A policy is a collection of DNS rules applied to one or more Virtual Private Cloud resources.
To get more information about Policy, see:
resource "google_dns_policy" "example-policy" {
name = "example-policy"
enable_inbound_forwarding = true
enable_logging = true
alternative_name_server_config {
target_name_servers {
ipv4_address = "172.16.1.10"
forwarding_path = "private"
}
target_name_servers {
ipv4_address = "172.16.1.20"
}
}
networks {
network_url = google_compute_network.network-1.id
}
networks {
network_url = google_compute_network.network-2.id
}
}
resource "google_compute_network" "network-1" {
name = "network-1"
auto_create_subnetworks = false
}
resource "google_compute_network" "network-2" {
name = "network-2"
auto_create_subnetworks = false
}
The following arguments are supported:
name
-
(Required)
User assigned name for this policy.alternative_name_server_config
-
(Optional)
Sets an alternative name server for the associated networks.
When specified, all DNS queries are forwarded to a name server that you choose.
Names such as .internal are not available when an alternative name server is specified.
Structure is documented below.
description
-
(Optional)
A textual description field. Defaults to 'Managed by Terraform'.
enable_inbound_forwarding
-
(Optional)
Allows networks bound to this policy to receive DNS queries sent
by VMs or applications over VPN connections. When enabled, a
virtual IP address will be allocated from each of the sub-networks
that are bound to this policy.
enable_logging
-
(Optional)
Controls whether logging is enabled for the networks bound to this policy.
Defaults to no logging if not set.
networks
-
(Optional)
List of network names specifying networks to which this policy is applied.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The alternative_name_server_config
block supports:
target_name_servers
-
(Required)
Sets an alternative name server for the associated networks. When specified,
all DNS queries are forwarded to a name server that you choose. Names such as .internal
are not available when an alternative name server is specified.
Structure is documented below.The target_name_servers
block supports:
ipv4_address
-
(Required)
IPv4 address to forward to.
forwarding_path
-
(Optional)
Forwarding path for this TargetNameServer. If unset or default
Cloud DNS will make forwarding
decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go
to the Internet. When set to private
, Cloud DNS will always send queries through VPC for this target
Possible values are: default
, private
.
network_url
-
(Required)
The id or fully qualified URL of the VPC network to forward queries to.
This should be formatted like projects/{project}/global/networks/{network}
or
https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/policies/{{name}}
This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.update
- Default is 20 minutes.delete
- Default is 20 minutes.Policy can be imported using any of these accepted formats:
projects/{{project}}/policies/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import Policy using one of the formats above. For example:
import {
id = "projects/{{project}}/policies/{{name}}"
to = google_dns_policy.default
}
When using the terraform import
command, Policy can be imported using one of the formats above. For example:
$ terraform import google_dns_policy.default projects/{{project}}/policies/{{name}}
$ terraform import google_dns_policy.default {{project}}/{{name}}
$ terraform import google_dns_policy.default {{name}}
This resource supports User Project Overrides.