "google_compute_network" "network-2" {
  provider = "google-beta"

  name = "network-2"
  auto_create_subnetworks = false
}

provider "google-beta"{
  region = "us-central1"
  zone   = "us-central1-a"
}

» Argument Reference

The following arguments are supported:

  • name - (Required) User assigned name for this policy.

  • alternative_name_server_config - (Optional) Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

  • description - (Optional) A textual description field. Defaults to 'Managed by Terraform'.

  • enable_inbound_forwarding - (Optional) Allows networks bound to this policy to receive DNS queries sent by VMs or applications over VPN connections. When enabled, a virtual IP address will be allocated from each of the sub-networks that are bound to this policy.

  • enable_logging - (Optional) Controls whether logging is enabled for the networks bound to this policy. Defaults to no logging if not set.

  • networks - (Optional) List of network names specifying networks to which this policy is applied. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The alternative_name_server_config block supports:

  • target_name_servers - (Optional) Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

The target_name_servers block supports:

The networks block supports:

  • network_url - (Optional) The fully qualified URL of the VPC network to bind to. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

Policy can be imported using any of these accepted formats:

$ terraform import -provider=google-beta google_dns_policy.default projects/{{project}}/policies/{{name}}
$ terraform import -provider=google-beta google_dns_policy.default {{project}}/{{name}}
$ terraform import -provider=google-beta google_dns_policy.default {{name}}

» User Project Overrides

This resource supports User Project Overrides.