A terraform plugin that provides read-only resources for DNS records.

mkdir -p $GOPATH/src/github.com/Shopify
cd $GOPATH/src/github.com/Shopify
git clone git@github.com:Shopify/terraform-provider-dns.git
cd terraform-provider-dns

# Make sure you have glide
go get -u github.com/Masterminds/glide

# Install dependencies
glide install

Build the binary:

go build $(realpath `which terraform`-provider-dns)

Copy/move the terraform-provider-dns binary to your terraform installation directory, (e.g., realpath \which terraform`, realpath -f ``which terraform``).

If you are using Atlas, you will need to compile for Linux amd64 and commit the binary to your terraform project's repository:

env GOOS=linux GOARCH=amd64 go build -o ~/my/tf-repo/terraform-provider-dns

The following example creates an AWS security group to restrict egress to https://example.com. The egress rule uses the IP addresses that resolved locally to example.com during the terraform plan.

resource "dns_a_record" "example" {
  name = "example.com"
  sort = true
}

resource "aws_security_group" "example" {
  name = "example.com"
  description = "Allow egress to https://example.com"

  egress {
    from_port = "443"
    to_port = "443"
    protocol = "tcp"
    cidr_blocks = [
      "${formatlist("%s/32", dns_a_record.example.addrs))}"
    ]
  }
}