|
| 1 | +--- |
| 2 | +title: Approve private link connections across subscriptions |
| 3 | +titleSuffix: Azure Private Link |
| 4 | +description: Get started learning how to approve and manage private link connections across subscriptions with Azure Private Link. |
| 5 | +author: asudbring |
| 6 | +ms.author: allensu |
| 7 | +ms.service: private-link |
| 8 | +ms.topic: how-to |
| 9 | +ms.date: 01/11/2024 |
| 10 | +#customer intent: As a Network Administrator, I want the approve private link connections across Azure subscriptions. |
| 11 | + |
| 12 | +--- |
| 13 | + |
| 14 | +# Approve private link connections across subscriptions |
| 15 | + |
| 16 | +Azure Private Link enables you to connect privately to Azure resources. Private Link connections are scoped to a specific subscription. This article shows you how to approve a private endpoint connection across subscriptions. |
| 17 | + |
| 18 | +## Prerequisites |
| 19 | + |
| 20 | +- Two active Azure subscriptions. |
| 21 | + |
| 22 | + - One subscription hosts the Azure resource and the other subscription contains the consumer private endpoint and virtual network. |
| 23 | + |
| 24 | +- An administrator account for each subscription or an account with permissions in each subscription to create and manage resources. |
| 25 | + |
| 26 | +Resources used in this article: |
| 27 | + |
| 28 | +| Resource | Subscription | Resource group | Location | |
| 29 | +| --- | --- | --- | --- | |
| 30 | +| **storage1** *(This name is unique, replace with the name you create)* | subscription-1 | test-rg | East US 2 | |
| 31 | +| **vnet-1** | subscription-2 | test-rg | East US 2 | |
| 32 | +| **private-endpoint** | subscription-2 | test-rg | East US 2 | |
| 33 | + |
| 34 | +## Sign in to subscription-1 |
| 35 | + |
| 36 | +Sign in to **subscription-1** in the [Azure portal](https://portal.azure.com). |
| 37 | + |
| 38 | +## Create a resource group |
| 39 | + |
| 40 | +1. In the search box at the top of the portal, enter **Resource group**. Select **Resource groups** in the search results. |
| 41 | + |
| 42 | +1. Select **+ Create**. |
| 43 | + |
| 44 | +1. In the **Basics** tab of **Create a resource group**, enter or select the following information: |
| 45 | + |
| 46 | + | Setting | Value | |
| 47 | + | ------- | ----- | |
| 48 | + | **Project details** | | |
| 49 | + | Subscription | Select **subscription-1**. | |
| 50 | + | Resource group | Enter **test-rg**. | |
| 51 | + | Region | Select **East US 2**. | |
| 52 | + |
| 53 | +1. Select **Review + Create**. |
| 54 | + |
| 55 | +1. Select **Create**. |
| 56 | + |
| 57 | +[!INCLUDE [create-storage-account.md](../../includes/create-storage-account.md)] |
| 58 | + |
| 59 | +## Obtain storage account resource ID |
| 60 | + |
| 61 | +You need the storage account resource ID to create the private endpoint connection in **subscription-2**. Use the following steps to obtain the storage account resource ID. |
| 62 | + |
| 63 | +1. In the search box at the top of the portal, enter **Storage account**. Select **Storage accounts** in the search results. |
| 64 | + |
| 65 | +1. Select **storage1** or the name of your existing storage account. |
| 66 | + |
| 67 | +1. In **Settings**, select **Endpoints**. |
| 68 | + |
| 69 | +1. Copy the entry in **Storage account resource ID**. |
| 70 | + |
| 71 | +## Sign in to subscription-2 |
| 72 | + |
| 73 | +Sign in to **subscription-2** in the [Azure portal](https://portal.azure.com). |
| 74 | + |
| 75 | +## Register the `Microsoft.Storage` resource provider |
| 76 | + |
| 77 | +For the private endpoint connection to complete successfully, the Microsoft.Storage resource provider must be registered in **subscription-2**. Use the following steps to register the resource provider. If the `Microsoft.Storage` resource provider is already registered, skip this step. |
| 78 | + |
| 79 | +> [!IMPORTANT] |
| 80 | +> If you're using a different resource type, you must register the resource provider for that resource type if it's not already registered. |
| 81 | +
|
| 82 | +1. In the search box at the top of the portal, enter **Subscription**. Select **Subscriptions** in the search results. |
| 83 | + |
| 84 | +1. Select **subscription-2**. |
| 85 | + |
| 86 | +1. In **Settings**, select **Resource providers**. |
| 87 | + |
| 88 | +1. In the **Resource providers** filter box, enter **Microsoft.Storage**. Select **Microsoft.Storage**. |
| 89 | + |
| 90 | +1. Select **Register**. |
| 91 | + |
| 92 | +[!INCLUDE [virtual-network-create.md](../../includes/virtual-network-create.md)] |
| 93 | + |
| 94 | +## Create private endpoint |
| 95 | + |
| 96 | +1. In the search box at the top of the portal, enter **Private endpoint**. Select **Private endpoints**. |
| 97 | + |
| 98 | +1. Select **+ Create** in **Private endpoints**. |
| 99 | + |
| 100 | +1. In the **Basics** tab of **Create a private endpoint**, enter or select the following information: |
| 101 | + |
| 102 | + | Setting | Value | |
| 103 | + | ------- | ----- | |
| 104 | + | **Project details** | | |
| 105 | + | Subscription | Select **subscription-2**. | |
| 106 | + | Resource group | Select **test-rg** | |
| 107 | + | **Instance details** | | |
| 108 | + | Name | Enter **private-endpoint**. | |
| 109 | + | Network Interface Name | Leave the default of **private-endpoint-nic**. | |
| 110 | + | Region | Select **East US 2**. | |
| 111 | + |
| 112 | +1. Select **Next: Resource**. |
| 113 | + |
| 114 | +1. Select **Connect to an Azure resource by resource ID or alias**. |
| 115 | + |
| 116 | +1. In **Resource ID or alias**, paste the storage account resource ID that you copied earlier. |
| 117 | + |
| 118 | +1. In **Target sub-resource**, enter **blob**. |
| 119 | + |
| 120 | +1. Select **Next: Virtual Network**. |
| 121 | + |
| 122 | +1. In **Virtual Network**, enter or select the following information: |
| 123 | + |
| 124 | + | Setting | Value | |
| 125 | + | ------- | ----- | |
| 126 | + | **Networking** | | |
| 127 | + | Virtual network | Select **vnet-1 (test-rg)**. | |
| 128 | + | Subnet | Select **subnet-1**. | |
| 129 | + |
| 130 | +1. Select **Next: DNS**. |
| 131 | + |
| 132 | +1. Select **Next: Tags**. |
| 133 | + |
| 134 | +1. Select **Review + Create**. |
| 135 | + |
| 136 | +1. Select **Create**. |
| 137 | + |
| 138 | +## Approve private endpoint connection |
| 139 | + |
| 140 | +The private endpoint connection is in a **Pending** state until approved. Use the following steps to approve the private endpoint connection in **subscription-1**. |
| 141 | + |
| 142 | +1. In the search box at the top of the portal, enter **Private endpoint**. Select **Private endpoints**. |
| 143 | + |
| 144 | +1. Select **Pending connections**. |
| 145 | + |
| 146 | +1. Select the box next to your storage account in **subscription-1**. |
| 147 | + |
| 148 | +1. Select **Approve**. |
| 149 | + |
| 150 | +1. Select **Yes** in **Approve connection**. |
| 151 | + |
| 152 | +## Next steps |
| 153 | + |
| 154 | +In this article, you learned how to approve a private endpoint connection across subscriptions. To learn more about Azure Private Link, continue to the following articles: |
| 155 | + |
| 156 | +- [Azure Private Link overview](private-link-overview.md) |
| 157 | + |
| 158 | +- [Azure Private endpoint overview](private-endpoint-overview.md) |
0 commit comments