Using Private Endpoint in Azure Manage Disks with Terraform
--
In this story, we will learn how to enable Private Endpoint in Azure Manage Disks with Terraform.
A private endpoint is a special network interface for an Azure service in our VNet (Virtual Network).
We can use private endpoints to restrict the export and import of managed disks and access data more securely over a private link from clients on our Azure virtual network.
The private endpoint assigns an IP address from the virtual network address space to our Azure Managed Disks.
Network traffic between clients on their virtual network and managed disks only traverses over the virtual network and a private link on the Microsoft backbone network, eliminating exposure from the public internet.
To use a Private Link to export and import managed disks; first, we need to create a disk access resource and link it to a virtual network in the same subscription by creating a private endpoint. Then, associate a disk or a snapshot with a disk access instance.
1. Creation of Azure Managed Disks with a Private Endpoint
The process to create Azure Managed Disks with Private Endpoint requires several steps in this specific order:
- Resource Group Creation
- VNET Creation
- Subnet Creation
- Create a Private DNS zone
- Create Virtual Network Links
- Creation of the Disk Access Resource
- Creation of Manage Disk and Attach to the VM
- Creation of the Managed Disk Endpoint
- Creation of DNS A Record
- Configure the network access to the Azure Managed Disk
Note: If you have a hub-spoke design, you must have two set of credentials, one for your core subscription and one for your customer subscription as tasks 4, 5, 8 and 9 requires creating resources on your core subscription.
2. Prerequisites
Before writing our code, we will need an Azure SPN (Service Principal) to execute our Terraform code (check step 1 of this story if you need help…
