azureterraformdnsazure-data-factory
Issue Terraform to deploy azurerm_data_factory_managed_private_endpoint for a azure data factory with fqdns
I have an issue with the deployment of a azure data factory with a azurerm_data_factory_managed_private_endpoint, in this managed private endpoint I am setting the parameter fqdns:
resource "azurerm_data_factory_managed_private_endpoint" "adfmpe" {
count = var.adfmpe_name != null ? 1 : 0
name = "adfm_private_endpoint"
data_factory_id = azurerm_data_factory.adf.id
target_resource_id = "/subscriptions/<subscription_id>/resourceGroups/<rsg_name>/providers/Microsoft.Storage/storageAccounts/storagetestadf"
subresource_name = "blob
fqdns = ["storagetestadf.blob.core.windows.net"]
}
and the error is:
Error: fqdns should not be specified for the target resource: "/subscriptions/<subscription_id>/resourceGroups/<rsg_name>/providers/Microsoft.Storage/storageAccounts/storagetestadf"
How I can fix it???
thanks
Solution
According to this Terraform Document Target resource id is the ID of the Private Link resource. I used below code to deploy ADF with managed private endpoint, The managed Private endpoint was enabled successfully. But to add the Private Link resource and fqdn you need to create Private Link service along with ADF.
Private endpoint code referred from this SO thread
My main.tf code:-
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.61.0"
}
}
}
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
resource "azurerm_resource_group" "example" {
name = "example-silicon"
location = "West Europe"
}
resource "azurerm_data_factory" "example" {
name = "exa-siliconadf"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
managed_virtual_network_enabled = true
depends_on = [ azurerm_resource_group.example ]
}
resource "azurerm_virtual_network" "example" {
name = "siliconexa-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "siliconstrg-exa-subnet"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
# enforce_private_link_endpoint_network_policies = false
# // enforce_private_link_service_network_policies = false
# // service_endpoints = ["Microsoft.Storage"]
}
resource "azurerm_storage_account" "example" {
name = "examsilicon3"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_kind = "StorageV2"
account_tier = "Standard"
account_replication_type = "LRS"
depends_on = [ azurerm_resource_group.example ]
}
resource "azurerm_private_endpoint" "example" {
name = "valley-endpoint65"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
subnet_id = azurerm_subnet.example.id
private_service_connection {
name = "valley-privatesconn"
private_connection_resource_id = azurerm_storage_account.example.id
subresource_names = ["blob"]
is_manual_connection = false
}
private_dns_zone_group {
name = "valleydnsgrp5"
private_dns_zone_ids = [azurerm_private_dns_zone.example.id]
}
}
resource "azurerm_private_dns_zone" "example" {
name = "valleylink.blob.core.windows.net"
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "example" {
name = "valley-dns45"
resource_group_name = azurerm_resource_group.example.name
private_dns_zone_name = azurerm_private_dns_zone.example.name
virtual_network_id = azurerm_virtual_network.example.id
}
resource "azurerm_data_factory_managed_private_endpoint" "example" {
name = "exam-siliconpre"
data_factory_id = azurerm_data_factory.example.id
target_resource_id = "Private-link-resource-id"
fqdns = ["test.mysql.database.azure.com", "examsilicon3.blob.core.windows.net"]
depends_on = [ azurerm_data_factory.example ]
}
I created Private Link resource by adding fqdn inside it with the code below, Reference :-
main.tf:-
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=3.61.0"
}
}
}
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
}
}
resource "azurerm_resource_group" "example" {
name = "v-siliconrg5"
location = "West Europe"
}
resource "azurerm_virtual_network" "example" {
name = "v-vnet5"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
address_space = ["10.5.0.0/16"]
}
resource "azurerm_subnet" "example" {
name = "v-subnet5"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.5.1.0/24"]
enforce_private_link_service_network_policies = true
}
resource "azurerm_public_ip" "example" {
name = "v-siliconpubip"
sku = "Standard"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
allocation_method = "Static"
}
resource "azurerm_lb" "example" {
name = "v-lbsilicon3"
sku = "Standard"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
frontend_ip_configuration {
name = azurerm_public_ip.example.name
public_ip_address_id = azurerm_public_ip.example.id
}
}
resource "azurerm_private_link_service" "example" {
name = "ex-siliconps"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
auto_approval_subscription_ids = ["00000000-0000-0000-0000-000000000000"]
visibility_subscription_ids = ["00000000-0000-0000-0000-000000000000"]
load_balancer_frontend_ip_configuration_ids = [azurerm_lb.example.frontend_ip_configuration.0.id]
fqdns = ["examsilicon3.blob.core.windows.net", "bhargava.mysql.database.azure.com"]
nat_ip_configuration {
name = "primary"
private_ip_address = "10.5.1.17"
private_ip_address_version = "IPv4"
subnet_id = azurerm_subnet.example.id
primary = true
}
nat_ip_configuration {
name = "secondary"
private_ip_address = "10.5.1.18"
private_ip_address_version = "IPv4"
subnet_id = azurerm_subnet.example.id
primary = false
}
}
resource "azurerm_data_factory" "example" {
name = "valleysiliconadf"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
managed_virtual_network_enabled = true
depends_on = [ azurerm_resource_group.example ]
}
resource "azurerm_storage_account" "example" {
name = "examsilicon78"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_kind = "StorageV2"
account_tier = "Standard"
account_replication_type = "LRS"
depends_on = [ azurerm_resource_group.example ]
}
resource "azurerm_private_endpoint" "example" {
name = "example-endpoint"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
subnet_id = azurerm_subnet.example.id
private_service_connection {
name = "example-privateserviceconnection"
private_connection_resource_id = azurerm_storage_account.example.id
is_manual_connection = false
}
private_dns_zone_group {
name = "example-dns-zone-group"
private_dns_zone_ids = [azurerm_private_dns_zone.example.id]
}
}
resource "azurerm_private_dns_zone" "example" {
name = "privatelink.blob.core.windows.net"
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "example" {
name = "example-link"
resource_group_name = azurerm_resource_group.example.name
private_dns_zone_name = azurerm_private_dns_zone.example.name
virtual_network_id = azurerm_virtual_network.example.id
}
resource "azurerm_data_factory_managed_private_endpoint" "example" {
name = "esililiconpre"
data_factory_id = azurerm_data_factory.example.id
target_resource_id = azure-privatelink-resource-id
fqdns = ["bhargava.mysql.database.azure.com", "examsilicon3.blob.core.windows.net"]
depends_on = [ azurerm_data_factory.example ]
}
Output:-
Managed Private endpoint got enabled for the Datafactory:-
The Private Link Service expects, FQDN and target resource type as Private Link resource or its ID if entered manually, Refer below:-
Create private endpoint for storage account like below:-
- What is a difference between elastic computing and serverless computing?
- Access Sharepoint Online Files from .NET Worker Service via Microsoft Graph/OAuth - Unauthorized or Access Denied error (401)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?
- Update VCore by database in power shell
- While scanning a simple key, could not find expected ':'. Syntax error in azure-pipeline.yaml
- I'm not able to call the Azure document intelligence api using the latest api version "2024-02-29-preview"
- AzureWebJobsStorage Managed Identity not working
- Get-RemoteDomain in powershell exchange online error : The term 'Get-RemoteDomain' is not recognized as the name of a cmdlet
- How can I Get Started Using Certificates to Authenticate my APIs Using Azure Key Vault?
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How to set up a site-to-site connection between Azure VNet and an on-premises network with a single IP address for traffic selectors?
- Summarization of docx or pdf document
- Unable to use Azure Developer CLI (azd) in vsCode even after extensions installed
- How to configure backend application on Container Apps
- WebJob is stopping due to website shutting down
- Azure SQL trigger for Functions configuration problem
- Does azure blob storage support http2?
- Azure Pronunciation Assessment Could not deserialize speech context error
- Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
- How do I Parse FormData containing a audio file in AZ function app in 2025
- Not able to delete Public IP address in azure
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- Azure Storage accounts container public access level has dissabled
- Issue with adding delegated Graph API permission to Enterprise app with Terraform
- Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
- Problem with Azure Email Communication Service Custom Domain
- How to refresh client assertion in ConfidentialClientApplication?
- Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
- Invalid operands found for operator -eq
- nginx - php-fpm - azure container app returns truncated pages