I have an existing private DNS zone called privatelink.file.core.windows.net that is linked to a virtual network.
I have created a Terraform template that creates a storage account and a private endpoint for said storage account that connects to the virtual network mentioned above. When the resources are created I've noticed that it doesn't register in the private DNS zone automatically. Instead I've had to manually create a private DNS A record, I would prefer this to happen automatically, how does one do this?
Storage Account Creation
resource "azurerm_storage_account" "st" {
name = var.st.name
resource_group_name = var.rg_shared_name
location = var.rg_shared_location
account_tier = var.st.tier
account_replication_type = var.st.replication
}
Private Endpoint Creation
# PRIVATE ENDPOINT FOR STORAGE ACCOUNT
resource "azurerm_private_endpoint" "pe" {
name = var.pe.name
resource_group_name = var.rg_shared_name
location = var.rg_shared_location
subnet_id = var.subnet_id
private_service_connection {
name = "test"
private_connection_resource_id = azurerm_storage_account.st.id
is_manual_connection = false
subresource_names = ["file"]
}
}
Manual Creation of DNS Record
resource "azurerm_private_dns_a_record" "st_fqdn" {
name = azurerm_storage_account.st.name
zone_name = "privatelink.file.core.windows.net"
resource_group_name = "rg-hub-shared-core-dns-uks-001"
ttl = 300
records = ["172.17.208.4"]
}
I have resolve this issue, I missed private_dns_zone_group within the azurerm_private_endpoint resource block. Once I added this code it populated Azure private DNS automatically.
Source: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint
The code below is what I changed and added the section private_dns_zone_group.
# PRIVATE ENDPOINT FOR STORAGE ACCOUNT
resource "azurerm_private_endpoint" "pe" {
name = var.pe.name
resource_group_name = var.rg_shared_name
location = var.rg_shared_location
subnet_id = var.subnet_id
private_dns_zone_group {
name = "add_to_azure_private_dns"
private_dns_zone_ids = ["/subscriptions/d5f2dcf8-ab3f-47aa-9ec3-9c5aba4b909f/resourceGroups/rg-hub-shared-core-dns-uks-001/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"]
}
private_service_connection {
name = "connect_to_storage_account"
private_connection_resource_id = azurerm_storage_account.st.id
is_manual_connection = false
subresource_names = ["file"]
}
}