Azure Landing Zones Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure Landing Zones Documentation
  2. /
  3. Accelerator
  4. /
  5. Starter Modules
  6. /
  7. Terraform - Azure Verified Modules for Platform Landing Zone (ALZ)
  8. /
  9. Options
  10. /
  11. 5 - Turn off Private DNS zones
Edit page

5 - Turn off Private DNS zones

You can choose to not deploy the private DNS zone resources. In order to do that, you need to update the DNS configuration and disable the DINE (deploy if not exists) policy.

The steps to follow are:

  1. Update the following settings by searching for the keys and updating the value

    Setting TypeParent block(s)KeyActionCountNotes
    linecustom_replacements > names<region>_private_dns_zones_enabledUpdate setting to false1+<region> is the relevant region (e.g. primary)
    You should not remove the DNS names from the custom_replacements section as it will result in a templating error. Advanced Terraform users are welcome to tidy up the config and remove the names and related templates if there is no future plan to use Private DNS.

  2. Locate the lib folder in your config directory. This folder was created in the initial steps of phase 2. The lib folder structure should look like this:

    📂lib
┣ 📜alz_library_metadata.json
┣ 📂architecture_definitions
┃ ┗ 📜alz_custom.alz_architecture_definition.yaml
┗ 📂archetype_overrides
  ┃ 📜connectivity_custom.alz_archetype_override.yaml
  ┃ 📜corp_custom.alz_archetype_override.yaml
  ┃ 📜decommissioned_custom.alz_archetype_override.yaml
  ┃ 📜identity_custom.alz_archetype_override.yaml
  ┃ 📜management_custom.alz_archetype_override.yaml
  ┃ 📜landing_zones_custom.alz_archetype_override.yaml
  ┃ 📜platform_custom.alz_archetype_override.yaml
  ┃ 📜root_custom.alz_archetype_override.yaml
  ┗ 📜sandboxes_custom.alz_archetype_override.yaml

  3. Open the corp_custom.alz_archetype_override.yaml file and uncomment the AMA policy assignments in the policy_assignments_to_remove list.

    The file should look like this:

    base_archetype: corp
name: corp_custom
policy_assignments_to_add: []
policy_assignments_to_remove: [
# To remove the private DNS zones policy for private endpoints
  Deploy-Private-DNS-Zones,
]
policy_definitions_to_add: []
policy_definitions_to_remove: []
policy_set_definitions_to_add: []
policy_set_definitions_to_remove: []
role_definitions_to_add: []
role_definitions_to_remove: []

  4. Make sure to save the file after making the changes.

gdoc_arrow_left_alt 4 - Turn off Bastion host 6 - Turn off Virtual Network Gateways gdoc_arrow_right_alt