Bicep IaC: Azure Database for PostgreSQL flexible server with private endpoint
I want to create an Azure Database for PostgreSQL flexible server which uses private endpoint with Bicep.
To do this in the portal i can select Public access (allowed IP addresses) and Private endpoint and deselect Allow public access to this resource through the internet using a public IP address in the networking tab.
But how can i do this in Bicep? I cannot set publicNetworkAccess to Disabled, because then i get the error, that i need to set a value for delegatedSubnetResourceId. So i can create the server with publicNetworkAccess set to Enable and create my private endpoint for the server. But now i cannot change the publicNetworkAccess to Disable because the The property "publicNetworkAccess" is read-only.
Deploy with publicNetworkAccess: 'Disabled'
Deploy with publicNetworkAccess: 'Enabled' and change to 'Disabled' after first deployment (which deployed private endpoint etc.)
Deploy with publicNetworkAccess: 'Disabled' Deploy with publicNetworkAccess: 'Enabled' and change to 'Disabled' after first deployment (which deployed private endpoint etc.)
Firstly, I have deployed a PostgreSQL server with publicNetworkAccess: 'Enabled' as shown below.
resource postgresqlServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' = {
name: 'serverlatest'
location: resourceGroup().location
sku: {
name: 'Standard_D4ds_v4'
tier: 'GeneralPurpose'
}
properties: {
version: '13'
storage: {
storageSizeGB: 32
}
administratorLogin: 'admin'
administratorLoginPassword: 'xxxx'
highAvailability: {
mode: 'Disabled'
}
backup: {
backupRetentionDays: 10
}
network: {
publicNetworkAccess: 'Enabled'
}
}
}
The command az postgres flexible-server later will be used to update the server configuration with publicNetworkAccess: 'Disabled' after the private link deployment is done with bicep.
Refer MS Doc for creating a private endpoint using bicep with the relevant subnets under a virtual network as shown below.
resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' = {
name: 'myVnet'
location: resourceGroup().location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
}
}
resource postgresqlServer 'Microsoft.DBforPostgreSQL/flexibleServers@2023-03-01-preview' existing = {
name: 'serverlatest'
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = {
parent: vnet
name: 'mySubnet'
properties: {
addressPrefix: '10.0.0.0/24'
privateEndpointNetworkPolicies: 'Disabled'
}
}
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-01-01' = {
name: 'xxx'
location: resourceGroup().location
properties: {
subnet: {
id: subnet.id
}
privateLinkServiceConnections: [
{
name: 'xxx'
properties: {
privateLinkServiceId: postgresqlServer.id
groupIds: [
'postgresqlServer'
]
requestMessage: 'xxx'
}
}
]
}
}
Output:
- How can I define compile time constants in bicep configuration language?
- Outlook calendar don't render with FullCalendar
- Azure functions decoding error for IotHub device connection state message schema
- How do I set scope in Azure API Manager (APIM) when using D_application_id
- How to mount multiple disks in a loop using ansible
- How can I get sub value in nested json via KQL?
- Azure .NET SDK: Scale Azure SQL databases through SDK
- How can I invoke Azure Trusted Signing from a Linux OS?
- How to transfer "Set Variable" activity output into Json file using "Copy Data" activity or any other options?
- Verify Microsoft Access token on my ASP.NET Core Web API
- I'm trying to install the package from a private Azure DevOps repository using the pip install command, but I'm encountering an error
- Unable to define the sites for an App Registration for SahrePoint with Site.Selected
- Check if the resource exists before using data
- Not able to see azure 'LifecyclePolicyCompleted event' log
- Direct Web Push gives Error when used from Notification Hub
- Azure Remove User Consent to API
- Flutter-Azure Deviops pipelineThe discrepancy between the number of tests reported as passed or failed in the pipeline output and the test report
- App_location on deployment of a static webapp
- MSINotEnabled - Can't use KeyVault Reference in Azure Function
- Reading values from a key value based file and passing these values to azure devops template
- Deleting an Azure Loadbalancer Frontend IP configuration from python?
- How to retrieve the front door id from a Microsoft CDN (classic)
- What is HEAD operation in CosmosDB reported in Azure Monitoring
- Deploying a Python App to Azure App Service with Github Actions
- How to Query User Access Logs for Azure Front Door
- How can I add email recipients to a Graph API request programmatically?
- How to create Azure Devops Service Connection Docker Registry Type Other
- Problem with CORS policy in React front end with FastAPI on the back trying to use Microsoft Single Sign-on
- Azure Document Intelligence Custom Classification Python API
- Azure Function App unaccounted for time in Application Insights Timeline