https://github.com/libre-devops/terraform-azurerm-private-endpoint
A module used to deploy an Azure private endpoint
https://github.com/libre-devops/terraform-azurerm-private-endpoint
Last synced: about 1 month ago
JSON representation
A module used to deploy an Azure private endpoint
- Host: GitHub
- URL: https://github.com/libre-devops/terraform-azurerm-private-endpoint
- Owner: libre-devops
- License: mit
- Created: 2023-04-07T13:01:32.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-05-14T14:51:21.000Z (2 months ago)
- Last Synced: 2025-05-14T15:51:03.528Z (2 months ago)
- Language: HCL
- Size: 45.9 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
```hcl
resource "azurerm_private_endpoint" "this" {
for_each = { for idx, pe in var.private_endpoints : idx => pe }
name = each.value.private_endpoint_name
location = each.value.location
resource_group_name = each.value.rg_name
subnet_id = each.value.subnet_id
custom_network_interface_name = each.value.custom_network_interface_name
tags = each.value.tags
dynamic "private_service_connection" {
for_each = each.value.private_service_connection != null ? [each.value.private_service_connection] : []
content {
name = private_service_connection.value.name == null ? "pvsvccon-${each.value.private_endpoint_name}" : null
is_manual_connection = private_service_connection.value.is_manual_connection
private_connection_resource_id = private_service_connection.value.private_connection_resource_id
private_connection_resource_alias = private_service_connection.value.private_connection_resource_alias
subresource_names = private_service_connection.value.subresource_names
request_message = private_service_connection.value.is_manual_connection == null && private_service_connection.value.request_message == null ? "This is a manual private endpoint connection for ${each.value.private_endpoint_name}" : private_service_connection.value.request_message
}
}
dynamic "private_dns_zone_group" {
for_each = each.value.private_dns_zone_group != null ? [each.value.private_dns_zone_group] : []
content {
name = private_dns_zone_group.value.name
private_dns_zone_ids = private_dns_zone_group.value.private_dns_zone_ids
}
}
dynamic "ip_configuration" {
for_each = each.value.ip_configuration != null ? [each.value.ip_configuration] : []
content {
name = ip_configuration.value.name
private_ip_address = ip_configuration.value.private_ip_address
subresource_name = ip_configuration.value.subresource_name
member_name = ip_configuration.value.member_name
}
}
}
resource "azurerm_application_security_group" "pep_asg" {
for_each = { for idx, pe in var.private_endpoints : idx => pe if pe.create_asg == true }
name = each.value.asg_name != null ? each.value.asg_name : "asg-${each.value.private_endpoint_name}"
location = azurerm_private_endpoint.this[each.key].location
resource_group_name = azurerm_private_endpoint.this[each.key].resource_group_name
tags = azurerm_private_endpoint.this[each.key].tags
}
resource "azurerm_private_endpoint_application_security_group_association" "pep_asg_association" {
for_each = { for idx, pe in var.private_endpoints : idx => pe if pe.create_asg == true && pe.create_asg_association == true }
private_endpoint_id = azurerm_private_endpoint.this[each.key].id
application_security_group_id = azurerm_application_security_group.pep_asg[each.key].id
}
```
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_application_security_group.pep_asg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_security_group) | resource |
| [azurerm_private_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint) | resource |
| [azurerm_private_endpoint_application_security_group_association.pep_asg_association](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint_application_security_group_association) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [private\_endpoints](#input\_private\_endpoints) | The databricks workspaces to create |
list(object({
private_endpoint_name = string
location = optional(string, "uksouth")
rg_name = string
subnet_id = string
custom_network_interface_name = optional(string, null)
tags = optional(map(string), {})
create_asg = optional(bool, false)
asg_name = optional(string)
create_asg_association = optional(bool, false)
private_service_connection = optional(object({
name = optional(string)
is_manual_connection = optional(bool, false)
private_connection_resource_id = optional(string)
private_connection_resource_alias = optional(string)
subresource_names = optional(list(string))
request_message = optional(string)
}))
private_dns_zone_group = optional(object({
name = optional(string)
private_dns_zone_ids = optional(list(string))
}))
ip_configuration = optional(object({
name = optional(string)
private_ip_address = optional(string)
subresource_name = optional(string)
member_name = optional(string)
}))
})) | n/a | yes |
| [subresource\_names](#input\_subresource\_names) | The sub resource names of private endpoints found at https://learn.microsoft.com/en-gb/azure/private-link/private-endpoint-overview#private-link-resource, not used, but provided for lookup option | `map(string)` | {
"Microsoft.Appconfiguration/configurationStores": "configurationStores",
"Microsoft.Attestation/attestationProviders": "standard",
"Microsoft.Authorization/resourceManagementPrivateLinks": "ResourceManagement",
"Microsoft.Automation/automationAccounts": "Webhook, DSCAndHybridWorker",
"Microsoft.AzureCosmosDB/databaseAccounts": "SQL, MongoDB, Cassandra, Gremlin, Table",
"Microsoft.Batch/batchAccounts": "batchAccount, nodeManagement",
"Microsoft.Cache/Redis": "redisCache",
"Microsoft.Cache/redisEnterprise": "redisEnterprise",
"Microsoft.CognitiveServices/accounts": "account",
"Microsoft.Compute/diskAccesses": "managed disk",
"Microsoft.ContainerRegistry/registries": "registry",
"Microsoft.ContainerService/managedClusters": "management",
"Microsoft.DBforMariaDB/servers": "mariadbServer",
"Microsoft.DBforMySQL/flexibleServers": "mysqlServer",
"Microsoft.DBforMySQL/servers": "mysqlServer",
"Microsoft.DBforPostgreSQL/flexibleServers": "postgresqlServer",
"Microsoft.DBforPostgreSQL/serverGroupsv2": "coordinator",
"Microsoft.DBforPostgreSQL/servers": "postgresqlServer",
"Microsoft.DataFactory/factories": "dataFactory",
"Microsoft.Databricks/workspaces": "databricks_ui_api, browser_authentication",
"Microsoft.DesktopVirtualization/hostpools": "connection",
"Microsoft.DesktopVirtualization/workspaces": "feed",
"Microsoft.DeviceUpdate/accounts": "DeviceUpdate",
"Microsoft.Devices/IotHubs": "iotHub",
"Microsoft.Devices/provisioningServices": "iotDps",
"Microsoft.DigitalTwins/digitalTwinsInstances": "API",
"Microsoft.DocumentDb/mongoClusters": "mongoCluster",
"Microsoft.EventGrid/domains": "domain",
"Microsoft.EventGrid/topics": "topic",
"Microsoft.EventHub/namespaces": "namespace",
"Microsoft.HDInsight/clusters": "cluster",
"Microsoft.HealthcareApis/services": "fhir",
"Microsoft.Insights/privatelinkscopes": "azuremonitor",
"Microsoft.IoTCentral/IoTApps": "IoTApps",
"Microsoft.KeyVault/vaults": "vault",
"Microsoft.Keyvault/managedHSMs": "HSM",
"Microsoft.Kusto/clusters": "cluster",
"Microsoft.MachineLearningServices/registries": "amlregistry",
"Microsoft.MachineLearningServices/workspaces": "amlworkspace",
"Microsoft.Media/mediaservices": "keydelivery, liveevent, streamingendpoint",
"Microsoft.Migrate/assessmentProjects": "project",
"Microsoft.Network/applicationgateways": "application gateway",
"Microsoft.Network/privateLinkServices": "empty",
"Microsoft.PowerBI/privateLinkServicesForPowerBI": "Power BI",
"Microsoft.Purview/accounts": "account, portal",
"Microsoft.RecoveryServices/vaults": "AzureBackup, AzureSiteRecovery",
"Microsoft.Relay/namespaces": "namespace",
"Microsoft.Search/searchServices": "searchService",
"Microsoft.ServiceBus/namespaces": "namespace",
"Microsoft.SignalRService/SignalR": "signalr",
"Microsoft.SignalRService/webPubSub": "webpubsub",
"Microsoft.Sql/managedInstances": "managedInstance",
"Microsoft.Sql/servers": "sqlServer",
"Microsoft.Storage/storageAccounts": "blob, blob_secondary, table, table_secondary, queue, queue_secondary, file, file_secondary, web, web_secondary, dfs, dfs_secondary",
"Microsoft.StorageSync/storageSyncServices": "File Sync Service",
"Microsoft.Synapse/privateLinkHubs": "web",
"Microsoft.Synapse/workspaces": "Sql, SqlOnDemand, Dev",
"Microsoft.Web/hostingEnvironments": "hosting environment",
"Microsoft.Web/sites": "sites",
"Microsoft.Web/staticSites": "staticSites"
} | no |
## Outputs
| Name | Description |
|------|-------------|
| [private\_endpoint\_custom\_network\_interface\_names](#output\_private\_endpoint\_custom\_network\_interface\_names) | The custom network interface names of the created Azure Private Endpoints. |
| [private\_endpoint\_ids](#output\_private\_endpoint\_ids) | The IDs of the created Azure Private Endpoints. |
| [private\_endpoint\_locations](#output\_private\_endpoint\_locations) | The locations of the created Azure Private Endpoints. |
| [private\_endpoint\_names](#output\_private\_endpoint\_names) | The names of the created Azure Private Endpoints. |
| [private\_endpoint\_rg\_names](#output\_private\_endpoint\_rg\_names) | The resource group names of the created Azure Private Endpoints. |
| [private\_endpoint\_subnet\_ids](#output\_private\_endpoint\_subnet\_ids) | The subnet IDs of the created Azure Private Endpoints. |
| [private\_endpoint\_tags](#output\_private\_endpoint\_tags) | The tags associated with the created Azure Private Endpoints. |