Skip to content

googleDnsPolicy

A policy is a collection of DNS rules applied to one or more Virtual Private Cloud resources.

To get more information about Policy, see:

Open in Cloud Shell

Example Usage - Dns Policy Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkNetwork1 = new google.computeNetwork.ComputeNetwork(
  this,
  "network-1",
  {
    auto_create_subnetworks: false,
    name: "network-1",
  }
);
const googleComputeNetworkNetwork2 = new google.computeNetwork.ComputeNetwork(
  this,
  "network-2",
  {
    auto_create_subnetworks: false,
    name: "network-2",
  }
);
new google.dnsPolicy.DnsPolicy(this, "example-policy", {
  alternative_name_server_config: [
    {
      target_name_servers: [
        {
          forwarding_path: "private",
          ipv4_address: "172.16.1.10",
        },
        {
          ipv4_address: "172.16.1.20",
        },
      ],
    },
  ],
  enable_inbound_forwarding: true,
  enable_logging: true,
  name: "example-policy",
  networks: [
    {
      network_url: googleComputeNetworkNetwork1.id,
    },
    {
      network_url: googleComputeNetworkNetwork2.id,
    },
  ],
});

Argument Reference

The following arguments are supported:

  • name - (Required) User assigned name for this policy.

  • alternativeNameServerConfig - (Optional) Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

  • description - (Optional) A textual description field. Defaults to 'Managed by Terraform'.

  • enableInboundForwarding - (Optional) Allows networks bound to this policy to receive DNS queries sent by VMs or applications over VPN connections. When enabled, a virtual IP address will be allocated from each of the sub-networks that are bound to this policy.

  • enableLogging - (Optional) Controls whether logging is enabled for the networks bound to this policy. Defaults to no logging if not set.

  • networks - (Optional) List of network names specifying networks to which this policy is applied. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The alternativeNameServerConfig block supports:

  • targetNameServers - (Required) Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

The targetNameServers block supports:

  • ipv4Address - (Required) IPv4 address to forward to.

  • forwardingPath - (Optional) Forwarding path for this TargetNameServer. If unset or default Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to private, Cloud DNS will always send queries through VPC for this target Possible values are default and private.

The networks block supports:

  • networkUrl - (Required) The id or fully qualified URL of the VPC network to forward queries to. This should be formatted like projects/{project}/global/networks/{network} or https://wwwGoogleapisCom/compute/v1/projects/{project}/global/networks/{network}

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/policies/{{name}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Policy can be imported using any of these accepted formats:

$ terraform import google_dns_policy.default projects/{{project}}/policies/{{name}}
$ terraform import google_dns_policy.default {{project}}/{{name}}
$ terraform import google_dns_policy.default {{name}}

User Project Overrides

This resource supports User Project Overrides.