Search code examples
c#azure-storagepulumi

ResourceNotFound error when creating Private Endpoint connection for Azure storage account

I'm trying to provision a Private Endpoint connection for my Azure Storage account based on this docs, but I'm receiving this error

  azure-native:storage:PrivateEndpointConnection (privateEndpointConnection):
    error: cannot check existence of resource '/subscriptions/my_sub_id/resourceGroups/my_resource_group_id /providers/Microsoft.Storage/storageAc
counts/my_storage_account_name/privateEndpointConnections/privateEndpointConnection': status code 400, {"error":{"code":"ResourceNotFound","message":"The Resource Microsoft.St
orage/storageAccounts/my_storage_account_name/privateEndpointConnections/privateEndpointConnection under resource group my_resource_group_id was not found."}}

This is my Pulumi stack code

var resourceGroup = new ResourceGroup(resourceGroupName, new ResourceGroupArgs
{
    ResourceGroupName = resourceGroupName,
});

var virtualNetwork = new VirtualNetwork("vnet", new VirtualNetworkArgs
{
    ResourceGroupName = resourceGroup.Name,
    Location = resourceGroup.Location,
    AddressSpace = new AddressSpaceArgs { AddressPrefixes = new [] { "10.96.0.0/16" } },
});

var publicSubnet = new Subnet("public-subnet", new Pulumi.AzureNative.Network.SubnetArgs
{
    ResourceGroupName = resourceGroup.Name,
    VirtualNetworkName = virtualNetwork.Name,
    AddressPrefix = "10.96.0.0/27",
    Delegations =
    {
        new DelegationArgs { Name = "Microsoft.Web.serverFarms", ServiceName = "Microsoft.Web/serverFarms" },
    }
});

var privateEndpointSubnet = new Subnet("private-endpoint-subnet", new Pulumi.AzureNative.Network.SubnetArgs
{
    ResourceGroupName = resourceGroup.Name,
    VirtualNetworkName = virtualNetwork.Name,
    AddressPrefix = "10.96.1.0/27",
    PrivateEndpointNetworkPolicies = VirtualNetworkPrivateEndpointNetworkPolicies.Disabled,
    PrivateLinkServiceNetworkPolicies = VirtualNetworkPrivateLinkServiceNetworkPolicies.Enabled,
});

var storageAccount = new StorageAccount("storageaccount", new StorageAccountArgs
{
    ResourceGroupName = resourceGroup.Name,
    Sku = new SkuArgs
    {
        Name = SkuName.Standard_LRS
    },
    NetworkRuleSet = new NetworkRuleSetArgs
    {
        Bypass = Bypass.AzureServices,
        DefaultAction = DefaultAction.Deny,
    },
    Kind = Kind.StorageV2
});

var privateEndpointConnection = new PrivateEndpointConnection("privateEndpointConnection", new PrivateEndpointConnectionArgs
{
    AccountName = storageAccount.Name,
    ResourceGroupName = resourceGroup.Name,
    PrivateLinkServiceConnectionState = new PrivateLinkServiceConnectionStateArgs
    {
        Description = "Auto-Approved",
        Status = "Approved",
        ActionRequired = "None"
    },
});

Can't figure out what I've missed, any help much appreciated.

Solution

  • This (azure-ts-webapp-privateendpoint-vnet-injection) Pulumi example helped me resolve my issue and I was able to use a private endpoint connection for my storage account

    var storageAccount = new StorageAccount("storageaccount", new StorageAccountArgs
{
    ResourceGroupName = resourceGroup.Name,
    Sku = new SkuArgs
    {
        Name = SkuName.Standard_LRS
    },
    Kind = Kind.StorageV2
});

var privateDnsZone = new PrivateZone("private-dns-zone", new PrivateZoneArgs
{
    ResourceGroupName = resourceGroup.Name,
    Location = "global",
    PrivateZoneName = "privatelink.azurewebsites.net",
});
var privateEndpoint = new PrivateEndpoint("account-storage-private-endpoint", new PrivateEndpointArgs
{
    ResourceGroupName = resourceGroup.Name,
    PrivateEndpointName = "account-storage-private-endpoint",
    PrivateLinkServiceConnections = 
    {
        new PrivateLinkServiceConnectionArgs
        {
            GroupIds = 
            {
                "blob",
            },
            Name = "private-link-connection",
            PrivateLinkServiceId = storageAccount.Id,
        },
    },
    Subnet = new SubnetArgs { Id = privateEndpointSubnet.Id, },
});
new PrivateDnsZoneGroup("private-dns-zone-group", new PrivateDnsZoneGroupArgs
{
    ResourceGroupName = resourceGroup.Name,
    PrivateDnsZoneGroupName = privateEndpoint.Name,
    PrivateEndpointName = privateEndpoint.Name,
    PrivateDnsZoneConfigs =
    {
        new PrivateDnsZoneConfigArgs
        {
            Name = "config",
            PrivateDnsZoneId = privateDnsZone.Id,
        }
    },
});
new VirtualNetworkLink("virtual-network-link", new VirtualNetworkLinkArgs
{
    ResourceGroupName = resourceGroup.Name,
    PrivateZoneName = privateDnsZone.Name,
    RegistrationEnabled = false,
    Location = "global",
    VirtualNetwork = new SubResourceArgs { Id = virtualNetwork.Id }
});