Skip to content

azurermPrivateEndpointApplicationSecurityGroupAssociation

Manages an association between Private Endpoint and Application Security Group.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
  features: [{}],
});
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-PEASGAsso",
  }
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_2",
  {
    address_space: ["10.5.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "examplevnet",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const dataAzurermSubscriptionCurrent =
  new azurerm.dataAzurermSubscription.DataAzurermSubscription(
    this,
    "current",
    {}
  );
const azurermApplicationSecurityGroupExample =
  new azurerm.applicationSecurityGroup.ApplicationSecurityGroup(
    this,
    "example_4",
    {
      location: azurermResourceGroupExample.location,
      name: "example",
      resource_group_name: azurermResourceGroupExample.name,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermApplicationSecurityGroupExample.overrideLogicalId("example");
const azurermPublicIpExample = new azurerm.publicIp.PublicIp(
  this,
  "example_5",
  {
    allocation_method: "Static",
    location: azurermResourceGroupExample.location,
    name: "examplepip",
    resource_group_name: azurermResourceGroupExample.name,
    sku: "Standard",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPublicIpExample.overrideLogicalId("example");
const azurermSubnetEndpoint = new azurerm.subnet.Subnet(this, "endpoint", {
  address_prefixes: ["10.5.2.0/24"],
  enforce_private_link_endpoint_network_policies: true,
  name: "examplenetendpoint",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_network_name: azurermVirtualNetworkExample.name,
});
const azurermSubnetService = new azurerm.subnet.Subnet(this, "service", {
  address_prefixes: ["10.5.1.0/24"],
  enforce_private_link_service_network_policies: true,
  name: "examplenetservice",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_network_name: azurermVirtualNetworkExample.name,
});
const azurermLbExample = new azurerm.lb.Lb(this, "example_8", {
  frontend_ip_configuration: [
    {
      name: azurermPublicIpExample.name,
      public_ip_address_id: azurermPublicIpExample.id,
    },
  ],
  location: azurermResourceGroupExample.location,
  name: "examplelb",
  resource_group_name: azurermResourceGroupExample.name,
  sku: "Standard",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLbExample.overrideLogicalId("example");
const azurermPrivateLinkServiceExample =
  new azurerm.privateLinkService.PrivateLinkService(this, "example_9", {
    auto_approval_subscription_ids: [
      dataAzurermSubscriptionCurrent.subscriptionId,
    ],
    load_balancer_frontend_ip_configuration_ids: [
      `\${${azurermLbExample.frontendIpConfiguration}.0.id}`,
    ],
    location: azurermResourceGroupExample.location,
    name: "examplePLS",
    nat_ip_configuration: [
      {
        name: "primaryIpConfiguration",
        primary: true,
        subnet_id: azurermSubnetService.id,
      },
    ],
    resource_group_name: azurermResourceGroupExample.name,
    visibility_subscription_ids: [
      dataAzurermSubscriptionCurrent.subscriptionId,
    ],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPrivateLinkServiceExample.overrideLogicalId("example");
const azurermPrivateEndpointExample =
  new azurerm.privateEndpoint.PrivateEndpoint(this, "example_10", {
    location: azurermResourceGroupExample.location,
    name: "example-privatelink",
    private_service_connection: [
      {
        is_manual_connection: false,
        name: azurermPrivateLinkServiceExample.name,
        private_connection_resource_id: azurermPrivateLinkServiceExample.id,
      },
    ],
    resource_group_name: azurermResourceGroupExample.name,
    subnet_id: azurermSubnetEndpoint.id,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPrivateEndpointExample.overrideLogicalId("example");
const azurermPrivateEndpointApplicationSecurityGroupAssociationExample =
  new azurerm.privateEndpointApplicationSecurityGroupAssociation.PrivateEndpointApplicationSecurityGroupAssociation(
    this,
    "example_11",
    {
      application_security_group_id: azurermApplicationSecurityGroupExample.id,
      private_endpoint_id: azurermPrivateEndpointExample.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPrivateEndpointApplicationSecurityGroupAssociationExample.overrideLogicalId(
  "example"
);

Argument Reference

The following arguments are supported:

  • applicationSecurityGroupId - (Required) The id of application security group to associate. Changing this forces a new resource to be created.

  • privateEndpointId - (Required) The id of private endpoint to associate. Changing this forces a new resource to be created.

Attributes Reference

The following attributes are exported:

  • id - The (Terraform specific) ID of the association between Private Endpoint and Application Security Group.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 30 minutes) Used when creating the association between Private Endpoint and Application Security Group.
  • read - (Defaults to 5 minutes) Used when retrieving the association between Private Endpoint and Application Security Group.
  • delete - (Defaults to 30 minutes) Used when deleting the association between Private Endpoint and Application Security Group.

Import

Associations between Private Endpoint and Application Security Group can be imported using the resourceId, e.g.

terraform import azurerm_private_endpoint_application_security_group_association.association1 "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/privateEndpoints/endpoints1|/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/applicationSecurityGroups/securityGroup1",

-> NOTE: This ID is specific to Terraform - and is of the format {privateEndpointId}|{applicationSecurityGroupId}.