terraform-ibm-modules · imprateeksh · Apr 15, 2025 · Apr 21, 2025 · Apr 21, 2025 · Apr 22, 2025
@@ -173,6 +173,7 @@ To attach access management tags to resources in this module, you need the follo
 | [ibm_resource_instance.dns_instance_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 | [time_sleep.wait_for_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [time_sleep.wait_for_vpc_creation_data](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [ibm_dns_custom_resolvers.existing_custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/dns_custom_resolvers) | data source |
 | [ibm_iam_account_settings.iam_account_settings](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/iam_account_settings) | data source |
 | [ibm_is_subnet.subnet](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_subnet) | data source |
 | [ibm_is_vpc.vpc](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source |
@@ -205,6 +206,7 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_enable_hub_vpc_id"></a> [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no |
 | <a name="input_enable_vpc_flow_logs"></a> [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Flag to enable vpc flow logs. If true, flow log collector will be created | `bool` | `false` | no |
 | <a name="input_existing_cos_instance_guid"></a> [existing\_cos\_instance\_guid](#input\_existing\_cos\_instance\_guid) | GUID of the COS instance to create Flow log collector | `string` | `null` | no |
+| <a name="input_existing_dns_custom_resolver_name"></a> [existing\_dns\_custom\_resolver\_name](#input\_existing\_dns\_custom\_resolver\_name) | The name of the existing DNS custom resolver instance. | `string` | `null` | no |
 | <a name="input_existing_dns_instance_id"></a> [existing\_dns\_instance\_id](#input\_existing\_dns\_instance\_id) | Id of an existing dns instance in which the custom resolver is created. Only relevant if enable\_hub is set to true. | `string` | `null` | no |
 | <a name="input_existing_storage_bucket_name"></a> [existing\_storage\_bucket\_name](#input\_existing\_storage\_bucket\_name) | Name of the COS bucket to collect VPC flow logs | `string` | `null` | no |
 | <a name="input_existing_subnets"></a> [existing\_subnets](#input\_existing\_subnets) | The detail of the existing subnets and required mappings to other resources. Required if 'create\_subnets' is false. | <pre>list(object({<br/>    id             = string<br/>    public_gateway = optional(bool, false)<br/>  }))</pre> | `[]` | no |
@@ -240,7 +242,7 @@ To attach access management tags to resources in this module, you need the follo
 | Name | Description |
 |------|-------------|
 | <a name="output_cidr_blocks"></a> [cidr\_blocks](#output\_cidr\_blocks) | List of CIDR blocks present in VPC stack |
-| <a name="output_custom_resolver_hub"></a> [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver created for the hub vpc. Only set if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. |
+| <a name="output_custom_resolver_hub"></a> [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver for the hub vpc. Only set if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. |
 | <a name="output_dns_custom_resolver_id"></a> [dns\_custom\_resolver\_id](#output\_dns\_custom\_resolver\_id) | The ID of the DNS Custom Resolver. |
 | <a name="output_dns_endpoint_gateways_by_crn"></a> [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. |
 | <a name="output_dns_endpoint_gateways_by_id"></a> [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. |

@@ -1,6 +1,7 @@
 # Hub and Spoke VPC Example
 
 This example demonstrates how to deploy hub and spoke VPCs, inclusive of enabling DNS-sharing. See [About DNS sharing for VPE gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-vpe-dns-sharing) and [hub and spoke communication](https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit1) for details.
+
 - The 2 VPCs are connected through a transit gateway.
 - The hub VPC is configured with a custom resolver.
 - The spoke VPC is configured with a delegated DNS resolver. DNS requests are resolved by the hub VPC.
@@ -9,9 +10,10 @@ This example demonstrates how to deploy hub and spoke VPCs, inclusive of enablin
 
 
 :exclamation: **Important**: Due to a limitation in the IBM Cloud terraform provider (1.59), there is a need to perform 2 applies as follows to end up with the desired topology:
+
 1. The first terraform apply lay down all of the topology, but does not configure the DNS resolver to delegated in the spoke
 2. The second terraform apply should have the update_delegated_resolver variable to true to configure the DNS resolver to be delegated ```terraform apply -var=update_delegated_resolver=true```
 
-In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit2
+In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see <https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit2>
 
 You may also be interested in the [Hub and Spoke VPC with manual DNS resolver Example](../hub-spoke-manual-resolver/) which does not exhibit those issues.
@@ -212,8 +212,17 @@ resource "ibm_resource_instance" "dns_instance_hub" {
   plan              = var.dns_plan
 }
 
+data "ibm_dns_custom_resolvers" "existing_custom_resolver_hub" {
+  count       = var.existing_dns_custom_resolver_name != null ? 1 : 0
+  instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid
+}
+
+locals {
+  existing_custom_resolver = var.existing_dns_custom_resolver_name != null ? [for resolver in data.ibm_dns_custom_resolvers.existing_custom_resolver_hub[0].custom_resolvers : resolver if resolver.name == var.existing_dns_custom_resolver_name][0] : null
+}
+
 resource "ibm_dns_custom_resolver" "custom_resolver_hub" {
-  count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0
+  count = var.enable_hub && !var.skip_custom_resolver_hub_creation && var.existing_dns_custom_resolver_name == null ? 1 : 0
 
   # Use var.dns_custom_resolver_name if not null, otherwise, use var.prefix and var.name combination.
   name = coalesce(

@@ -153,8 +153,8 @@ output "vpc_data" {
 ##############################################################################
 
 output "custom_resolver_hub" {
-  description = "The custom resolver created for the hub vpc. Only set if enable_hub is set and skip_custom_resolver_hub_creation is false."
-  value       = length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null
+  description = "The custom resolver for the hub vpc. Only set if enable_hub is set and skip_custom_resolver_hub_creation is false."
+  value       = var.existing_dns_custom_resolver_name != null ? local.existing_custom_resolver : length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null
 }
 
 output "dns_endpoint_gateways_by_id" {

@@ -76,6 +76,13 @@ variable "dns_custom_resolver_name" {
   default     = null
 }
 
+variable "existing_dns_custom_resolver_name" {
+  description = "The name of the existing DNS custom resolver instance."
+  type        = string
+  default     = null
+}
+
+
 variable "routing_table_name" {
   description = "The name to give the provisioned routing tables. If not set, the module generates a name based on the `prefix` and `name` variables."
   type        = string