Hi,
i am really glad to see that Terraform has early support for the Private Link / Private Endpoint ressourcees that are currently in Preview.
With the fixes for azurerm_private_endpoint in provider version 1.39 i can successfully deploy this resource.
However the IP configuration for the created network interface is currently set to "dynamic" IP association.
Since Private Link is crucial for accessing Azure PaaS Service from an on-premise envitonment, i would like to have the ability to set the IP assignment to "static" and have the ability to specify the IP directly.
Potential Config for a Private Endpoint to a Storage Account:
resource "azurerm_private_endpoint" "my-sa-pe" {
name = "${replace(var.my_name,"-","")}_pe"
location = data.azurerm_resource_group.my-rg.location
resource_group_name = data.azurerm_resource_group.my-rg.name
private_service_connection {
name = "${replace(var.my_name,"-","")}_psc"
is_manual_connection = false
private_connection_resource_id = azurerm_storage_account.my-sa.id
subresource_names = ["blob"]
}
ip_configuration {
name = "my-ip-config"
subnet_id = data.azurerm_subnet.my-subnet.id
private_ip_address_allocation = "static"
private_ip_address = var.my-pe-ip
}
}
@steffencircle IIRC in order to do this you will need to use the azurerum_private_endpoint
in conjunction with the azurerm_private_link_service
Thx @WodansSon for your reply, but to my understanding azurerm_private_link_service
is for offering your "own" service via a private-link/endpoint for somebody else.
What we are doing is using azurerm_private_endpoint
in order to assign a private IP to an Azure PaaS (e.g. Storage account, Azure Database ...), so there is no own/custom service involved here.
So for this scenario (Azure PaaS via private_endpoint) we would like to be able to statically specify the IP that is used for the generated NIC.
As this IP does have some dependencies for us (DNS entry in on-prem DNS-servers, Firewall clearance,....), this would to the best (only) way to 100% control the IP that is assigned to it.
@steffencircle, thanks for your reply... looking into this very quickly it looks like they have exposed this functionality in their new 2019-11-01
API , when I implemented this resource with the 2019-09-01
version of the API I don't believe that wasn't an option IIRC... I will need to look into upgrading the API version to get this in.
Most helpful comment
@steffencircle, thanks for your reply... looking into this very quickly it looks like they have exposed this functionality in their new
2019-11-01
API , when I implemented this resource with the2019-09-01
version of the API I don't believe that wasn't an option IIRC... I will need to look into upgrading the API version to get this in.