Patch dns

docs/wiki/[Examples]-Deploy-Management-Resources-With-Custom-Settings.md

@@ -3,7 +3,7 @@
 
 This page describes how to deploy your Azure landing zone with the [Management resources][wiki_management_resources] created in the current Subscription context, using custom configuration settings.
 
-The module supports customising almost any part of the configuration, however each subset of resources has it's own configuration block which is designed to simplify setting specific options.
+The module supports customizing almost any part of the configuration, however each subset of resources has it's own configuration block which is designed to simplify setting specific options.
 For the Management resources, this is configured through the [`configure_management_resources`][configure_management_resources] input variable.
 
 In this example, we take the base [Deploy Management resources][wiki_deploy_management_resources] configuration and make the following changes:

docs/wiki/[Examples]-Deploy-Management-Resources.md

@@ -7,7 +7,7 @@ In this example, we take the [default configuration][wiki_deploy_default_configu
 
 - Set `deploy_management_resources` to enable creation of the default Management resources,including:
   - Resource Group to contain all Management resources.
-  - Log Analytics workspace to use for centralised logging.
+  - Log Analytics workspace to use for centralized logging.
   - Automation Account to enable additional capabilities as part of the included Solutions for Azure Monitor.
   - Recommended Solutions for Azure Monitor.
 - Set the `subscription_id_management` value to ensure the Subscription is moved to the correct Management Group, and policies are updated with the correct values.

main.tf

@@ -84,5 +84,6 @@ module "connectivity_resources" {
   existing_ddos_protection_plan_resource_id = lookup(local.connectivity_resources_advanced, "existing_ddos_protection_plan_resource_id", local.empty_string)
   existing_virtual_wan_resource_id          = lookup(local.connectivity_resources_advanced, "existing_virtual_wan_resource_id", local.empty_string)
   resource_group_per_virtual_hub_location   = lookup(local.connectivity_resources_advanced, "resource_group_per_virtual_hub_location", false)
+  custom_azure_backup_geo_codes             = lookup(local.connectivity_resources_advanced, "custom_azure_backup_geo_codes", local.empty_map)
   custom_settings_by_resource_type          = lookup(local.connectivity_resources_advanced, "custom_settings_by_resource_type", local.empty_map)
 }

modules/connectivity/locals.geo_codes.tf.json

@@ -0,0 +1,62 @@
+{
+    "locals": {
+        "builtin_azure_backup_geo_codes": {
+            "australiacentral": "acl",
+            "australiacentral2": "acl2",
+            "australiaeast": "ae",
+            "australiasoutheast": "ase",
+            "brazilsouth": "brs",
+            "centraluseuap": "ccy",
+            "canadacentral": "cnc",
+            "canadaeast": "cne",
+            "centralus": "cus",
+            "eastasia": "ea",
+            "eastus2euap": "ecy",
+            "eastus": "eus",
+            "eastus2": "eus2",
+            "francecentral": "frc",
+            "francesouth": "frs",
+            "germanynorth": "gn",
+            "germanywestcentral": "gwc",
+            "centralindia": "inc",
+            "southindia": "ins",
+            "westindia": "inw",
+            "japaneast": "jpe",
+            "japanwest": "jpw",
+            "koreacentral": "krc",
+            "koreasouth": "krs",
+            "northcentralus": "ncus",
+            "northeurope": "ne",
+            "norwayeast": "nwe",
+            "norwaywest": "nww",
+            "southafricanorth": "san",
+            "southafricawest": "saw",
+            "southcentralus": "scus",
+            "swedencentral": "sdc",
+            "swedensouth": "sds",
+            "southeastasia": "sea",
+            "switzerlandnorth": "szn",
+            "switzerlandwest": "szw",
+            "uaecentral": "uac",
+            "uaenorth": "uan",
+            "uksouth": "uks",
+            "ukwest": "ukw",
+            "westcentralus": "wcus",
+            "westeurope": "we",
+            "westus": "wus",
+            "westus2": "wus2",
+            "usdodcentral": "udc",
+            "usdodeast": "ude",
+            "usgovarizona": "uga",
+            "usgoviowa": "ugi",
+            "usgovtexas": "ugt",
+            "usgovvirginia": "ugv",
+            "chinanorth": "bjb",
+            "chinanorth2": "bjb2",
+            "chinaeast": "sha",
+            "chinaeast2": "sha2",
+            "germanycentral": "gec",
+            "germanynortheast": "gne"
+        }
+    }
+}

modules/connectivity/locals.tf

@@ -23,6 +23,7 @@ locals {
   existing_ddos_protection_plan_resource_id = var.existing_ddos_protection_plan_resource_id
   existing_virtual_wan_resource_id          = var.existing_virtual_wan_resource_id != null ? var.existing_virtual_wan_resource_id : local.empty_string
   resource_group_per_virtual_hub_location   = var.resource_group_per_virtual_hub_location
+  custom_azure_backup_geo_codes             = var.custom_azure_backup_geo_codes
   custom_settings                           = var.custom_settings_by_resource_type
 }
 
@@ -1270,6 +1271,10 @@ locals {
   enable_private_link_by_service = local.settings.dns.config.enable_private_link_by_service
   private_link_locations         = coalescelist(local.settings.dns.config.private_link_locations, [local.location])
   private_dns_zone_prefix        = "${local.resource_group_config_by_scope_and_location["dns"][local.dns_location].resource_id}/providers/Microsoft.Network/privateDnsZones/"
+  lookup_azure_backup_geo_codes = merge(
+    local.builtin_azure_backup_geo_codes,
+    local.custom_azure_backup_geo_codes,
+  )
   lookup_private_link_dns_zone_by_service = {
     azure_automation_webhook             = ["privatelink.azure-automation.net"]
     azure_automation_dscandhybridworker  = ["privatelink.azure-automation.net"]
@@ -1300,12 +1305,9 @@ locals {
     azure_app_configuration_stores = ["privatelink.azconfig.io"]
     azure_backup = [
       for location in local.private_link_locations :
-      "privatelink.${location}.backup.windowsazure.com"
-    ]
-    azure_site_recovery = [
-      for location in local.private_link_locations :
-      "${location}.privatelink.siterecovery.windowsazure.com"
+      "privatelink.${local.lookup_azure_backup_geo_codes[location]}.backup.windowsazure.com"
     ]
+    azure_site_recovery              = ["privatelink.siterecovery.windowsazure.com"]
     azure_event_hubs_namespace       = ["privatelink.servicebus.windows.net"]
     azure_service_bus_namespace      = ["privatelink.servicebus.windows.net"]
     azure_iot_hub                    = ["privatelink.azure-devices.net", "privatelink.servicebus.windows.net"]

modules/connectivity/variables.tf

@@ -371,6 +371,15 @@ variable "resource_group_per_virtual_hub_location" {
   default     = false
 }
 
+variable "custom_azure_backup_geo_codes" {
+  type        = map(string)
+  description = <<DESCRIPTION
+If specified, the custom_azure_backup_geo_codes variable will override or append Geo Codes (value) used to generate region-specific DNS zone names for Azure Backup private endpoints.
+For more information, please refer to: https://docs.microsoft.com/azure/backup/private-endpoints#when-using-custom-dns-server-or-host-files
+DESCRIPTION
+  default     = {}
+}
+
 variable "custom_settings_by_resource_type" {
   type        = any
   description = "If specified, allows full customization of common settings for all resources (by type) deployed by this module."