Terraform-provider-azurerm: Support for private_ip_address export from azurerm_private_endpoint resource
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
Export of (Computed) value, Private IP address for azurerm_private_endpoint resource.
Presently if you set up an azurerm_private_endpoint resource, you cannot get the IP address of that resource to feed into something else. For example, I'd like to update an A record within the private dns zone I've configured in azure once the resource is configured. At this point I must manually create that entry because the private_ip_address is not exported from the private endpoint resource.
New or Affected Resource(s)
azurerm_private_endpoint
Potential Terraform Configuration
### KeyVault with Private Link
### Read in the current user context for assignment of access policies
data "azurerm_client_config" "current" {}
resource "azurerm_key_vault" "sandbox" {
name = "${local.prefix}KV"
location = azurerm_resource_group.sandbox.location
resource_group_name = azurerm_resource_group.sandbox.name
enabled_for_disk_encryption = true
tenant_id = data.azurerm_client_config.current.tenant_id
soft_delete_enabled = true
purge_protection_enabled = false
sku_name = "standard"
access_policy {
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = data.azurerm_client_config.current.object_id
key_permissions = [
"get",
]
secret_permissions = [
"get",
]
storage_permissions = [
"get",
]
}
network_acls {
default_action = "Deny"
bypass = "AzureServices"
}
tags = local.common_tags
}
resource "azurerm_private_endpoint" "sandbox_kv" {
name = azurerm_key_vault.sandbox.name
location = azurerm_resource_group.sandbox.location
resource_group_name = azurerm_resource_group.sandbox.name
subnet_id = azurerm_subnet.sandbox["PrivateLink"].id
private_service_connection {
name = azurerm_key_vault.sandbox.name
private_connection_resource_id = azurerm_key_vault.sandbox.id
is_manual_connection = false
subresource_names = ["Vault"]
}
}
resource "azurerm_private_dns_a_record" "sandbox_kv" {
name = azurerm_key_vault.sandbox.name
zone_name = azurerm_private_dns_zone.privatelink["KV"].name
resource_group_name = azurerm_resource_group.sandbox.name
ttl = 300
records = [azurerm_private_endpoint.sandbox_kv.private_ip_address]
}
output kv_private_ip {
value = azurerm_private_endpoint.sandbox_kv.private_ip_address
}
### END KeyVault with Private Link
johnwildes
All 7 comments
Hey,
i believe this has already been addressed in the 2.1.0 release of the provider via https://github.com/terraform-providers/terraform-provider-azurerm/issues/5838
steffencircle
on 17 Mar 2020
Hello,
I need this to be updated to return the list of IP addresses.
when creating a PE for an azure container registry it creates 2 IP addresses
one for the default address example: myregistry.azurecr.io (10.0.1.8)
the other for the data address example: myregistry.eastus2.data.azurecr.io (10.0.1.9)
for more info
https://docs.microsoft.com/en-us/azure/container-registry/container-registry-private-link#set-up-private-link---cli
Happy to help with a PR for the fix.
mozts2005
on 20 Mar 2020
@steffencircle I'm using the most recent provider, and there is no export of the private_ip_address that I can put into an output block to consume elsewhere in my TF code. That's what I need. I want to create A records in private DNS zones from the output of the IP address of the private_endpoint resource.
Even the documentation for the resource shows the only Attribute that is output is the ID.
johnwildes
on 23 Mar 2020
There are these other issues that speak to the same problem. Having a computed attribute that is not exported doesn't help. Unless someone can tell me how to look up that computed attribute and use it during deployment time of another resource?
https://github.com/terraform-providers/terraform-provider-azurerm/pull/5838
https://github.com/terraform-providers/terraform-provider-azurerm/issues/5622
https://github.com/terraform-providers/terraform-provider-azurerm/issues/5208
johnwildes
on 23 Mar 2020
@johnwildes , I just ran into this as well, but got it figured out.
The correct syntax to get the ip out is:
resource "azurerm_private_endpoint" "sql_endpoint" {
name = "my_endpoint"
...
private_service_connection {
name = "my_service_connection"
...
}
}
// To retrieve it:
[azurerm_private_endpoint.sql_endpoint.private_service_connection[0].private_ip_address]
elongstreet88
on 24 Mar 2020
@elongstreet88 I'll give that a shot.
UPDATE: It works perfectly, I'm going to close this ticket. Do we know if anyone has submitted a PR to update the documentation on this?
johnwildes
on 25 Mar 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 25 Apr 2020
Related issues
mooperd
·
48Comments
pindey
·
35Comments
mjyeaney
·
34Comments
josh-barker
·
73Comments
matthid
·
42Comments
Most helpful comment
@johnwildes , I just ran into this as well, but got it figured out.
The correct syntax to get the ip out is: