Terraform Azure Private DNS Zone Module

Reading Time: 2 minutes

With this module, you can easily create a single or multiple private DNS zones in Azure and attach them to a virtual network. Whether you need to resolve names for your internal services or restrict access to public DNS names, this module can help.

Usage

You can use this module in your Terraform configuration by including it as a module and providing the required input variables. Here is an example of how to use the module to create two Private DNS Zones and attach them to a virtual network:

module "private_dns_zone" {
  source                    = "github.com/george-markou/Terraform-Azure//Network/privateDnsZone"
  resource_group_name       = "rgtest"
  dns_zone_name     = [
  "myfirstprivatednszone.local",
  "mysecondprivatednszone.local",
  ]
  network_link_name = "link-to-vnet"
  virtual_network_id = "/subscriptions/<subcription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>"
  tags = {
    "Environment" = "Prod"
  }
}

This example creates two new Private DNS Zones and attaches them to a virtual network.

Input Variables

The module accepts the following input variables:

Variable	Description	Type	Required
resource_group_name	The name of the resource group in which to create the Private DNS Zone.	string	Yes
dns_zone_name	An array of dns zones to be created.	list(string)	Yes
network_link_name	The network link name.	string	Yes
virtual_network_id	The id of the virtual network.	string	Yes
tags	A mapping of tags which should be assigned to Private DNS Zone resources.	map(string)	No

Output Values

The module exports the following output values:

Output	Description
id	The ID of the Private DNS Zone.

Bonus: Deploy Private DNS Zones used for Private Link based on the recommendations from the Azure Landing Zone Conceptual Architecture.

module "private_dns_zone" {
  source                    = "github.com/george-markou/Terraform-Azure//Network/privateDnsZone"
  resource_group_name       = "rgtest"
  dns_zone_name     = [
        "privatelink.xxxxxx.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus)
        "privatelink.xxxxxx.batch.azure.com", // Replace xxxxxx with target region (i.e. eastus)
        "privatelink.xxxxxx.kusto.windows.net", // Replace xxxxxx with target region (i.e. eastus)
        "privatelink.xxxxxx.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus)
        "privatelink.adf.azure.com",
        "privatelink.afs.azure.net",
        "privatelink.agentsvc.azure-automation.net",
        "privatelink.analysis.windows.net",
        "privatelink.api.azureml.ms",
        "privatelink.azconfig.io",
        "privatelink.azure-api.net",
        "privatelink.azure-automation.net",
        "privatelink.azurecr.io",
        "privatelink.azure-devices.net",
        "privatelink.azure-devices-provisioning.net",
        "privatelink.azurehdinsight.net",
        "privatelink.azurehealthcareapis.com",
        "privatelink.azurestaticapps.net",
        "privatelink.azuresynapse.net",
        "privatelink.azurewebsites.net",
        "privatelink.batch.azure.com",
        "privatelink.blob.core.windows.net",
        "privatelink.cassandra.cosmos.azure.com",
        "privatelink.cognitiveservices.azure.com",
        "privatelink.database.windows.net",
        "privatelink.datafactory.azure.net",
        "privatelink.dev.azuresynapse.net",
        "privatelink.dfs.core.windows.net",
        "privatelink.dicom.azurehealthcareapis.com",
        "privatelink.digitaltwins.azure.net",
        "privatelink.directline.botframework.com",
        "privatelink.documents.azure.com",
        "privatelink.eventgrid.azure.net",
        "privatelink.file.core.windows.net",
        "privatelink.gremlin.cosmos.azure.com",
        "privatelink.guestconfiguration.azure.com",
        "privatelink.his.arc.azure.com",
        "privatelink.kubernetesconfiguration.azure.com",
        "privatelink.managedhsm.azure.net",
        "privatelink.mariadb.database.azure.com",
        "privatelink.media.azure.net",
        "privatelink.mongo.cosmos.azure.com",
        "privatelink.monitor.azure.com",
        "privatelink.mysql.database.azure.com",
        "privatelink.notebooks.azure.net",
        "privatelink.ods.opinsights.azure.com",
        "privatelink.oms.opinsights.azure.com",
        "privatelink.pbidedicated.windows.net",
        "privatelink.postgres.database.azure.com",
        "privatelink.prod.migration.windowsazure.com",
        "privatelink.purview.azure.com",
        "privatelink.purviewstudio.azure.com",
        "privatelink.queue.core.windows.net",
        "privatelink.redis.cache.windows.net",
        "privatelink.redisenterprise.cache.azure.net",
        "privatelink.search.windows.net",
        "privatelink.service.signalr.net",
        "privatelink.servicebus.windows.net",
        "privatelink.siterecovery.windowsazure.com",
        "privatelink.sql.azuresynapse.net",
        "privatelink.table.core.windows.net",
        "privatelink.table.cosmos.azure.com",
        "privatelink.tip1.powerquery.microsoft.com",
        "privatelink.token.botframework.com",
        "privatelink.vaultcore.azure.net",
        "privatelink.web.core.windows.net",
        "privatelink.webpubsub.azure.com"
  ]
  network_link_name = "link-to-vnet"
  virtual_network_id = "/subscriptions/<subcription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Network/virtualNetworks/<vnet-name>"
  tags = {
    "Environment" = "Prod"
  }
}

Looking for more modules like this one? Feel free to go through my public GitHub repository and explore the rest of modules I’ve created for Microsoft Azure right here Terraform-Azure/Network at main · george-markou/Terraform-Azure · GitHub.

Thanks for reading my blog!

Feel free to drop your comment or question below.