import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages a Private Endpoint. * * Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. The service could be an Azure service such as Azure Storage, SQL, etc. or your own Private Link Service. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", { * name: "example-network", * addressSpaces: ["10.0.0.0/16"], * location: example.location, * resourceGroupName: example.name, * }); * const service = new azure.network.Subnet("service", { * name: "service", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.1.0/24"], * enforcePrivateLinkServiceNetworkPolicies: true, * }); * const endpoint = new azure.network.Subnet("endpoint", { * name: "endpoint", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.2.0/24"], * enforcePrivateLinkEndpointNetworkPolicies: true, * }); * const examplePublicIp = new azure.network.PublicIp("example", { * name: "example-pip", * sku: "Standard", * location: example.location, * resourceGroupName: example.name, * allocationMethod: "Static", * }); * const exampleLoadBalancer = new azure.lb.LoadBalancer("example", { * name: "example-lb", * sku: "Standard", * location: example.location, * resourceGroupName: example.name, * frontendIpConfigurations: [{ * name: examplePublicIp.name, * publicIpAddressId: examplePublicIp.id, * }], * }); * const exampleLinkService = new azure.privatedns.LinkService("example", { * name: "example-privatelink", * location: example.location, * resourceGroupName: example.name, * natIpConfigurations: [{ * name: examplePublicIp.name, * primary: true, * subnetId: service.id, * }], * loadBalancerFrontendIpConfigurationIds: [exampleLoadBalancer.frontendIpConfigurations.apply(frontendIpConfigurations => frontendIpConfigurations?.[0]?.id)], * }); * const exampleEndpoint = new azure.privatelink.Endpoint("example", { * name: "example-endpoint", * location: example.location, * resourceGroupName: example.name, * subnetId: endpoint.id, * privateServiceConnection: { * name: "example-privateserviceconnection", * privateConnectionResourceId: exampleLinkService.id, * isManualConnection: false, * }, * }); * ``` * * Using a Private Link Service Alias with existing resources: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = azure.core.getResourceGroup({ * name: "example-resources", * }); * const vnet = example.then(example => azure.network.getVirtualNetwork({ * name: "example-network", * resourceGroupName: example.name, * })); * const subnet = Promise.all([vnet, example]).then(([vnet, example]) => azure.network.getSubnet({ * name: "default", * virtualNetworkName: vnet.name, * resourceGroupName: example.name, * })); * const exampleEndpoint = new azure.privatelink.Endpoint("example", { * name: "example-endpoint", * location: example.then(example => example.location), * resourceGroupName: example.then(example => example.name), * subnetId: subnet.then(subnet => subnet.id), * privateServiceConnection: { * name: "example-privateserviceconnection", * privateConnectionResourceAlias: "example-privatelinkservice.d20286c8-4ea5-11eb-9584-8f53157226c6.centralus.azure.privatelinkservice", * isManualConnection: true, * requestMessage: "PL", * }, * }); * ``` * * Using a Private Endpoint pointing to an *owned* Azure service, with proper DNS configuration: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-rg", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "exampleaccount", * resourceGroupName: example.name, * location: example.location, * accountTier: "Standard", * accountReplicationType: "LRS", * }); * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", { * name: "virtnetname", * addressSpaces: ["10.0.0.0/16"], * location: example.location, * resourceGroupName: example.name, * }); * const exampleSubnet = new azure.network.Subnet("example", { * name: "subnetname", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.2.0/24"], * }); * const exampleZone = new azure.privatedns.Zone("example", { * name: "privatelink.blob.core.windows.net", * resourceGroupName: example.name, * }); * const exampleEndpoint = new azure.privatelink.Endpoint("example", { * name: "example-endpoint", * location: example.location, * resourceGroupName: example.name, * subnetId: exampleSubnet.id, * privateServiceConnection: { * name: "example-privateserviceconnection", * privateConnectionResourceId: exampleAccount.id, * subresourceNames: ["blob"], * isManualConnection: false, * }, * privateDnsZoneGroup: { * name: "example-dns-zone-group", * privateDnsZoneIds: [exampleZone.id], * }, * }); * const exampleZoneVirtualNetworkLink = new azure.privatedns.ZoneVirtualNetworkLink("example", { * name: "example-link", * resourceGroupName: example.name, * privateDnsZoneName: exampleZone.name, * virtualNetworkId: exampleVirtualNetwork.id, * }); * ``` * * ## Example HCL Configurations * * * How to conneca `Private Endpoint` to a Application Gateway * * How to connect a `Private Endpoint` to a Cosmos MongoDB * * How to connect a `Private Endpoint` to a Cosmos PostgreSQL * * How to connect a `Private Endpoint` to a PostgreSQL Server * * How to connect a `Private Endpoint` to a Private Link Service * * How to connect a `Private Endpoint` to a Private DNS Group * * How to connect a `Private Endpoint` to a Databricks Workspace * * How to connect a `Private Endpoint` to a Managed Redis * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Network` - 2025-01-01 * * ## Import * * Private Endpoints can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:privatelink/endpoint:Endpoint example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/privateEndpoints/endpoint1 * ``` */ export declare class Endpoint extends pulumi.CustomResource { /** * Get an existing Endpoint resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: EndpointState, opts?: pulumi.CustomResourceOptions): Endpoint; /** * Returns true if the given object is an instance of Endpoint. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Endpoint; /** * A `customDnsConfigs` block as defined below. */ readonly customDnsConfigs: pulumi.Output; /** * The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created. */ readonly customNetworkInterfaceName: pulumi.Output; /** * One or more `ipConfiguration` blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet. */ readonly ipConfigurations: pulumi.Output; /** * The supported Azure location where the resource exists. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * A `networkInterface` block as defined below. */ readonly networkInterfaces: pulumi.Output; /** * A `privateDnsZoneConfigs` block as defined below. */ readonly privateDnsZoneConfigs: pulumi.Output; /** * A `privateDnsZoneGroup` block as defined below. */ readonly privateDnsZoneGroup: pulumi.Output; /** * A `privateServiceConnection` block as defined below. */ readonly privateServiceConnection: pulumi.Output; /** * Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created. */ readonly subnetId: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Create a Endpoint resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: EndpointArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Endpoint resources. */ export interface EndpointState { /** * A `customDnsConfigs` block as defined below. */ customDnsConfigs?: pulumi.Input[]>; /** * The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created. */ customNetworkInterfaceName?: pulumi.Input; /** * One or more `ipConfiguration` blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet. */ ipConfigurations?: pulumi.Input[]>; /** * The supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `networkInterface` block as defined below. */ networkInterfaces?: pulumi.Input[]>; /** * A `privateDnsZoneConfigs` block as defined below. */ privateDnsZoneConfigs?: pulumi.Input[]>; /** * A `privateDnsZoneGroup` block as defined below. */ privateDnsZoneGroup?: pulumi.Input; /** * A `privateServiceConnection` block as defined below. */ privateServiceConnection?: pulumi.Input; /** * Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created. */ subnetId?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; } /** * The set of arguments for constructing a Endpoint resource. */ export interface EndpointArgs { /** * The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created. */ customNetworkInterfaceName?: pulumi.Input; /** * One or more `ipConfiguration` blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet. */ ipConfigurations?: pulumi.Input[]>; /** * The supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `privateDnsZoneGroup` block as defined below. */ privateDnsZoneGroup?: pulumi.Input; /** * A `privateServiceConnection` block as defined below. */ privateServiceConnection: pulumi.Input; /** * Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created. */ subnetId: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }