Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-05-01
- 2025-03-01
- 2025-01-01
- 2024-10-01
- 2024-07-01
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2018-10-01
Bicep resource definition
The privateLinkServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/privateLinkServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/privateLinkServices@2025-05-01' = {
extendedLocation: {
name: 'string'
type: 'string'
}
location: 'string'
name: 'string'
properties: {
accessMode: 'string'
autoApproval: {
subscriptions: [
'string'
]
}
destinationIPAddress: 'string'
enableProxyProtocol: bool
fqdns: [
'string'
]
ipConfigurations: [
{
id: 'string'
name: 'string'
properties: {
primary: bool
privateIPAddress: 'string'
privateIPAddressVersion: 'string'
privateIPAllocationMethod: 'string'
subnet: {
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
addressPrefixes: [
'string'
]
applicationGatewayIPConfigurations: [
{
id: 'string'
name: 'string'
properties: {
subnet: {
id: 'string'
}
}
}
]
defaultOutboundAccess: bool
delegations: [
{
id: 'string'
name: 'string'
properties: {
serviceName: 'string'
}
type: 'string'
}
]
ipAllocations: [
{
id: 'string'
}
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
natGateway: {
id: 'string'
}
networkSecurityGroup: {
id: 'string'
location: 'string'
properties: {
flushConnection: bool
securityRules: [
{
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
routeTable: {
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
routes: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
serviceEndpointPolicies: [
{
id: 'string'
location: 'string'
properties: {
contextualServiceEndpointPolicies: [
'string'
]
serviceAlias: 'string'
serviceEndpointPolicyDefinitions: [
{
id: 'string'
name: 'string'
properties: {
description: 'string'
service: 'string'
serviceResources: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
networkIdentifier: {
id: 'string'
}
service: 'string'
}
]
serviceGateway: {
id: 'string'
}
sharingScope: 'string'
}
}
}
}
]
loadBalancerFrontendIpConfigurations: [
{
id: 'string'
name: 'string'
properties: {
gatewayLoadBalancer: {
id: 'string'
}
privateIPAddress: 'string'
privateIPAddressVersion: 'string'
privateIPAllocationMethod: 'string'
publicIPAddress: {
extendedLocation: {
name: 'string'
type: 'string'
}
id: 'string'
location: 'string'
properties: {
ddosSettings: {
ddosProtectionPlan: {
id: 'string'
}
protectionMode: 'string'
}
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
domainNameLabelScope: 'string'
fqdn: 'string'
reverseFqdn: 'string'
}
idleTimeoutInMinutes: int
ipAddress: 'string'
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
linkedPublicIPAddress: ...
migrationPhase: 'string'
natGateway: {
id: 'string'
location: 'string'
properties: {
idleTimeoutInMinutes: int
publicIpAddresses: [
{
id: 'string'
}
]
publicIpAddressesV6: [
{
id: 'string'
}
]
publicIpPrefixes: [
{
id: 'string'
}
]
publicIpPrefixesV6: [
{
id: 'string'
}
]
serviceGateway: {
id: 'string'
}
sourceVirtualNetwork: {
id: 'string'
}
}
sku: {
name: 'string'
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
publicIPPrefix: {
id: 'string'
}
servicePublicIPAddress: ...
}
sku: {
name: 'string'
tier: 'string'
}
tags: {
{customized property}: 'string'
}
zones: [
'string'
]
}
publicIPPrefix: {
id: 'string'
}
subnet: {
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
addressPrefixes: [
'string'
]
applicationGatewayIPConfigurations: [
{
id: 'string'
name: 'string'
properties: {
subnet: {
id: 'string'
}
}
}
]
defaultOutboundAccess: bool
delegations: [
{
id: 'string'
name: 'string'
properties: {
serviceName: 'string'
}
type: 'string'
}
]
ipAllocations: [
{
id: 'string'
}
]
ipamPoolPrefixAllocations: [
{
numberOfIpAddresses: 'string'
pool: {
id: 'string'
}
}
]
natGateway: {
id: 'string'
}
networkSecurityGroup: {
id: 'string'
location: 'string'
properties: {
flushConnection: bool
securityRules: [
{
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourceApplicationSecurityGroups: [
{
id: 'string'
location: 'string'
properties: {}
tags: {
{customized property}: 'string'
}
}
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
routeTable: {
id: 'string'
location: 'string'
properties: {
disableBgpRoutePropagation: bool
routes: [
{
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
}
}
]
}
tags: {
{customized property}: 'string'
}
}
serviceEndpointPolicies: [
{
id: 'string'
location: 'string'
properties: {
contextualServiceEndpointPolicies: [
'string'
]
serviceAlias: 'string'
serviceEndpointPolicyDefinitions: [
{
id: 'string'
name: 'string'
properties: {
description: 'string'
service: 'string'
serviceResources: [
'string'
]
}
}
]
}
tags: {
{customized property}: 'string'
}
}
]
serviceEndpoints: [
{
locations: [
'string'
]
networkIdentifier: {
id: 'string'
}
service: 'string'
}
]
serviceGateway: {
id: 'string'
}
sharingScope: 'string'
}
}
}
zones: [
'string'
]
}
]
visibility: {
subscriptions: [
'string'
]
}
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.Network/privateLinkServices
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the load balancer. | CommonExtendedLocation |
| location | Resource location. | string |
| name | The resource name | string (required) |
| properties | Properties of the private link service. | CommonPrivateLinkServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
CommonApplicationGatewayIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the IP configuration that is unique within an Application Gateway. | string |
| properties | Properties of the application gateway IP configuration. | CommonApplicationGatewayIPConfigurationPropertiesFormat |
CommonApplicationGatewayIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | CommonSubResource |
CommonApplicationSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the application security group. | CommonApplicationSecurityGroupPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonApplicationSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|
CommonDdosSettings
| Name | Description | Value |
|---|---|---|
| ddosProtectionPlan | The DDoS protection plan associated with the public IP. Can only be set if ProtectionMode is Enabled | CommonSubResource |
| protectionMode | The DDoS protection mode of the public IP | 'Disabled' 'Enabled' 'VirtualNetworkInherited' |
CommonDelegation
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
| properties | Properties of the subnet. | CommonServiceDelegationPropertiesFormat |
| type | Resource type. | string |
CommonExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
CommonFrontendIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the load balancer probe. | CommonFrontendIPConfigurationPropertiesFormat |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
CommonFrontendIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| gatewayLoadBalancer | The reference to gateway load balancer frontend IP. | CommonSubResource |
| privateIPAddress | The private IP address of the IP configuration. | string |
| privateIPAddressVersion | Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
| publicIPAddress | The reference to the Public IP resource. | CommonPublicIPAddress |
| publicIPPrefix | The reference to the Public IP Prefix resource. | CommonSubResource |
| subnet | The reference to the subnet resource. | CommonSubnet |
CommonIpamPoolPrefixAllocation
| Name | Description | Value |
|---|---|---|
| numberOfIpAddresses | Number of IP addresses to allocate. | string |
| pool | CommonIpamPoolPrefixAllocationPool |
CommonIpamPoolPrefixAllocationPool
| Name | Description | Value |
|---|---|---|
| id | Resource id of the associated Azure IpamPool resource. | string |
CommonIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
| tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
CommonNatGateway
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Nat Gateway properties. | CommonNatGatewayPropertiesFormat |
| sku | The nat gateway SKU. | CommonNatGatewaySku |
| tags | Resource tags. | CommonResourceTags |
| zones | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | string[] |
CommonNatGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| idleTimeoutInMinutes | The idle timeout of the nat gateway. | int |
| publicIpAddresses | An array of public ip addresses V4 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpAddressesV6 | An array of public ip addresses V6 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpPrefixes | An array of public ip prefixes V4 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpPrefixesV6 | An array of public ip prefixes V6 associated with the nat gateway resource. | CommonSubResource[] |
| serviceGateway | Reference to an existing service gateway. | CommonSubResource |
| sourceVirtualNetwork | A reference to the source virtual network using this nat gateway resource. | CommonSubResource |
CommonNatGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of Nat Gateway SKU. | 'Standard' 'StandardV2' |
CommonNetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the network security group. | CommonNetworkSecurityGroupPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonNetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
| securityRules | A collection of security rules of the network security group. | CommonSecurityRule[] |
CommonPrivateLinkServiceIpConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of private link service ip configuration. | string |
| properties | Properties of the private link service ip configuration. | CommonPrivateLinkServiceIpConfigurationProperties |
CommonPrivateLinkServiceIpConfigurationProperties
| Name | Description | Value |
|---|---|---|
| primary | Whether the ip configuration is primary or not. | bool |
| privateIPAddress | The private IP address of the IP configuration. | string |
| privateIPAddressVersion | Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
| subnet | The reference to the subnet resource. | CommonSubnet |
CommonPrivateLinkServiceProperties
| Name | Description | Value |
|---|---|---|
| accessMode | The access mode of the private link service. | 'Default' 'Restricted' |
| autoApproval | The auto-approval list of the private link service. | CommonPrivateLinkServicePropertiesAutoApproval |
| destinationIPAddress | The destination IP address of the private link service. | string |
| enableProxyProtocol | Whether the private link service is enabled for proxy protocol or not. | bool |
| fqdns | The list of Fqdn. | string[] |
| ipConfigurations | An array of private link service IP configurations. | CommonPrivateLinkServiceIpConfiguration[] |
| loadBalancerFrontendIpConfigurations | An array of references to the load balancer IP configurations. | CommonFrontendIPConfiguration[] |
| visibility | The visibility list of the private link service. | CommonPrivateLinkServicePropertiesVisibility |
CommonPrivateLinkServicePropertiesAutoApproval
| Name | Description | Value |
|---|---|---|
| subscriptions | The list of subscriptions. | string[] |
CommonPrivateLinkServicePropertiesVisibility
| Name | Description | Value |
|---|---|---|
| subscriptions | The list of subscriptions. | string[] |
CommonPublicIPAddress
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the public ip address. | CommonExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Public IP address properties. | CommonPublicIPAddressPropertiesFormat |
| sku | The public IP address SKU. | CommonPublicIPAddressSku |
| tags | Resource tags. | CommonResourceTags |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
CommonPublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| domainNameLabelScope | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
CommonPublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| ddosSettings | The DDoS protection custom policy associated with the public IP address. | CommonDdosSettings |
| deleteOption | Specify what happens to the public IP address when the VM using it is deleted | 'Delete' 'Detach' |
| dnsSettings | The FQDN of the DNS record associated with the public IP address. | CommonPublicIPAddressDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipAddress | The IP address associated with the public IP address resource. | string |
| ipTags | The list of tags associated with the public IP address. | CommonIpTag[] |
| linkedPublicIPAddress | The linked public IP address of the public IP address resource. | CommonPublicIPAddress |
| migrationPhase | Migration phase of Public IP Address. | 'Abort' 'Commit' 'Committed' 'None' 'Prepare' |
| natGateway | The NatGateway for the Public IP address. | CommonNatGateway |
| publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
| publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | CommonSubResource |
| servicePublicIPAddress | The service public IP address of the public IP address resource. | CommonPublicIPAddress |
CommonPublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Name of a public IP address SKU. | 'Basic' 'Standard' 'StandardV2' |
| tier | Tier of a public IP address SKU. | 'Global' 'Regional' |
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonRoute
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the route. | CommonRoutePropertiesFormat |
CommonRoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The destination CIDR to which the route applies. | string |
| nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
CommonRouteTable
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the route table. | CommonRouteTablePropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonRouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
| routes | Collection of routes contained within a route table. | CommonRoute[] |
CommonSecurityRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the security rule. | CommonSecurityRulePropertiesFormat |
CommonSecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
| destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
| destinationApplicationSecurityGroups | The application security group specified as destination. | CommonApplicationSecurityGroup[] |
| destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
| protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
| sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
| sourceApplicationSecurityGroups | The application security group specified as source. | CommonApplicationSecurityGroup[] |
| sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| sourcePortRanges | The source port ranges. | string[] |
CommonServiceDelegationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
CommonServiceEndpointPolicy
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the service end point policy. | CommonServiceEndpointPolicyPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonServiceEndpointPolicyDefinition
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the service endpoint policy definition. | CommonServiceEndpointPolicyDefinitionPropertiesFormat |
CommonServiceEndpointPolicyDefinitionPropertiesFormat
| Name | Description | Value |
|---|---|---|
| description | A description for this rule. Restricted to 140 chars. | string |
| service | Service endpoint name. | string |
| serviceResources | A list of service resources. | string[] |
CommonServiceEndpointPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
| serviceAlias | The alias indicating if the policy belongs to a service | string |
| serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | CommonServiceEndpointPolicyDefinition[] |
CommonServiceEndpointPropertiesFormat
| Name | Description | Value |
|---|---|---|
| locations | A list of locations. | string[] |
| networkIdentifier | SubResource as network identifier. | CommonSubResource |
| service | The type of the endpoint service. | string |
CommonSubnet
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the subnet. | CommonSubnetPropertiesFormat |
CommonSubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The address prefix for the subnet. | string |
| addressPrefixes | List of address prefixes for the subnet. | string[] |
| applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | CommonApplicationGatewayIPConfiguration[] |
| defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. | bool |
| delegations | An array of references to the delegations on the subnet. | CommonDelegation[] |
| ipAllocations | Array of IpAllocation which reference this subnet. | CommonSubResource[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools for allocating IP address prefixes. | CommonIpamPoolPrefixAllocation[] |
| natGateway | Nat gateway associated with this subnet. | CommonSubResource |
| networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | CommonNetworkSecurityGroup |
| privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
| privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
| routeTable | The reference to the RouteTable resource. | CommonRouteTable |
| serviceEndpointPolicies | An array of service endpoint policies. | CommonServiceEndpointPolicy[] |
| serviceEndpoints | An array of service endpoints. | CommonServiceEndpointPropertiesFormat[] |
| serviceGateway | Reference to an existing service gateway. | CommonSubResource |
| sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
CommonSubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
Usage Examples
Bicep Samples
A basic example of deploying Private Link Service.
param resourceName string = 'acctest0001'
param location string = 'westeurope'
resource loadBalancer 'Microsoft.Network/loadBalancers@2022-07-01' = {
name: resourceName
location: location
properties: {
frontendIPConfigurations: [
{
name: 'acctest0001'
properties: {
publicIPAddress: {
id: publicIPAddress.id
}
}
}
]
}
sku: {
name: 'Standard'
tier: 'Regional'
}
}
resource privateLinkService 'Microsoft.Network/privateLinkServices@2022-07-01' = {
name: resourceName
location: location
properties: {
autoApproval: {
subscriptions: []
}
enableProxyProtocol: false
fqdns: []
ipConfigurations: [
{
name: 'primaryIpConfiguration-230630033653892379'
properties: {
primary: true
privateIPAddress: ''
privateIPAddressVersion: 'IPv4'
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: subnet.id
}
}
}
]
loadBalancerFrontendIpConfigurations: [
{
id: loadBalancer.properties.frontendIPConfigurations[0].id
}
]
visibility: {
subscriptions: []
}
}
}
resource publicIPAddress 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
name: resourceName
location: location
properties: {
ddosSettings: {
protectionMode: 'VirtualNetworkInherited'
}
idleTimeoutInMinutes: 4
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
}
sku: {
name: 'Standard'
tier: 'Regional'
}
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
name: resourceName
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.5.0.0/16'
]
}
dhcpOptions: {
dnsServers: []
}
subnets: []
}
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' = {
parent: virtualNetwork
name: resourceName
properties: {
addressPrefix: '10.5.4.0/24'
delegations: []
privateEndpointNetworkPolicies: 'Enabled'
privateLinkServiceNetworkPolicies: 'Disabled'
serviceEndpointPolicies: []
serviceEndpoints: []
}
}
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Private Link Service | AVM Resource Module for Private Link Service |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Front Door Premium with VM and Private Link service | This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
| Private Link service example | This template shows how to create a private link service |
ARM template resource definition
The privateLinkServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/privateLinkServices resource, add the following JSON to your template.
{
"type": "Microsoft.Network/privateLinkServices",
"apiVersion": "2025-05-01",
"name": "string",
"extendedLocation": {
"name": "string",
"type": "string"
},
"location": "string",
"properties": {
"accessMode": "string",
"autoApproval": {
"subscriptions": [ "string" ]
},
"destinationIPAddress": "string",
"enableProxyProtocol": "bool",
"fqdns": [ "string" ],
"ipConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"primary": "bool",
"privateIPAddress": "string",
"privateIPAddressVersion": "string",
"privateIPAllocationMethod": "string",
"subnet": {
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [ "string" ],
"applicationGatewayIPConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"subnet": {
"id": "string"
}
}
}
],
"defaultOutboundAccess": "bool",
"delegations": [
{
"id": "string",
"name": "string",
"properties": {
"serviceName": "string"
},
"type": "string"
}
],
"ipAllocations": [
{
"id": "string"
}
],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
],
"natGateway": {
"id": "string"
},
"networkSecurityGroup": {
"id": "string",
"location": "string",
"properties": {
"flushConnection": "bool",
"securityRules": [
{
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"privateEndpointNetworkPolicies": "string",
"privateLinkServiceNetworkPolicies": "string",
"routeTable": {
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"routes": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"properties": {
"contextualServiceEndpointPolicies": [ "string" ],
"serviceAlias": "string",
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"name": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"networkIdentifier": {
"id": "string"
},
"service": "string"
}
],
"serviceGateway": {
"id": "string"
},
"sharingScope": "string"
}
}
}
}
],
"loadBalancerFrontendIpConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"gatewayLoadBalancer": {
"id": "string"
},
"privateIPAddress": "string",
"privateIPAddressVersion": "string",
"privateIPAllocationMethod": "string",
"publicIPAddress": {
"extendedLocation": {
"name": "string",
"type": "string"
},
"id": "string",
"location": "string",
"properties": {
"ddosSettings": {
"ddosProtectionPlan": {
"id": "string"
},
"protectionMode": "string"
},
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string",
"domainNameLabelScope": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"idleTimeoutInMinutes": "int",
"ipAddress": "string",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"linkedPublicIPAddress": ...,
"migrationPhase": "string",
"natGateway": {
"id": "string",
"location": "string",
"properties": {
"idleTimeoutInMinutes": "int",
"publicIpAddresses": [
{
"id": "string"
}
],
"publicIpAddressesV6": [
{
"id": "string"
}
],
"publicIpPrefixes": [
{
"id": "string"
}
],
"publicIpPrefixesV6": [
{
"id": "string"
}
],
"serviceGateway": {
"id": "string"
},
"sourceVirtualNetwork": {
"id": "string"
}
},
"sku": {
"name": "string"
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
},
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"publicIPPrefix": {
"id": "string"
},
"servicePublicIPAddress": ...
},
"sku": {
"name": "string",
"tier": "string"
},
"tags": {
"{customized property}": "string"
},
"zones": [ "string" ]
},
"publicIPPrefix": {
"id": "string"
},
"subnet": {
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [ "string" ],
"applicationGatewayIPConfigurations": [
{
"id": "string",
"name": "string",
"properties": {
"subnet": {
"id": "string"
}
}
}
],
"defaultOutboundAccess": "bool",
"delegations": [
{
"id": "string",
"name": "string",
"properties": {
"serviceName": "string"
},
"type": "string"
}
],
"ipAllocations": [
{
"id": "string"
}
],
"ipamPoolPrefixAllocations": [
{
"numberOfIpAddresses": "string",
"pool": {
"id": "string"
}
}
],
"natGateway": {
"id": "string"
},
"networkSecurityGroup": {
"id": "string",
"location": "string",
"properties": {
"flushConnection": "bool",
"securityRules": [
{
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [ "string" ],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"destinationPortRange": "string",
"destinationPortRanges": [ "string" ],
"direction": "string",
"priority": "int",
"protocol": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [ "string" ],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"properties": {
},
"tags": {
"{customized property}": "string"
}
}
],
"sourcePortRange": "string",
"sourcePortRanges": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"privateEndpointNetworkPolicies": "string",
"privateLinkServiceNetworkPolicies": "string",
"routeTable": {
"id": "string",
"location": "string",
"properties": {
"disableBgpRoutePropagation": "bool",
"routes": [
{
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string"
}
}
]
},
"tags": {
"{customized property}": "string"
}
},
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"properties": {
"contextualServiceEndpointPolicies": [ "string" ],
"serviceAlias": "string",
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"name": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [ "string" ]
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
],
"serviceEndpoints": [
{
"locations": [ "string" ],
"networkIdentifier": {
"id": "string"
},
"service": "string"
}
],
"serviceGateway": {
"id": "string"
},
"sharingScope": "string"
}
}
},
"zones": [ "string" ]
}
],
"visibility": {
"subscriptions": [ "string" ]
}
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.Network/privateLinkServices
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2025-05-01' |
| extendedLocation | The extended location of the load balancer. | CommonExtendedLocation |
| location | Resource location. | string |
| name | The resource name | string (required) |
| properties | Properties of the private link service. | CommonPrivateLinkServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Network/privateLinkServices' |
CommonApplicationGatewayIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the IP configuration that is unique within an Application Gateway. | string |
| properties | Properties of the application gateway IP configuration. | CommonApplicationGatewayIPConfigurationPropertiesFormat |
CommonApplicationGatewayIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | CommonSubResource |
CommonApplicationSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the application security group. | CommonApplicationSecurityGroupPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonApplicationSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|
CommonDdosSettings
| Name | Description | Value |
|---|---|---|
| ddosProtectionPlan | The DDoS protection plan associated with the public IP. Can only be set if ProtectionMode is Enabled | CommonSubResource |
| protectionMode | The DDoS protection mode of the public IP | 'Disabled' 'Enabled' 'VirtualNetworkInherited' |
CommonDelegation
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
| properties | Properties of the subnet. | CommonServiceDelegationPropertiesFormat |
| type | Resource type. | string |
CommonExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
CommonFrontendIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the load balancer probe. | CommonFrontendIPConfigurationPropertiesFormat |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
CommonFrontendIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| gatewayLoadBalancer | The reference to gateway load balancer frontend IP. | CommonSubResource |
| privateIPAddress | The private IP address of the IP configuration. | string |
| privateIPAddressVersion | Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
| publicIPAddress | The reference to the Public IP resource. | CommonPublicIPAddress |
| publicIPPrefix | The reference to the Public IP Prefix resource. | CommonSubResource |
| subnet | The reference to the subnet resource. | CommonSubnet |
CommonIpamPoolPrefixAllocation
| Name | Description | Value |
|---|---|---|
| numberOfIpAddresses | Number of IP addresses to allocate. | string |
| pool | CommonIpamPoolPrefixAllocationPool |
CommonIpamPoolPrefixAllocationPool
| Name | Description | Value |
|---|---|---|
| id | Resource id of the associated Azure IpamPool resource. | string |
CommonIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
| tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
CommonNatGateway
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Nat Gateway properties. | CommonNatGatewayPropertiesFormat |
| sku | The nat gateway SKU. | CommonNatGatewaySku |
| tags | Resource tags. | CommonResourceTags |
| zones | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | string[] |
CommonNatGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| idleTimeoutInMinutes | The idle timeout of the nat gateway. | int |
| publicIpAddresses | An array of public ip addresses V4 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpAddressesV6 | An array of public ip addresses V6 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpPrefixes | An array of public ip prefixes V4 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpPrefixesV6 | An array of public ip prefixes V6 associated with the nat gateway resource. | CommonSubResource[] |
| serviceGateway | Reference to an existing service gateway. | CommonSubResource |
| sourceVirtualNetwork | A reference to the source virtual network using this nat gateway resource. | CommonSubResource |
CommonNatGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of Nat Gateway SKU. | 'Standard' 'StandardV2' |
CommonNetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the network security group. | CommonNetworkSecurityGroupPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonNetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
| securityRules | A collection of security rules of the network security group. | CommonSecurityRule[] |
CommonPrivateLinkServiceIpConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of private link service ip configuration. | string |
| properties | Properties of the private link service ip configuration. | CommonPrivateLinkServiceIpConfigurationProperties |
CommonPrivateLinkServiceIpConfigurationProperties
| Name | Description | Value |
|---|---|---|
| primary | Whether the ip configuration is primary or not. | bool |
| privateIPAddress | The private IP address of the IP configuration. | string |
| privateIPAddressVersion | Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
| subnet | The reference to the subnet resource. | CommonSubnet |
CommonPrivateLinkServiceProperties
| Name | Description | Value |
|---|---|---|
| accessMode | The access mode of the private link service. | 'Default' 'Restricted' |
| autoApproval | The auto-approval list of the private link service. | CommonPrivateLinkServicePropertiesAutoApproval |
| destinationIPAddress | The destination IP address of the private link service. | string |
| enableProxyProtocol | Whether the private link service is enabled for proxy protocol or not. | bool |
| fqdns | The list of Fqdn. | string[] |
| ipConfigurations | An array of private link service IP configurations. | CommonPrivateLinkServiceIpConfiguration[] |
| loadBalancerFrontendIpConfigurations | An array of references to the load balancer IP configurations. | CommonFrontendIPConfiguration[] |
| visibility | The visibility list of the private link service. | CommonPrivateLinkServicePropertiesVisibility |
CommonPrivateLinkServicePropertiesAutoApproval
| Name | Description | Value |
|---|---|---|
| subscriptions | The list of subscriptions. | string[] |
CommonPrivateLinkServicePropertiesVisibility
| Name | Description | Value |
|---|---|---|
| subscriptions | The list of subscriptions. | string[] |
CommonPublicIPAddress
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the public ip address. | CommonExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Public IP address properties. | CommonPublicIPAddressPropertiesFormat |
| sku | The public IP address SKU. | CommonPublicIPAddressSku |
| tags | Resource tags. | CommonResourceTags |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
CommonPublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| domainNameLabelScope | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
CommonPublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| ddosSettings | The DDoS protection custom policy associated with the public IP address. | CommonDdosSettings |
| deleteOption | Specify what happens to the public IP address when the VM using it is deleted | 'Delete' 'Detach' |
| dnsSettings | The FQDN of the DNS record associated with the public IP address. | CommonPublicIPAddressDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipAddress | The IP address associated with the public IP address resource. | string |
| ipTags | The list of tags associated with the public IP address. | CommonIpTag[] |
| linkedPublicIPAddress | The linked public IP address of the public IP address resource. | CommonPublicIPAddress |
| migrationPhase | Migration phase of Public IP Address. | 'Abort' 'Commit' 'Committed' 'None' 'Prepare' |
| natGateway | The NatGateway for the Public IP address. | CommonNatGateway |
| publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
| publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | CommonSubResource |
| servicePublicIPAddress | The service public IP address of the public IP address resource. | CommonPublicIPAddress |
CommonPublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Name of a public IP address SKU. | 'Basic' 'Standard' 'StandardV2' |
| tier | Tier of a public IP address SKU. | 'Global' 'Regional' |
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonRoute
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the route. | CommonRoutePropertiesFormat |
CommonRoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The destination CIDR to which the route applies. | string |
| nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
CommonRouteTable
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the route table. | CommonRouteTablePropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonRouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
| routes | Collection of routes contained within a route table. | CommonRoute[] |
CommonSecurityRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the security rule. | CommonSecurityRulePropertiesFormat |
CommonSecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
| destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
| destinationApplicationSecurityGroups | The application security group specified as destination. | CommonApplicationSecurityGroup[] |
| destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
| protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
| sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
| sourceApplicationSecurityGroups | The application security group specified as source. | CommonApplicationSecurityGroup[] |
| sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| sourcePortRanges | The source port ranges. | string[] |
CommonServiceDelegationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
CommonServiceEndpointPolicy
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the service end point policy. | CommonServiceEndpointPolicyPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonServiceEndpointPolicyDefinition
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the service endpoint policy definition. | CommonServiceEndpointPolicyDefinitionPropertiesFormat |
CommonServiceEndpointPolicyDefinitionPropertiesFormat
| Name | Description | Value |
|---|---|---|
| description | A description for this rule. Restricted to 140 chars. | string |
| service | Service endpoint name. | string |
| serviceResources | A list of service resources. | string[] |
CommonServiceEndpointPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
| serviceAlias | The alias indicating if the policy belongs to a service | string |
| serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | CommonServiceEndpointPolicyDefinition[] |
CommonServiceEndpointPropertiesFormat
| Name | Description | Value |
|---|---|---|
| locations | A list of locations. | string[] |
| networkIdentifier | SubResource as network identifier. | CommonSubResource |
| service | The type of the endpoint service. | string |
CommonSubnet
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the subnet. | CommonSubnetPropertiesFormat |
CommonSubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The address prefix for the subnet. | string |
| addressPrefixes | List of address prefixes for the subnet. | string[] |
| applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | CommonApplicationGatewayIPConfiguration[] |
| defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. | bool |
| delegations | An array of references to the delegations on the subnet. | CommonDelegation[] |
| ipAllocations | Array of IpAllocation which reference this subnet. | CommonSubResource[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools for allocating IP address prefixes. | CommonIpamPoolPrefixAllocation[] |
| natGateway | Nat gateway associated with this subnet. | CommonSubResource |
| networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | CommonNetworkSecurityGroup |
| privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
| privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
| routeTable | The reference to the RouteTable resource. | CommonRouteTable |
| serviceEndpointPolicies | An array of service endpoint policies. | CommonServiceEndpointPolicy[] |
| serviceEndpoints | An array of service endpoints. | CommonServiceEndpointPropertiesFormat[] |
| serviceGateway | Reference to an existing service gateway. | CommonSubResource |
| sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
CommonSubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Deploy Darktrace Autoscaling vSensors |
This template allows you to deploy an automatically autoscaling deployment of Darktrace vSensors |
| Front Door Premium with VM and Private Link service |
This template creates a Front Door Premium and a virtual machine configured as a web server. Front Door uses a private endpoint with Private Link service to send traffic to the VM. |
| Private Link service example |
This template shows how to create a private link service |
Terraform (AzAPI provider) resource definition
The privateLinkServices resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/privateLinkServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/privateLinkServices@2025-05-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
extendedLocation = {
name = "string"
type = "string"
}
properties = {
accessMode = "string"
autoApproval = {
subscriptions = [
"string"
]
}
destinationIPAddress = "string"
enableProxyProtocol = bool
fqdns = [
"string"
]
ipConfigurations = [
{
id = "string"
name = "string"
properties = {
primary = bool
privateIPAddress = "string"
privateIPAddressVersion = "string"
privateIPAllocationMethod = "string"
subnet = {
id = "string"
name = "string"
properties = {
addressPrefix = "string"
addressPrefixes = [
"string"
]
applicationGatewayIPConfigurations = [
{
id = "string"
name = "string"
properties = {
subnet = {
id = "string"
}
}
}
]
defaultOutboundAccess = bool
delegations = [
{
id = "string"
name = "string"
properties = {
serviceName = "string"
}
type = "string"
}
]
ipAllocations = [
{
id = "string"
}
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
natGateway = {
id = "string"
}
networkSecurityGroup = {
id = "string"
location = "string"
properties = {
flushConnection = bool
securityRules = [
{
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
privateEndpointNetworkPolicies = "string"
privateLinkServiceNetworkPolicies = "string"
routeTable = {
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
routes = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
}
}
]
}
tags = {
{customized property} = "string"
}
}
serviceEndpointPolicies = [
{
id = "string"
location = "string"
properties = {
contextualServiceEndpointPolicies = [
"string"
]
serviceAlias = "string"
serviceEndpointPolicyDefinitions = [
{
id = "string"
name = "string"
properties = {
description = "string"
service = "string"
serviceResources = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
networkIdentifier = {
id = "string"
}
service = "string"
}
]
serviceGateway = {
id = "string"
}
sharingScope = "string"
}
}
}
}
]
loadBalancerFrontendIpConfigurations = [
{
id = "string"
name = "string"
properties = {
gatewayLoadBalancer = {
id = "string"
}
privateIPAddress = "string"
privateIPAddressVersion = "string"
privateIPAllocationMethod = "string"
publicIPAddress = {
extendedLocation = {
name = "string"
type = "string"
}
id = "string"
location = "string"
properties = {
ddosSettings = {
ddosProtectionPlan = {
id = "string"
}
protectionMode = "string"
}
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
domainNameLabelScope = "string"
fqdn = "string"
reverseFqdn = "string"
}
idleTimeoutInMinutes = int
ipAddress = "string"
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
linkedPublicIPAddress = ...
migrationPhase = "string"
natGateway = {
id = "string"
location = "string"
properties = {
idleTimeoutInMinutes = int
publicIpAddresses = [
{
id = "string"
}
]
publicIpAddressesV6 = [
{
id = "string"
}
]
publicIpPrefixes = [
{
id = "string"
}
]
publicIpPrefixesV6 = [
{
id = "string"
}
]
serviceGateway = {
id = "string"
}
sourceVirtualNetwork = {
id = "string"
}
}
sku = {
name = "string"
}
tags = {
{customized property} = "string"
}
zones = [
"string"
]
}
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
publicIPPrefix = {
id = "string"
}
servicePublicIPAddress = ...
}
sku = {
name = "string"
tier = "string"
}
tags = {
{customized property} = "string"
}
zones = [
"string"
]
}
publicIPPrefix = {
id = "string"
}
subnet = {
id = "string"
name = "string"
properties = {
addressPrefix = "string"
addressPrefixes = [
"string"
]
applicationGatewayIPConfigurations = [
{
id = "string"
name = "string"
properties = {
subnet = {
id = "string"
}
}
}
]
defaultOutboundAccess = bool
delegations = [
{
id = "string"
name = "string"
properties = {
serviceName = "string"
}
type = "string"
}
]
ipAllocations = [
{
id = "string"
}
]
ipamPoolPrefixAllocations = [
{
numberOfIpAddresses = "string"
pool = {
id = "string"
}
}
]
natGateway = {
id = "string"
}
networkSecurityGroup = {
id = "string"
location = "string"
properties = {
flushConnection = bool
securityRules = [
{
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationAddressPrefixes = [
"string"
]
destinationApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
destinationPortRange = "string"
destinationPortRanges = [
"string"
]
direction = "string"
priority = int
protocol = "string"
sourceAddressPrefix = "string"
sourceAddressPrefixes = [
"string"
]
sourceApplicationSecurityGroups = [
{
id = "string"
location = "string"
properties = {
}
tags = {
{customized property} = "string"
}
}
]
sourcePortRange = "string"
sourcePortRanges = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
privateEndpointNetworkPolicies = "string"
privateLinkServiceNetworkPolicies = "string"
routeTable = {
id = "string"
location = "string"
properties = {
disableBgpRoutePropagation = bool
routes = [
{
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
}
}
]
}
tags = {
{customized property} = "string"
}
}
serviceEndpointPolicies = [
{
id = "string"
location = "string"
properties = {
contextualServiceEndpointPolicies = [
"string"
]
serviceAlias = "string"
serviceEndpointPolicyDefinitions = [
{
id = "string"
name = "string"
properties = {
description = "string"
service = "string"
serviceResources = [
"string"
]
}
}
]
}
tags = {
{customized property} = "string"
}
}
]
serviceEndpoints = [
{
locations = [
"string"
]
networkIdentifier = {
id = "string"
}
service = "string"
}
]
serviceGateway = {
id = "string"
}
sharingScope = "string"
}
}
}
zones = [
"string"
]
}
]
visibility = {
subscriptions = [
"string"
]
}
}
}
}
Property Values
Microsoft.Network/privateLinkServices
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the load balancer. | CommonExtendedLocation |
| location | Resource location. | string |
| name | The resource name | string (required) |
| properties | Properties of the private link service. | CommonPrivateLinkServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Network/privateLinkServices@2025-05-01" |
CommonApplicationGatewayIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the IP configuration that is unique within an Application Gateway. | string |
| properties | Properties of the application gateway IP configuration. | CommonApplicationGatewayIPConfigurationPropertiesFormat |
CommonApplicationGatewayIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| subnet | Reference to the subnet resource. A subnet from where application gateway gets its private address. | CommonSubResource |
CommonApplicationSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the application security group. | CommonApplicationSecurityGroupPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonApplicationSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|
CommonDdosSettings
| Name | Description | Value |
|---|---|---|
| ddosProtectionPlan | The DDoS protection plan associated with the public IP. Can only be set if ProtectionMode is Enabled | CommonSubResource |
| protectionMode | The DDoS protection mode of the public IP | 'Disabled' 'Enabled' 'VirtualNetworkInherited' |
CommonDelegation
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of the resource that is unique within a subnet. This name can be used to access the resource. | string |
| properties | Properties of the subnet. | CommonServiceDelegationPropertiesFormat |
| type | Resource type. | string |
CommonExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
CommonFrontendIPConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the load balancer probe. | CommonFrontendIPConfigurationPropertiesFormat |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
CommonFrontendIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| gatewayLoadBalancer | The reference to gateway load balancer frontend IP. | CommonSubResource |
| privateIPAddress | The private IP address of the IP configuration. | string |
| privateIPAddressVersion | Whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | The Private IP allocation method. | 'Dynamic' 'Static' |
| publicIPAddress | The reference to the Public IP resource. | CommonPublicIPAddress |
| publicIPPrefix | The reference to the Public IP Prefix resource. | CommonSubResource |
| subnet | The reference to the subnet resource. | CommonSubnet |
CommonIpamPoolPrefixAllocation
| Name | Description | Value |
|---|---|---|
| numberOfIpAddresses | Number of IP addresses to allocate. | string |
| pool | CommonIpamPoolPrefixAllocationPool |
CommonIpamPoolPrefixAllocationPool
| Name | Description | Value |
|---|---|---|
| id | Resource id of the associated Azure IpamPool resource. | string |
CommonIpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
| tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
CommonNatGateway
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Nat Gateway properties. | CommonNatGatewayPropertiesFormat |
| sku | The nat gateway SKU. | CommonNatGatewaySku |
| tags | Resource tags. | CommonResourceTags |
| zones | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | string[] |
CommonNatGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| idleTimeoutInMinutes | The idle timeout of the nat gateway. | int |
| publicIpAddresses | An array of public ip addresses V4 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpAddressesV6 | An array of public ip addresses V6 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpPrefixes | An array of public ip prefixes V4 associated with the nat gateway resource. | CommonSubResource[] |
| publicIpPrefixesV6 | An array of public ip prefixes V6 associated with the nat gateway resource. | CommonSubResource[] |
| serviceGateway | Reference to an existing service gateway. | CommonSubResource |
| sourceVirtualNetwork | A reference to the source virtual network using this nat gateway resource. | CommonSubResource |
CommonNatGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of Nat Gateway SKU. | 'Standard' 'StandardV2' |
CommonNetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the network security group. | CommonNetworkSecurityGroupPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonNetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| flushConnection | When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. | bool |
| securityRules | A collection of security rules of the network security group. | CommonSecurityRule[] |
CommonPrivateLinkServiceIpConfiguration
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | The name of private link service ip configuration. | string |
| properties | Properties of the private link service ip configuration. | CommonPrivateLinkServiceIpConfigurationProperties |
CommonPrivateLinkServiceIpConfigurationProperties
| Name | Description | Value |
|---|---|---|
| primary | Whether the ip configuration is primary or not. | bool |
| privateIPAddress | The private IP address of the IP configuration. | string |
| privateIPAddressVersion | Whether the specific IP configuration is IPv4 or IPv6. Default is IPv4. | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | The private IP address allocation method. | 'Dynamic' 'Static' |
| subnet | The reference to the subnet resource. | CommonSubnet |
CommonPrivateLinkServiceProperties
| Name | Description | Value |
|---|---|---|
| accessMode | The access mode of the private link service. | 'Default' 'Restricted' |
| autoApproval | The auto-approval list of the private link service. | CommonPrivateLinkServicePropertiesAutoApproval |
| destinationIPAddress | The destination IP address of the private link service. | string |
| enableProxyProtocol | Whether the private link service is enabled for proxy protocol or not. | bool |
| fqdns | The list of Fqdn. | string[] |
| ipConfigurations | An array of private link service IP configurations. | CommonPrivateLinkServiceIpConfiguration[] |
| loadBalancerFrontendIpConfigurations | An array of references to the load balancer IP configurations. | CommonFrontendIPConfiguration[] |
| visibility | The visibility list of the private link service. | CommonPrivateLinkServicePropertiesVisibility |
CommonPrivateLinkServicePropertiesAutoApproval
| Name | Description | Value |
|---|---|---|
| subscriptions | The list of subscriptions. | string[] |
CommonPrivateLinkServicePropertiesVisibility
| Name | Description | Value |
|---|---|---|
| subscriptions | The list of subscriptions. | string[] |
CommonPublicIPAddress
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the public ip address. | CommonExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Public IP address properties. | CommonPublicIPAddressPropertiesFormat |
| sku | The public IP address SKU. | CommonPublicIPAddressSku |
| tags | Resource tags. | CommonResourceTags |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
CommonPublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| domainNameLabelScope | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
CommonPublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| ddosSettings | The DDoS protection custom policy associated with the public IP address. | CommonDdosSettings |
| deleteOption | Specify what happens to the public IP address when the VM using it is deleted | 'Delete' 'Detach' |
| dnsSettings | The FQDN of the DNS record associated with the public IP address. | CommonPublicIPAddressDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipAddress | The IP address associated with the public IP address resource. | string |
| ipTags | The list of tags associated with the public IP address. | CommonIpTag[] |
| linkedPublicIPAddress | The linked public IP address of the public IP address resource. | CommonPublicIPAddress |
| migrationPhase | Migration phase of Public IP Address. | 'Abort' 'Commit' 'Committed' 'None' 'Prepare' |
| natGateway | The NatGateway for the Public IP address. | CommonNatGateway |
| publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
| publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | CommonSubResource |
| servicePublicIPAddress | The service public IP address of the public IP address resource. | CommonPublicIPAddress |
CommonPublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Name of a public IP address SKU. | 'Basic' 'Standard' 'StandardV2' |
| tier | Tier of a public IP address SKU. | 'Global' 'Regional' |
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonResourceTags
| Name | Description | Value |
|---|
CommonRoute
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the route. | CommonRoutePropertiesFormat |
CommonRoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The destination CIDR to which the route applies. | string |
| nextHopIpAddress | The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | The type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
CommonRouteTable
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the route table. | CommonRouteTablePropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonRouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| disableBgpRoutePropagation | Whether to disable the routes learned by BGP on that route table. True means disable. | bool |
| routes | Collection of routes contained within a route table. | CommonRoute[] |
CommonSecurityRule
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the security rule. | CommonSecurityRulePropertiesFormat |
CommonSecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | The network traffic is allowed or denied. | 'Allow' 'Deny' (required) |
| description | A description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
| destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
| destinationApplicationSecurityGroups | The application security group specified as destination. | CommonApplicationSecurityGroup[] |
| destinationPortRange | The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| direction | The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
| protocol | Network protocol this rule applies to. | '*' 'Ah' 'Esp' 'Icmp' 'Tcp' 'Udp' (required) |
| sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
| sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
| sourceApplicationSecurityGroups | The application security group specified as source. | CommonApplicationSecurityGroup[] |
| sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| sourcePortRanges | The source port ranges. | string[] |
CommonServiceDelegationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| serviceName | The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers). | string |
CommonServiceEndpointPolicy
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Properties of the service end point policy. | CommonServiceEndpointPolicyPropertiesFormat |
| tags | Resource tags. | CommonResourceTags |
CommonServiceEndpointPolicyDefinition
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the service endpoint policy definition. | CommonServiceEndpointPolicyDefinitionPropertiesFormat |
CommonServiceEndpointPolicyDefinitionPropertiesFormat
| Name | Description | Value |
|---|---|---|
| description | A description for this rule. Restricted to 140 chars. | string |
| service | Service endpoint name. | string |
| serviceResources | A list of service resources. | string[] |
CommonServiceEndpointPolicyPropertiesFormat
| Name | Description | Value |
|---|---|---|
| contextualServiceEndpointPolicies | A collection of contextual service endpoint policy. | string[] |
| serviceAlias | The alias indicating if the policy belongs to a service | string |
| serviceEndpointPolicyDefinitions | A collection of service endpoint policy definitions of the service endpoint policy. | CommonServiceEndpointPolicyDefinition[] |
CommonServiceEndpointPropertiesFormat
| Name | Description | Value |
|---|---|---|
| locations | A list of locations. | string[] |
| networkIdentifier | SubResource as network identifier. | CommonSubResource |
| service | The type of the endpoint service. | string |
CommonSubnet
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| name | Name of the resource. | string |
| properties | Properties of the subnet. | CommonSubnetPropertiesFormat |
CommonSubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | The address prefix for the subnet. | string |
| addressPrefixes | List of address prefixes for the subnet. | string[] |
| applicationGatewayIPConfigurations | Application gateway IP configurations of virtual network resource. | CommonApplicationGatewayIPConfiguration[] |
| defaultOutboundAccess | Set this property to false to disable default outbound connectivity for all VMs in the subnet. | bool |
| delegations | An array of references to the delegations on the subnet. | CommonDelegation[] |
| ipAllocations | Array of IpAllocation which reference this subnet. | CommonSubResource[] |
| ipamPoolPrefixAllocations | A list of IPAM Pools for allocating IP address prefixes. | CommonIpamPoolPrefixAllocation[] |
| natGateway | Nat gateway associated with this subnet. | CommonSubResource |
| networkSecurityGroup | The reference to the NetworkSecurityGroup resource. | CommonNetworkSecurityGroup |
| privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'Disabled' 'Enabled' 'NetworkSecurityGroupEnabled' 'RouteTableEnabled' |
| privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'Disabled' 'Enabled' |
| routeTable | The reference to the RouteTable resource. | CommonRouteTable |
| serviceEndpointPolicies | An array of service endpoint policies. | CommonServiceEndpointPolicy[] |
| serviceEndpoints | An array of service endpoints. | CommonServiceEndpointPropertiesFormat[] |
| serviceGateway | Reference to an existing service gateway. | CommonSubResource |
| sharingScope | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. | 'DelegatedServices' 'Tenant' |
CommonSubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
Usage Examples
Terraform Samples
A basic example of deploying Private Link Service.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
azurerm = {
source = "hashicorp/azurerm"
}
}
}
provider "azurerm" {
features {
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westeurope"
}
data "azurerm_client_config" "current" {
}
data "azapi_resource" "subscription" {
type = "Microsoft.Resources/subscriptions@2021-01-01"
resource_id = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
response_export_values = ["*"]
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
addressSpace = {
addressPrefixes = [
"10.5.0.0/16",
]
}
dhcpOptions = {
dnsServers = [
]
}
subnets = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
lifecycle {
ignore_changes = [body.properties.subnets]
}
}
resource "azapi_resource" "publicIPAddress" {
type = "Microsoft.Network/publicIPAddresses@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
ddosSettings = {
protectionMode = "VirtualNetworkInherited"
}
idleTimeoutInMinutes = 4
publicIPAddressVersion = "IPv4"
publicIPAllocationMethod = "Static"
}
sku = {
name = "Standard"
tier = "Regional"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "loadBalancer" {
type = "Microsoft.Network/loadBalancers@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
frontendIPConfigurations = [
{
name = var.resource_name
properties = {
publicIPAddress = {
id = azapi_resource.publicIPAddress.id
}
}
},
]
}
sku = {
name = "Standard"
tier = "Regional"
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "subnet" {
type = "Microsoft.Network/virtualNetworks/subnets@2022-07-01"
parent_id = azapi_resource.virtualNetwork.id
name = var.resource_name
body = {
properties = {
addressPrefix = "10.5.4.0/24"
delegations = [
]
privateEndpointNetworkPolicies = "Enabled"
privateLinkServiceNetworkPolicies = "Disabled"
serviceEndpointPolicies = [
]
serviceEndpoints = [
]
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}
resource "azapi_resource" "privateLinkService" {
type = "Microsoft.Network/privateLinkServices@2022-07-01"
parent_id = azapi_resource.resourceGroup.id
name = var.resource_name
location = var.location
body = {
properties = {
autoApproval = {
subscriptions = [
]
}
enableProxyProtocol = false
fqdns = [
]
ipConfigurations = [
{
name = "primaryIpConfiguration-230630033653892379"
properties = {
primary = true
privateIPAddress = ""
privateIPAddressVersion = "IPv4"
privateIPAllocationMethod = "Dynamic"
subnet = {
id = azapi_resource.subnet.id
}
}
},
]
loadBalancerFrontendIpConfigurations = [
{
id = azapi_resource.loadBalancer.output.properties.frontendIPConfigurations[0].id
},
]
visibility = {
subscriptions = [
]
}
}
}
schema_validation_enabled = false
response_export_values = ["*"]
}