Merge pull request #225023 from mumian/0124-ds-private-vm

prmerger-automator[bot] · web-flow · commit 33b7032f5335 · 2023-01-30T18:40:35.000Z
Deployment script: access private VMs
diff --git a/articles/azure-resource-manager/bicep/deployment-script-bicep.md b/articles/azure-resource-manager/bicep/deployment-script-bicep.md
@@ -5,7 +5,7 @@ services: azure-resource-manager
 author: mumian
 ms.service: azure-resource-manager
 ms.topic: conceptual
-ms.date: 01/18/2023
+ms.date: 01/25/2023
 ms.author: jgao
 ---
 
@@ -630,6 +630,10 @@ When you use Azure PowerShell deployment scripts, you can use the `Invoke-RestMe
 
 The identity that your deployment script uses needs to be authorized to work with the Microsoft Graph API, with the appropriate permissions for the operations it performs. You must authorize the identity outside of your Bicep file, such as by pre-creating a user-assigned managed identity and assigning it an app role for Microsoft Graph. For more information, [see this quickstart example](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-graph-azure-ad).
 
+## Access private virtual network
+
+The supporting resources including the container instance can't be deployed to a private virtual network. To access a private virtual network from your deployment script, you can create another virtual network with a publicly accessible virtual machine or a container instance, and create a peering from this virtual network to the private virtual network.
+
 ## Next steps
 
 In this article, you learned how to use deployment scripts. To walk through a Learn module:
diff --git a/articles/azure-resource-manager/templates/deployment-script-template.md b/articles/azure-resource-manager/templates/deployment-script-template.md
@@ -5,7 +5,7 @@ services: azure-resource-manager
 author: mumian
 ms.service: azure-resource-manager
 ms.topic: conceptual
-ms.date: 01/19/2022
+ms.date: 01/25/2022
 ms.author: jgao
 ms.custom: devx-track-azurepowershell
 ---
@@ -641,6 +641,10 @@ When you use Azure PowerShell deployment scripts, you can use the `Invoke-RestMe
 
 The identity that your deployment script uses needs to be authorized to work with the Microsoft Graph API, with the appropriate permissions for the operations it performs. You must authorize the identity outside of your template deployment, such as by pre-creating a user-assigned managed identity and assigning it an app role for Microsoft Graph. For more information, [see this quickstart example](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.resources/deployment-script-azcli-graph-azure-ad).
 
+## Access private virtual network
+
+The supporting resources including the container instance can't be deployed to a private virtual network. To access a private virtual network from your deployment script, you can create another virtual network with a publicly accessible virtual machine or a container instance, and create a peering from this virtual network to the private virtual network.
+
 ## Next steps
 
 In this article, you learned how to use deployment scripts. To walk through a deployment script tutorial:
