ARM template - storage account - add private endpoint to existing storage account
This is a kind of newbee question on ARM templates.
I'm trying to add a private endpoint to an existing ADLS v2 storage account.
The problem is that I don't have the existing code and if I export the template I may miss something, like networking and firewall information.
Any advice on how to add a private endpoint to an existing storage account using an ARM template?
Thanks.
I tried in my environmnt and got below results:
Add a private endpoint to an existing storage account using an ARM template?
Yes, you can create private endpoint for azure ADLS account using ARM template.
Template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"privateEndpoints_venkat345_name": {
"defaultValue": "venkat345",
"type": "String"
},
"storageAccounts_venkat326_externalid": {
"defaultValue": "/subscriptions/xxxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Storage/storageAccounts/venkat326",
"type": "String"
},
"virtualNetworks_imr_externalid": {
"defaultValue": "/subscriptions/xxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Network/virtualNetworks/venkat",
"type": "String"
},
"privateDnsZones_privatelink_blob_core_windows_net_externalid": {
"defaultValue": "/subscriptions/xxxxxxxxxxx/resourceGroups/v-venkat-rg/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2022-05-01",
"name": "[parameters('privateEndpoints_venkat345_name')]",
"location": "eastus",
"tags": {
"Reason": "Repro",
"CreatedDate": "1/24/2023 4:31:05 AM",
"CreatedBy": "NA",
"OwningTeam": "NA"
},
"properties": {
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpoints_venkat345_name')]",
"id": "[concat(resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_venkat345_name')), concat('/privateLinkServiceConnections/', parameters('privateEndpoints_venkat345_name')))]",
"properties": {
"privateLinkServiceId": "[parameters('storageAccounts_venkat326_externalid')]",
"groupIds": [
"blob"
],
"privateLinkServiceConnectionState": {
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
}
}
}
],
"manualPrivateLinkServiceConnections": [],
"customNetworkInterfaceName": "[concat(parameters('privateEndpoints_venkat345_name'), '-nic')]",
"subnet": {
"id": "[concat(parameters('virtualNetworks_venkat_externalid'), '/subnets/default')]"
},
"ipConfigurations": [],
"customDnsConfigs": []
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2022-05-01",
"name": "[concat(parameters('privateEndpoints_venkat345_name'), '/default')]",
"dependsOn": [
"[resourceId('Microsoft.Network/privateEndpoints', parameters('privateEndpoints_venkat345_name'))]"
],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "privatelink-blob-core-windows-net",
"properties": {
"privateDnsZoneId": "[parameters('privateDnsZones_privatelink_blob_core_windows_net_externalid')]"
}
}
]
}
}
]
}
You can deploy the template through the portal using custom Template deployment.
Portal -> Template deployments -> Custom deployments -> Build your own deployments.
Portal:
The above template deployed successfully, and it reflected in both in resource group and ADLS storage account.
Reference: Use private endpoints - Azure Storage | Microsoft Learn