diff --git a/fast/stages/2-networking-a-peering/README.md b/fast/stages/2-networking-a-peering/README.md
index 84208067e3..d5e234f5d9 100644
--- a/fast/stages/2-networking-a-peering/README.md
+++ b/fast/stages/2-networking-a-peering/README.md
@@ -366,9 +366,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| name | description | modules | resources |
|---|---|---|---|
-| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy |
-| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy |
-| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy |
+| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
+| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
+| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
diff --git a/fast/stages/2-networking-a-peering/dns-dev.tf b/fast/stages/2-networking-a-peering/dns-dev.tf
index c91e959b54..4a021f3adc 100644
--- a/fast/stages/2-networking-a-peering/dns-dev.tf
+++ b/fast/stages/2-networking-a-peering/dns-dev.tf
@@ -75,15 +75,3 @@ module "dev-dns-peer-landing-rev-10" {
}
}
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "dev-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.dev-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.dev-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-a-peering/dns-landing.tf b/fast/stages/2-networking-a-peering/dns-landing.tf
index 25fa33e4d0..2eefbc86d8 100644
--- a/fast/stages/2-networking-a-peering/dns-landing.tf
+++ b/fast/stages/2-networking-a-peering/dns-landing.tf
@@ -87,15 +87,3 @@ module "landing-dns-policy-googleapis" {
}
rules_file = var.factories_config.dns_policy_rules_file
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "landing-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.landing-project.project_id
- enable_logging = true
- networks {
- network_url = module.landing-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-a-peering/dns-prod.tf b/fast/stages/2-networking-a-peering/dns-prod.tf
index f09e16f9ec..8b376bb098 100644
--- a/fast/stages/2-networking-a-peering/dns-prod.tf
+++ b/fast/stages/2-networking-a-peering/dns-prod.tf
@@ -75,15 +75,3 @@ module "prod-dns-peer-landing-rev-10" {
}
}
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "prod-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.prod-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.prod-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-a-peering/net-dev.tf b/fast/stages/2-networking-a-peering/net-dev.tf
index c9e1d09dd2..bce5883c1d 100644
--- a/fast/stages/2-networking-a-peering/net-dev.tf
+++ b/fast/stages/2-networking-a-peering/net-dev.tf
@@ -70,6 +70,9 @@ module "dev-spoke-vpc" {
project_id = module.dev-spoke-project.project_id
name = "dev-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/dev"
}
diff --git a/fast/stages/2-networking-a-peering/net-landing.tf b/fast/stages/2-networking-a-peering/net-landing.tf
index c8239e4c16..5e646bdde3 100644
--- a/fast/stages/2-networking-a-peering/net-landing.tf
+++ b/fast/stages/2-networking-a-peering/net-landing.tf
@@ -49,6 +49,7 @@ module "landing-vpc" {
mtu = 1500
dns_policy = {
inbound = true
+ logging = var.dns.enable_logging
}
# set explicit routes for googleapis in case the default route is deleted
create_googleapis_routes = {
diff --git a/fast/stages/2-networking-a-peering/net-prod.tf b/fast/stages/2-networking-a-peering/net-prod.tf
index 72937b44ad..66236c2bee 100644
--- a/fast/stages/2-networking-a-peering/net-prod.tf
+++ b/fast/stages/2-networking-a-peering/net-prod.tf
@@ -68,6 +68,9 @@ module "prod-spoke-vpc" {
project_id = module.prod-spoke-project.project_id
name = "prod-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/prod"
}
diff --git a/fast/stages/2-networking-b-vpn/README.md b/fast/stages/2-networking-b-vpn/README.md
index 19251ad2a1..6cd4a9ba95 100644
--- a/fast/stages/2-networking-b-vpn/README.md
+++ b/fast/stages/2-networking-b-vpn/README.md
@@ -388,9 +388,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| name | description | modules | resources |
|---|---|---|---|
-| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy |
-| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy |
-| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy |
+| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
+| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
+| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn.tf](./monitoring-vpn.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
diff --git a/fast/stages/2-networking-b-vpn/dns-dev.tf b/fast/stages/2-networking-b-vpn/dns-dev.tf
index c91e959b54..4a021f3adc 100644
--- a/fast/stages/2-networking-b-vpn/dns-dev.tf
+++ b/fast/stages/2-networking-b-vpn/dns-dev.tf
@@ -75,15 +75,3 @@ module "dev-dns-peer-landing-rev-10" {
}
}
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "dev-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.dev-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.dev-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-b-vpn/dns-landing.tf b/fast/stages/2-networking-b-vpn/dns-landing.tf
index 25fa33e4d0..2eefbc86d8 100644
--- a/fast/stages/2-networking-b-vpn/dns-landing.tf
+++ b/fast/stages/2-networking-b-vpn/dns-landing.tf
@@ -87,15 +87,3 @@ module "landing-dns-policy-googleapis" {
}
rules_file = var.factories_config.dns_policy_rules_file
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "landing-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.landing-project.project_id
- enable_logging = true
- networks {
- network_url = module.landing-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-b-vpn/dns-prod.tf b/fast/stages/2-networking-b-vpn/dns-prod.tf
index f09e16f9ec..8b376bb098 100644
--- a/fast/stages/2-networking-b-vpn/dns-prod.tf
+++ b/fast/stages/2-networking-b-vpn/dns-prod.tf
@@ -75,15 +75,3 @@ module "prod-dns-peer-landing-rev-10" {
}
}
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "prod-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.prod-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.prod-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-b-vpn/net-dev.tf b/fast/stages/2-networking-b-vpn/net-dev.tf
index c9e1d09dd2..bce5883c1d 100644
--- a/fast/stages/2-networking-b-vpn/net-dev.tf
+++ b/fast/stages/2-networking-b-vpn/net-dev.tf
@@ -70,6 +70,9 @@ module "dev-spoke-vpc" {
project_id = module.dev-spoke-project.project_id
name = "dev-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/dev"
}
diff --git a/fast/stages/2-networking-b-vpn/net-landing.tf b/fast/stages/2-networking-b-vpn/net-landing.tf
index c8239e4c16..5e646bdde3 100644
--- a/fast/stages/2-networking-b-vpn/net-landing.tf
+++ b/fast/stages/2-networking-b-vpn/net-landing.tf
@@ -49,6 +49,7 @@ module "landing-vpc" {
mtu = 1500
dns_policy = {
inbound = true
+ logging = var.dns.enable_logging
}
# set explicit routes for googleapis in case the default route is deleted
create_googleapis_routes = {
diff --git a/fast/stages/2-networking-b-vpn/net-prod.tf b/fast/stages/2-networking-b-vpn/net-prod.tf
index 72937b44ad..66236c2bee 100644
--- a/fast/stages/2-networking-b-vpn/net-prod.tf
+++ b/fast/stages/2-networking-b-vpn/net-prod.tf
@@ -68,6 +68,9 @@ module "prod-spoke-vpc" {
project_id = module.prod-spoke-project.project_id
name = "prod-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/prod"
}
diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md
index 60ecf02cda..a4aae565a3 100644
--- a/fast/stages/2-networking-c-nva/README.md
+++ b/fast/stages/2-networking-c-nva/README.md
@@ -436,9 +436,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| name | description | modules | resources |
|---|---|---|---|
-| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy |
-| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy |
-| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy |
+| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
+| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
+| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
diff --git a/fast/stages/2-networking-c-nva/dns-dev.tf b/fast/stages/2-networking-c-nva/dns-dev.tf
index 11c721fea6..fb43d68ec5 100644
--- a/fast/stages/2-networking-c-nva/dns-dev.tf
+++ b/fast/stages/2-networking-c-nva/dns-dev.tf
@@ -70,16 +70,3 @@ module "dev-dns-peer-landing-rev-10" {
}
}
}
-
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "dev-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.dev-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.dev-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-c-nva/dns-landing.tf b/fast/stages/2-networking-c-nva/dns-landing.tf
index b93fc08a42..e18114fa7f 100644
--- a/fast/stages/2-networking-c-nva/dns-landing.tf
+++ b/fast/stages/2-networking-c-nva/dns-landing.tf
@@ -97,18 +97,3 @@ module "landing-dns-policy-googleapis" {
}
rules_file = var.factories_config.dns_policy_rules_file
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "landing-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.landing-project.project_id
- enable_logging = true
- networks {
- network_url = module.landing-trusted-vpc.id
- }
- networks {
- network_url = module.landing-untrusted-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-c-nva/dns-prod.tf b/fast/stages/2-networking-c-nva/dns-prod.tf
index ea0d3a5d3c..dc162e55c4 100644
--- a/fast/stages/2-networking-c-nva/dns-prod.tf
+++ b/fast/stages/2-networking-c-nva/dns-prod.tf
@@ -70,15 +70,3 @@ module "prod-dns-peer-landing-rev-10" {
}
}
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "prod-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.prod-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.prod-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-c-nva/net-dev.tf b/fast/stages/2-networking-c-nva/net-dev.tf
index 98c4038b7c..d676da7bce 100644
--- a/fast/stages/2-networking-c-nva/net-dev.tf
+++ b/fast/stages/2-networking-c-nva/net-dev.tf
@@ -69,6 +69,9 @@ module "dev-spoke-vpc" {
project_id = module.dev-spoke-project.project_id
name = "dev-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/dev"
}
diff --git a/fast/stages/2-networking-c-nva/net-landing.tf b/fast/stages/2-networking-c-nva/net-landing.tf
index 86230a0b8b..1cf6492ab4 100644
--- a/fast/stages/2-networking-c-nva/net-landing.tf
+++ b/fast/stages/2-networking-c-nva/net-landing.tf
@@ -50,8 +50,8 @@ module "landing-untrusted-vpc" {
name = "prod-untrusted-landing-0"
mtu = 1500
dns_policy = {
- inbound = false
- logging = false
+ inbound = true
+ logging = var.dns.enable_logging
}
create_googleapis_routes = null
factories_config = {
diff --git a/fast/stages/2-networking-c-nva/net-prod.tf b/fast/stages/2-networking-c-nva/net-prod.tf
index 91353c970f..a08ca0c4f6 100644
--- a/fast/stages/2-networking-c-nva/net-prod.tf
+++ b/fast/stages/2-networking-c-nva/net-prod.tf
@@ -67,6 +67,9 @@ module "prod-spoke-vpc" {
project_id = module.prod-spoke-project.project_id
name = "prod-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/prod"
}
diff --git a/fast/stages/2-networking-d-separate-envs/README.md b/fast/stages/2-networking-d-separate-envs/README.md
index 0febb156a7..75fc109f34 100644
--- a/fast/stages/2-networking-d-separate-envs/README.md
+++ b/fast/stages/2-networking-d-separate-envs/README.md
@@ -313,8 +313,8 @@ Regions are defined via the `regions` variable which sets up a mapping between t
| name | description | modules | resources |
|---|---|---|---|
-| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy |
-| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy |
+| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns · dns-response-policy | |
+| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns · dns-response-policy | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
diff --git a/fast/stages/2-networking-d-separate-envs/dns-dev.tf b/fast/stages/2-networking-d-separate-envs/dns-dev.tf
index cb50147aa8..018b2391b6 100644
--- a/fast/stages/2-networking-d-separate-envs/dns-dev.tf
+++ b/fast/stages/2-networking-d-separate-envs/dns-dev.tf
@@ -82,15 +82,3 @@ module "dev-dns-policy-googleapis" {
}
rules_file = var.factories_config.dns_policy_rules_file
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "dev-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.dev-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.dev-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-d-separate-envs/dns-prod.tf b/fast/stages/2-networking-d-separate-envs/dns-prod.tf
index c293196c64..0c86e476e8 100644
--- a/fast/stages/2-networking-d-separate-envs/dns-prod.tf
+++ b/fast/stages/2-networking-d-separate-envs/dns-prod.tf
@@ -82,15 +82,3 @@ module "prod-dns-policy-googleapis" {
}
rules_file = var.factories_config.dns_policy_rules_file
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "prod-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.prod-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.prod-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-d-separate-envs/net-dev.tf b/fast/stages/2-networking-d-separate-envs/net-dev.tf
index 753a6a4e01..24c9d4fa3f 100644
--- a/fast/stages/2-networking-d-separate-envs/net-dev.tf
+++ b/fast/stages/2-networking-d-separate-envs/net-dev.tf
@@ -70,6 +70,9 @@ module "dev-spoke-vpc" {
project_id = module.dev-spoke-project.project_id
name = "dev-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/dev"
}
diff --git a/fast/stages/2-networking-d-separate-envs/net-prod.tf b/fast/stages/2-networking-d-separate-envs/net-prod.tf
index 920d3fce81..eea26bf132 100644
--- a/fast/stages/2-networking-d-separate-envs/net-prod.tf
+++ b/fast/stages/2-networking-d-separate-envs/net-prod.tf
@@ -68,6 +68,9 @@ module "prod-spoke-vpc" {
project_id = module.prod-spoke-project.project_id
name = "prod-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/prod"
}
diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md
index 7e56b3b4e9..04db384dd6 100644
--- a/fast/stages/2-networking-e-nva-bgp/README.md
+++ b/fast/stages/2-networking-e-nva-bgp/README.md
@@ -461,9 +461,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| name | description | modules | resources |
|---|---|---|---|
-| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy |
-| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy |
-| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy |
+| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
+| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
+| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
diff --git a/fast/stages/2-networking-e-nva-bgp/dns-dev.tf b/fast/stages/2-networking-e-nva-bgp/dns-dev.tf
index 11c721fea6..fb43d68ec5 100644
--- a/fast/stages/2-networking-e-nva-bgp/dns-dev.tf
+++ b/fast/stages/2-networking-e-nva-bgp/dns-dev.tf
@@ -70,16 +70,3 @@ module "dev-dns-peer-landing-rev-10" {
}
}
}
-
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "dev-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.dev-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.dev-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf
index b93fc08a42..e18114fa7f 100644
--- a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf
+++ b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf
@@ -97,18 +97,3 @@ module "landing-dns-policy-googleapis" {
}
rules_file = var.factories_config.dns_policy_rules_file
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "landing-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.landing-project.project_id
- enable_logging = true
- networks {
- network_url = module.landing-trusted-vpc.id
- }
- networks {
- network_url = module.landing-untrusted-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-e-nva-bgp/dns-prod.tf b/fast/stages/2-networking-e-nva-bgp/dns-prod.tf
index ea0d3a5d3c..dc162e55c4 100644
--- a/fast/stages/2-networking-e-nva-bgp/dns-prod.tf
+++ b/fast/stages/2-networking-e-nva-bgp/dns-prod.tf
@@ -70,15 +70,3 @@ module "prod-dns-peer-landing-rev-10" {
}
}
}
-
-# DNS policy to enable query logging
-
-resource "google_dns_policy" "prod-dns-logging-policy" {
- name = "logging-policy"
- count = var.dns.enable_logging ? 1 : 0
- project = module.prod-spoke-project.project_id
- enable_logging = true
- networks {
- network_url = module.prod-spoke-vpc.id
- }
-}
diff --git a/fast/stages/2-networking-e-nva-bgp/net-dev.tf b/fast/stages/2-networking-e-nva-bgp/net-dev.tf
index 92a4a21f7a..0387c74930 100644
--- a/fast/stages/2-networking-e-nva-bgp/net-dev.tf
+++ b/fast/stages/2-networking-e-nva-bgp/net-dev.tf
@@ -69,6 +69,9 @@ module "dev-spoke-vpc" {
project_id = module.dev-spoke-project.project_id
name = "dev-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/dev"
}
diff --git a/fast/stages/2-networking-e-nva-bgp/net-landing.tf b/fast/stages/2-networking-e-nva-bgp/net-landing.tf
index 4362a10c87..8225d30ea8 100644
--- a/fast/stages/2-networking-e-nva-bgp/net-landing.tf
+++ b/fast/stages/2-networking-e-nva-bgp/net-landing.tf
@@ -51,8 +51,8 @@ module "landing-untrusted-vpc" {
name = "prod-untrusted-landing-0"
mtu = 1500
dns_policy = {
- inbound = false
- logging = false
+ inbound = true
+ logging = var.dns.enable_logging
}
create_googleapis_routes = null
factories_config = {
diff --git a/fast/stages/2-networking-e-nva-bgp/net-prod.tf b/fast/stages/2-networking-e-nva-bgp/net-prod.tf
index b5bff393f8..3a1a9a373a 100644
--- a/fast/stages/2-networking-e-nva-bgp/net-prod.tf
+++ b/fast/stages/2-networking-e-nva-bgp/net-prod.tf
@@ -67,6 +67,9 @@ module "prod-spoke-vpc" {
project_id = module.prod-spoke-project.project_id
name = "prod-spoke-0"
mtu = 1500
+ dns_policy = {
+ logging = var.dns.enable_logging
+ }
factories_config = {
subnets_folder = "${var.factories_config.data_dir}/subnets/prod"
}
diff --git a/tests/fast/stages/s2_networking_a_peering/stage.yaml b/tests/fast/stages/s2_networking_a_peering/stage.yaml
index a6dad52d26..8d72580764 100644
--- a/tests/fast/stages/s2_networking_a_peering/stage.yaml
+++ b/tests/fast/stages/s2_networking_a_peering/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 29
- resources: 154
+ resources: 153
diff --git a/tests/fast/stages/s2_networking_b_vpn/stage.yaml b/tests/fast/stages/s2_networking_b_vpn/stage.yaml
index 712fe3ee4f..79a0e4167a 100644
--- a/tests/fast/stages/s2_networking_b_vpn/stage.yaml
+++ b/tests/fast/stages/s2_networking_b_vpn/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 31
- resources: 191
+ resources: 190
diff --git a/tests/fast/stages/s2_networking_c_nva/stage.yaml b/tests/fast/stages/s2_networking_c_nva/stage.yaml
index 8b78556772..1d2d9e033f 100644
--- a/tests/fast/stages/s2_networking_c_nva/stage.yaml
+++ b/tests/fast/stages/s2_networking_c_nva/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 43
- resources: 202
+ resources: 201
diff --git a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
index afc9acd5bb..eeb4d3bf77 100644
--- a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
+++ b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 37
- resources: 213
+ resources: 212