I want to create an Azure Database for PostgreSQL flexible server which uses private endpoint with Bicep.
To do this in the portal i can select Public access (allowed IP addresses) and Private endpoint and deselect Allow public access to this resource through the internet using a public IP address in the networking tab.
But how can i do this in Bicep? I cannot set publicNetworkAccess to Disabled, because then i get the error, that i need to set a value for delegatedSubnetResourceId. So i can create the server with publicNetworkAccess set to Enable and create my private endpoint for the server. But now i cannot change the publicNetworkAccess to Disable because the The property "publicNetworkAccess" is read-only.
Deploy with publicNetworkAccess: 'Disabled'
Deploy with publicNetworkAccess: 'Enabled' and change to 'Disabled' after first deployment (which deployed private endpoint etc.)
Deploy with publicNetworkAccess: 'Disabled' Deploy with publicNetworkAccess: 'Enabled' and change to 'Disabled' after first deployment (which deployed private endpoint etc.)
Firstly, I have deployed a PostgreSQL server with publicNetworkAccess: 'Enabled'
as shown below.
resource postgresqlServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' = {
name: 'serverlatest'
location: resourceGroup().location
sku: {
name: 'Standard_D4ds_v4'
tier: 'GeneralPurpose'
}
properties: {
version: '13'
storage: {
storageSizeGB: 32
}
administratorLogin: 'admin'
administratorLoginPassword: 'xxxx'
highAvailability: {
mode: 'Disabled'
}
backup: {
backupRetentionDays: 10
}
network: {
publicNetworkAccess: 'Enabled'
}
}
}
The command az postgres flexible-server
later will be used to update the server configuration with publicNetworkAccess: 'Disabled'
after the private link deployment is done with bicep.
Refer MS Doc for creating a private endpoint using bicep with the relevant subnets under a virtual network as shown below.
resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' = {
name: 'myVnet'
location: resourceGroup().location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
}
}
resource postgresqlServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' existing = {
name: 'serverlatest'
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = {
parent: vnet
name: 'mySubnet'
properties: {
addressPrefix: '10.0.0.0/24'
privateEndpointNetworkPolicies: 'Disabled'
}
}
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-01-01' = {
name: 'xxx'
location: resourceGroup().location
properties: {
subnet: {
id: subnet.id
}
privateLinkServiceConnections: [
{
name: 'xxx'
properties: {
privateLinkServiceId: postgresqlServer.id
groupIds: [
'postgresqlServer'
]
requestMessage: 'xxx'
}
}
]
}
}
Output: