I'm trying to simply deploy a Azure Storage account with a Private Endpoint using an ARM Template using Complete Deployment.
Template is below:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"allowSharedKeyAccess": {
"type": "bool"
},
"allowCrossTenantReplication": {
"type": "bool"
},
"defaultOAuth": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
},
"keySource": {
"type": "string"
},
"encryptionEnabled": {
"type": "bool"
},
"keyTypeForTableAndQueueEncryption": {
"type": "string"
},
"infrastructureEncryptionEnabled": {
"type": "bool"
},
"isContainerRestoreEnabled": {
"type": "bool"
},
"isBlobSoftDeleteEnabled": {
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"type": "int"
},
"isContainerSoftDeleteEnabled": {
"type": "bool"
},
"containerSoftDeleteRetentionDays": {
"type": "int"
},
"changeFeed": {
"type": "bool"
},
"isVersioningEnabled": {
"type": "bool"
},
"isShareSoftDeleteEnabled": {
"type": "bool"
},
"shareSoftDeleteRetentionDays": {
"type": "int"
},
"privateEndpointName": {
"type": "string"
},
"privateEndpointConnectionName": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-08-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
},
"encryption": {
"keySource": "[parameters('keySource')]",
"services": {
"blob": {
"enabled": "[parameters('encryptionEnabled')]"
},
"file": {
"enabled": "[parameters('encryptionEnabled')]"
},
"table": {
"enabled": "[parameters('encryptionEnabled')]"
},
"queue": {
"enabled": "[parameters('encryptionEnabled')]"
}
},
"requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
},
{
"apiVersion": "2021-05-01",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"privateLinkServiceConnections": [
{
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
"name": "[parameters('privateEndpointConnectionName')]",
"properties": {
"privateLinkServiceId": "/subscriptions/<subID>/resourcegroups/test-aue-storg-dev/providers/Microsoft.Storage/storageAccounts/testauesto01dev",
"groupIds": ["blob"]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "/subscriptions/<subID>/resourceGroups/vnet-aue-rg/providers/Microsoft.Network/virtualNetworks/test-vnet-dev/subnets/test-subnet"
}
}
}
],
"outputs": {}
}
The issue I am having is that the creation of a Private Endpoint automatically creates a NIC. Because this isn't specified in the original ARM template, with 'Complete' deployment, the deployment tries to delete this NIC after it is created. Does anyone know a way around this?
Thanks in advance,
CodePudding user response:
To achieve the above requirement First you have to register the feature AllowPrivateEndpointCustomNicName ,Once you register this you can create nic in the ARM TEMPLETE and attach it to the private endpoint customNetworkInterfaceName. To show the feature is registered or not you can use the below cmd
az feature show --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName
To register the feature you can use below:
az feature register --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName
Once the feature status showing as registered , use the below cmd to save the changes done to the provider.
az provider register -n Microsoft.Network
Once all the above steps are done you can use the below template :
TEMPLETE:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"allowSharedKeyAccess": {
"type": "bool"
},
"allowCrossTenantReplication": {
"type": "bool"
},
"defaultOAuth": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
},
"keySource": {
"type": "string"
},
"encryptionEnabled": {
"type": "bool"
},
"keyTypeForTableAndQueueEncryption": {
"type": "string"
},
"infrastructureEncryptionEnabled": {
"type": "bool"
},
"isContainerRestoreEnabled": {
"type": "bool"
},
"isBlobSoftDeleteEnabled": {
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"type": "int"
},
"isContainerSoftDeleteEnabled": {
"type": "bool"
},
"containerSoftDeleteRetentionDays": {
"type": "int"
},
"changeFeed": {
"type": "bool"
},
"isVersioningEnabled": {
"type": "bool"
},
"isShareSoftDeleteEnabled": {
"type": "bool"
},
"shareSoftDeleteRetentionDays": {
"type": "int"
},
"privateEndpointName": {
"type": "string"
},
"privateEndpointConnectionName": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2020-11-01",
"name": "ajaytestprivateendpoint-nic",
"location": "westus2",
"properties": {
"ipConfigurations": [
{
"name": "privateEndpointIpConfig.ajay",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','VNET NAME', 'subnet name')]"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"dnsSettings": {
"dnsServers": []
},
"enableAcceleratedNetworking": false,
"enableIPForwarding": false
}
},
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-08-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
},
"encryption": {
"keySource": "[parameters('keySource')]",
"services": {
"blob": {
"enabled": "[parameters('encryptionEnabled')]"
},
"file": {
"enabled": "[parameters('encryptionEnabled')]"
},
"table": {
"enabled": "[parameters('encryptionEnabled')]"
},
"queue": {
"enabled": "[parameters('encryptionEnabled')]"
}
},
"requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
},
{
"apiVersion": "2021-05-01",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]","[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]"
],
"properties": {
"customNetworkInterfaceName": "[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]",
"privateLinkServiceConnections": [
{
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
"name": "[parameters('privateEndpointConnectionName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"groupIds": ["blob"]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','vnetname', 'subnetname')]"
}
}
}
],
"outputs": {}
}