Home > Software design >  ARM template - storage account - add private endpoint to existing storage account
ARM template - storage account - add private endpoint to existing storage account

Time:01-26

This is a kind of newbee question on ARM templates.

I'm trying to add a private endpoint to an existing ADLS v2 storage account.

The problem is that I don't have the existing code and if I export the template I may miss something, like networking and firewall information.

Any advice on how to add a private endpoint to an existing storage account using an ARM template?

Thanks.

CodePudding user response:

I tried in my environmnt and got below results:

Add a private endpoint to an existing storage account using an ARM template?

Yes, you can create private endpoint for azure ADLS account using ARM template.

Template:

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "privateEndpoints_venkat345_name": {
            "defaultValue": "venkat345",
            "type": "String"
        },
        "storageAccounts_venkat326_externalid": {
            "defaultValue": "/subscriptions/xxxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Storage/storageAccounts/venkat326",
            "type": "String"
        },
        "virtualNetworks_imr_externalid": {
            "defaultValue": "/subscriptions/xxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Network/virtualNetworks/venkat",
            "type": "String"
        },
        "privateDnsZones_privatelink_blob_core_windows_net_externalid": {
            "defaultValue": "/subscriptions/xxxxxxxxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net",
            "type": "String"
        }
    },
    "variables": {},
    "resources": [
        {
            "type": "Microsoft.Network/privateEndpoints",
            "apiVersion": "2022-05-01",
            "name": "[parameters('privateEndpoints_venkat345_name')]",
            "location": "eastus",
            "tags": {
                "Reason": "Repro",
                "CreatedDate": "1/24/2023 4:31:05 AM",
                "CreatedBy": "NA",
                "OwningTeam": "NA"
            },
            "properties": {
                "privateLinkServiceConnections": [
                    {
                        "name": "[parameters('privateEndpoints_venkat345_name')]",
                        "id": "[concat(resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_venkat345_name')), concat('/privateLinkServiceConnections/', parameters('privateEndpoints_venkat345_name')))]",
                        "properties": {
                            "privateLinkServiceId": "[parameters('storageAccounts_venkat326_externalid')]",
                            "groupIds": [
                                "blob"
                            ],
                            "privateLinkServiceConnectionState": {
                                "status": "Approved",
                                "description": "Auto-Approved",
                                "actionsRequired": "None"
                            }
                        }
                    }
                ],
                "manualPrivateLinkServiceConnections": [],
                "customNetworkInterfaceName": "[concat(parameters('privateEndpoints_venkat345_name'), '-nic')]",
                "subnet": {
                    "id": "[concat(parameters('virtualNetworks_venkat_externalid'), '/subnets/default')]"
                },
                "ipConfigurations": [],
                "customDnsConfigs": []
            }
        },
        {
            "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
            "apiVersion": "2022-05-01",
            "name": "[concat(parameters('privateEndpoints_venkat345_name'), '/default')]",
            "dependsOn": [
                "[resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_venkat345_name'))]"
            ],
            "properties": {
                "privateDnsZoneConfigs": [
                    {
                        "name": "privatelink-blob-core-windows-net",
                        "properties": {
                            "privateDnsZoneId": "[parameters('privateDnsZones_privatelink_blob_core_windows_net_externalid')]"
                        }
                    }
                ]
            }
        }
    ]
}
 

You can deploy the template through the portal using custom Template deployment.

Portal -> Template deployments -> Custom deployments -> Build your own deployments.

Portal:

The above template deployed successfully, and it reflected in both in resource group and ADLS storage account.

enter image description here

enter image description here

Reference: Use private endpoints - Azure Storage | Microsoft Learn

  • Related