Skip to content

azurermPrivateLinkService

Manages a Private Link Service.

-> NOTE Private Link is now in GA.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
const azurermResourceGroupExample = new azurerm.resourceGroup.ResourceGroup(
  this,
  "example",
  {
    location: "West Europe",
    name: "example-resources",
  }
);
const azurermVirtualNetworkExample = new azurerm.virtualNetwork.VirtualNetwork(
  this,
  "example_1",
  {
    address_space: ["10.5.0.0/16"],
    location: azurermResourceGroupExample.location,
    name: "example-network",
    resource_group_name: azurermResourceGroupExample.name,
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermVirtualNetworkExample.overrideLogicalId("example");
const azurermPublicIpExample = new azurerm.publicIp.PublicIp(
  this,
  "example_2",
  {
    allocation_method: "Static",
    location: azurermResourceGroupExample.location,
    name: "example-api",
    resource_group_name: azurermResourceGroupExample.name,
    sku: "Standard",
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPublicIpExample.overrideLogicalId("example");
const azurermSubnetExample = new azurerm.subnet.Subnet(this, "example_3", {
  address_prefixes: ["10.5.1.0/24"],
  enforce_private_link_service_network_policies: true,
  name: "example-subnet",
  resource_group_name: azurermResourceGroupExample.name,
  virtual_network_name: azurermVirtualNetworkExample.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermSubnetExample.overrideLogicalId("example");
const azurermLbExample = new azurerm.lb.Lb(this, "example_4", {
  frontend_ip_configuration: [
    {
      name: azurermPublicIpExample.name,
      public_ip_address_id: azurermPublicIpExample.id,
    },
  ],
  location: azurermResourceGroupExample.location,
  name: "example-lb",
  resource_group_name: azurermResourceGroupExample.name,
  sku: "Standard",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermLbExample.overrideLogicalId("example");
const azurermPrivateLinkServiceExample =
  new azurerm.privateLinkService.PrivateLinkService(this, "example_5", {
    auto_approval_subscription_ids: ["00000000-0000-0000-0000-000000000000"],
    load_balancer_frontend_ip_configuration_ids: [
      `\${${azurermLbExample.frontendIpConfiguration}.0.id}`,
    ],
    location: azurermResourceGroupExample.location,
    name: "example-privatelink",
    nat_ip_configuration: [
      {
        name: "primary",
        primary: true,
        private_ip_address: "10.5.1.17",
        private_ip_address_version: "IPv4",
        subnet_id: azurermSubnetExample.id,
      },
      {
        name: "secondary",
        primary: false,
        private_ip_address: "10.5.1.18",
        private_ip_address_version: "IPv4",
        subnet_id: azurermSubnetExample.id,
      },
    ],
    resource_group_name: azurermResourceGroupExample.name,
    visibility_subscription_ids: ["00000000-0000-0000-0000-000000000000"],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermPrivateLinkServiceExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) Specifies the name of this Private Link Service. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the Resource Group where the Private Link Service should exist. Changing this forces a new resource to be created.

  • location - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

  • natIpConfiguration - (Required) One or more (up to 8) natIpConfiguration block as defined below.

  • loadBalancerFrontendIpConfigurationIds - (Required) A list of Frontend IP Configuration IDs from a Standard Load Balancer, where traffic from the Private Link Service should be routed. You can use Load Balancer Rules to direct this traffic to appropriate backend pools where your applications are running. Changing this forces a new resource to be created.

  • autoApprovalSubscriptionIds - (Optional) A list of Subscription UUID/GUID's that will be automatically be able to use this Private Link Service.

  • enableProxyProtocol - (Optional) Should the Private Link Service support the Proxy Protocol?

  • fqdns - (Optional) List of FQDNs allowed for the Private Link Service.

  • tags - (Optional) A mapping of tags to assign to the resource.

  • visibilitySubscriptionIds - (Optional) A list of Subscription UUID/GUID's that will be able to see this Private Link Service.

-> NOTE: If no Subscription IDs are specified then Azure allows every Subscription to see this Private Link Service.

The natIpConfiguration block supports the following:

  • name - (Required) Specifies the name which should be used for the NAT IP Configuration. Changing this forces a new resource to be created.

  • subnetId - (Required) Specifies the ID of the Subnet which should be used for the Private Link Service.

-> NOTE: Verify that the Subnet's enforcePrivateLinkServiceNetworkPolicies attribute is set to true.

  • primary - (Required) Is this is the Primary IP Configuration? Changing this forces a new resource to be created.

  • privateIpAddress - (Optional) Specifies a Private Static IP Address for this IP Configuration.

  • privateIpAddressVersion - (Optional) The version of the IP Protocol which should be used. At this time the only supported value is iPv4. Defaults to iPv4.

Attributes Reference

The following attributes are exported:

  • alias - A globally unique DNS Name for your Private Link Service. You can use this alias to request a connection to your Private Link Service.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 60 minutes) Used when creating the Private Link Service.
  • update - (Defaults to 60 minutes) Used when updating the Private Link Service.
  • read - (Defaults to 5 minutes) Used when retrieving the Private Link Service.
  • delete - (Defaults to 60 minutes) Used when deleting the Private Link Service.

Import

Private Link Services can be imported using the resourceId, e.g.

terraform import azurerm_private_link_service.example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/privateLinkServices/service1