Skip to content

Commit 1ba9b51

Browse files
author
sivakami
committed
private endpoint.
1 parent 4efe64d commit 1ba9b51

File tree

1 file changed

+6
-20
lines changed

1 file changed

+6
-20
lines changed

.pipelines/swiftv2-long-running/scripts/create_pe.sh

Lines changed: 6 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -5,45 +5,31 @@ trap 'echo "[ERROR] Failed during Private Endpoint or DNS setup." >&2' ERR
55
SUBSCRIPTION_ID=$1
66
LOCATION=$2
77
RG=$3
8-
SA1_NAME=$4 # from previous script (storage account 1)
9-
SA2_NAME=$5 # from previous script (storage account 2)
8+
SA1_NAME=$4 # Storage account 1
109
VNET_A1="cx_vnet_a1"
11-
1210
SUBNET_PE_A1="pe"
1311
PE_NAME="${SA1_NAME}-pe"
1412
PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net"
1513
LINK_NAME="${VNET_A1}-link"
1614

15+
# 1. Create Private DNS zone
1716
echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE"
1817
az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \
1918
&& echo "[OK] DNS zone $PRIVATE_DNS_ZONE created."
2019

20+
# 2. Link DNS zone to VNet
2121
echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1"
22-
az network private-dns link-vnet create \
22+
az network private-dns link vnet create \
2323
-g "$RG" -n "$LINK_NAME" \
2424
--zone-name "$PRIVATE_DNS_ZONE" \
2525
--virtual-network "$VNET_A1" \
2626
--registration-enabled false --output none \
2727
&& echo "[OK] Linked DNS zone to $VNET_A1."
2828

29+
# 3. Create Private Endpoint
2930
echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME"
3031
SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv)
3132
az network private-endpoint create \
3233
-g "$RG" -n "$PE_NAME" -l "$LOCATION" \
3334
--vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \
34-
--private-connection-resource-id "$SA1_ID" \
35-
--group-id blob \
36-
--connection-name "${PE_NAME}-conn" \
37-
--output none \
38-
&& echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."
39-
40-
echo "==> Linking Private Endpoint to DNS zone"
41-
NIC_ID=$(az network private-endpoint show -g "$RG" -n "$PE_NAME" --query 'networkInterfaces[0].id' -o tsv)
42-
FQDN=$(az storage account show -g "$RG" -n "$SA1_NAME" --query 'primaryEndpoints.blob' -o tsv | sed 's#https://##; s#/##')
43-
PRIVATE_IP=$(az network nic show --ids "$NIC_ID" --query 'ipConfigurations[0].privateIpAddress' -o tsv)
44-
45-
az network private-dns record-set a add-record \
46-
-g "$RG" -z "$PRIVATE_DNS_ZONE" -n "$FQDN" -a "$PRIVATE_IP" --output none \
47-
&& echo "[OK] Added Private DNS record for $SA1_NAME$PRIVATE_IP"
48-
49-
echo "Private Endpoint setup complete for $SA1_NAME (accessible only within VNet A1)."
35+
--private-connection-resource-id "$SA1

0 commit comments

Comments
 (0)