update

Author: mumian

articles/azure-resource-manager/bicep/deployment-script-vnet-pe.md renamed to articles/azure-resource-manager/bicep/deployment-script-vnet-private-endpoint.md

@@ -3,32 +3,32 @@ title: Access a private virtual network from a Bicep deployment script
 description: Learn how to run and test Bicep deployment scripts in private networks.
 ms.custom: devx-track-bicep
 ms.topic: how-to
-ms.date: 12/13/2023
+ms.date: 06/04/2024
 ---
 
 # Run Bicep deployment script privately over a private endpoint
 
-With the `2023-08-01` API version of the `Microsoft.Resources/deploymentScripts` resource it is possible to run deployment scripts privately in an Azure Container Instance.
+With the [`Microsoft.Resources/deploymentScripts`](/azure/templates/microsoft.resources/deploymentscripts?pivots=deployment-language-bicep) resource API version `2023-08-01`, you can run deployment scripts privately within an Azure Container Instance (ACI).
 
-This means that the Azure Container Instance created by the deployment script resource is running in a virtual network and is assigned a private IP address. The Azure Container Instance connects to a new or existing storage account over a private endpoint.
+## Configure the environment
 
-The `2023-08-01` API version introduces the `subnetIds` property under `containerSettings` to specify that the Azure Container Instance must be deployed in a subnet in the virtual network.
+In this setup, the ACI created by deployment script runs within a virtual network and obtains a private IP address. It then establishes a connection to a new or pre-existing storage account via a private endpoint. The `containerSettings/subnetIds` property specifies the ACI that must be deployed in a subnet of the virtual network.
 
- :::image type="content" source="./media/deployment-script-vnet-pe/bicep-deployment-script-pe-design.png" alt-text="Screenshot of high-level architecture showing how the infrastructure is connected to run deployment scripts privately.":::
+:::image type="content" source="./media/deployment-script-vnet-private-endpoint/bicep-deployment-script-vnet-private-endpoint-diagram.jpg" alt-text="Screenshot of high-level architecture showing how the infrastructure is connected to run deployment scripts privately.":::
 
-To run deployment scripts privately you need the following infrastructure as seen in the architecture image above:
+To run deployment scripts privately you need the following infrastructure as seen in the architecture diagram:
 
 - Create a virtual network with two subnets:
-    - Subnet for private endpoint
-    - Subnet for Azure Container Instance, this subnet needs a `Microsoft.ContainerInstance/containerGroups` delegation.
+  - A subnet for the private endpoint. 
+  - A subnet for the ACI, this subnet needs a `Microsoft.ContainerInstance/containerGroups` delegation.
 - Create a storage account with public network access `disabled`
 - Create a private endpoint configured with the `file` sub-resource on the storage account
 - Create a private DNS zone `privatelink.file.core.windows.net` and register the private endpoint IP address as an A record. Link the private DNS zone to the created virtual network.
-- Create a user-assigned managed identity with `Storage File Data Privileged Contributor` permissions on the storage account and specify it in the `identity` property in the deployment script resource. To assign the identity, see [Identity](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/deployment-script-develop#identity).
+- Create a user-assigned managed identity with `Storage File Data Privileged Contributor` permissions on the storage account and specify it in the `identity` property in the deployment script resource. To assign the identity, see [Identity](/azure/azure-resource-manager/bicep/deployment-script-develop#identity).
 
-The Azure Container Instance is deployed implicitly by the deployment script resource.
+The ACI is deployed implicitly by the deployment script resource.
 
-The following Bicep template shows the Bicep code needed to configure the infrastructure required for running a deployment script privately:
+The following Bicep file configures the infrastructure required for running a deployment script privately:
 
 ```bicep
 @maxLength(10) // Required maximum length, because the storage account has a maximum of 26 characters
@@ -193,9 +193,7 @@ resource privateDeploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-
 }
 ```
 
-## Firewall
-
-The Azure Container Instance downloads container images from the Microsoft Container Registry. If you make use of a firewall whitelist the URL [mcr.microsoft.com](http://mcr.microsoft.com) to download the image successfully. If the container image cannot be downloaded it will go into a `waiting` state and will eventually throw a timeout error.
+The ACI downloads container images from the Microsoft Container Registry. If you use a firewall, whitelist the URL [mcr.microsoft.com](http://mcr.microsoft.com) to download the image. Failure to download the container image will result in the ACI entering a `waiting` state, eventually leading to a timeout error.
 
 ## Next steps
 

articles/azure-resource-manager/bicep/media/deployment-script-vnet-private-endpoint/bicep-deployment-script-vnet-private-endpoint-diagram.jpg

@@ -400,6 +400,9 @@
       - name: Access private virtual networks
         displayName: deployment script
         href: deployment-script-vnet.md
+      - name: Use over private Endpoint
+        displayName: deployment script
+        href: deployment-script-vnet-private-endpoint.md
       - name: Create script development environments
         displayName: deployment script
         href: deployment-script-bicep-configure-dev.md