Search code examples
azureterraform

Registering a private endpoint in Azure private DNS automatically using Terraform

I have an existing private DNS zone called privatelink.file.core.windows.net that is linked to a virtual network.

I have created a Terraform template that creates a storage account and a private endpoint for said storage account that connects to the virtual network mentioned above. When the resources are created I've noticed that it doesn't register in the private DNS zone automatically. Instead I've had to manually create a private DNS A record, I would prefer this to happen automatically, how does one do this?

Storage Account Creation

resource "azurerm_storage_account" "st" {
    name = var.st.name
    resource_group_name = var.rg_shared_name
    location = var.rg_shared_location
    account_tier = var.st.tier
    account_replication_type = var.st.replication
}

Private Endpoint Creation

# PRIVATE ENDPOINT FOR STORAGE ACCOUNT
resource "azurerm_private_endpoint" "pe" {
    name = var.pe.name
    resource_group_name = var.rg_shared_name
    location = var.rg_shared_location
    subnet_id = var.subnet_id

    private_service_connection {
      name = "test"
      private_connection_resource_id = azurerm_storage_account.st.id
      is_manual_connection = false
      subresource_names = ["file"]
    }
}

Manual Creation of DNS Record

resource "azurerm_private_dns_a_record" "st_fqdn" {
  name = azurerm_storage_account.st.name
  zone_name = "privatelink.file.core.windows.net"
  resource_group_name = "rg-hub-shared-core-dns-uks-001"
  ttl = 300
  records = ["172.17.208.4"]
}
Solution

  • I have resolve this issue, I missed private_dns_zone_group within the azurerm_private_endpoint resource block. Once I added this code it populated Azure private DNS automatically.

    Source: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint

    The code below is what I changed and added the section private_dns_zone_group.

    # PRIVATE ENDPOINT FOR STORAGE ACCOUNT
resource "azurerm_private_endpoint" "pe" {
    name = var.pe.name
    resource_group_name = var.rg_shared_name
    location = var.rg_shared_location
    subnet_id = var.subnet_id

    private_dns_zone_group {
      name = "add_to_azure_private_dns"
      private_dns_zone_ids = ["/subscriptions/d5f2dcf8-ab3f-47aa-9ec3-9c5aba4b909f/resourceGroups/rg-hub-shared-core-dns-uks-001/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"]
    }

    private_service_connection {
      name = "connect_to_storage_account"
      private_connection_resource_id = azurerm_storage_account.st.id
      is_manual_connection = false
      subresource_names = ["file"]
    }
}