1. Answers
  2. Setting Up Azure Private Link for Azure Cache for Redis

How do I set up Azure Private Link for Azure Cache for Redis?

In this example, we will set up Azure Private Link for Azure Cache for Redis. Azure Private Link enables private connectivity from a virtual network to Azure services. This configuration improves security by eliminating exposure to the public internet.

Here is a step-by-step guide to achieve this:

  1. Create a Resource Group: This is a container that holds related resources for an Azure solution.
  2. Create a Virtual Network (VNet): This is the network where resources will communicate securely.
  3. Create a Subnet: A segment of the VNet with its address space.
  4. Create a Private DNS Zone: To resolve the private endpoint IP addresses.
  5. Create an Azure Cache for Redis: Managed Redis service from Azure.
  6. Create a Private Endpoint: To connect the Redis service privately to the VNet.
  7. Configure Private DNS Zone A Record: To resolve the Redis cache hostname to the private IP.

Below is the code to automate this setup process.

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const rg = new azure.core.ResourceGroup("rg", {
    name: "example-resources",
    location: "West Europe",
});
const vnet = new azure.network.VirtualNetwork("vnet", {
    name: "example-vnet",
    addressSpaces: ["10.0.0.0/16"],
    location: rg.location,
    resourceGroupName: rg.name,
});
const subnet = new azure.network.Subnet("subnet", {
    name: "example-subnet",
    virtualNetworkName: vnet.name,
    resourceGroupName: rg.name,
    addressPrefixes: ["10.0.1.0/24"],
    serviceEndpoints: ["Microsoft.Sql"],
});
const privateDnsZone = new azure.privatedns.Zone("private_dns_zone", {
    name: "privatelink.redis.cache.windows.net",
    resourceGroupName: rg.name,
});
const dnsZoneVnetLink = new azure.privatedns.ZoneVirtualNetworkLink("dns_zone_vnet_link", {
    name: "example-vnet-link",
    resourceGroupName: rg.name,
    privateDnsZoneName: privateDnsZone.name,
    virtualNetworkId: vnet.id,
});
const cache = new azure.redis.Cache("cache", {
    name: "example-redis-cache",
    location: rg.location,
    resourceGroupName: rg.name,
    capacity: 1,
    family: "C",
    skuName: "Standard",
    enableNonSslPort: false,
});
const privateEndpoint = new azure.privatelink.Endpoint("private_endpoint", {
    name: "example-private-endpoint",
    resourceGroupName: rg.name,
    location: rg.location,
    subnetId: subnet.id,
    privateServiceConnection: {
        name: "example-privatelink-redis",
        privateConnectionResourceId: cache.id,
        isManualConnection: false,
        subresourceNames: ["redisCache"],
    },
});
const aRecord = new azure.privatedns.ARecord("a_record", {
    name: cache.hostname,
    zoneName: privateDnsZone.name,
    resourceGroupName: rg.name,
    ttl: 300,
    records: [privateEndpoint.privateServiceConnection.apply(privateServiceConnection => privateServiceConnection.privateIpAddress)],
});
export const redisCacheId = cache.id;
export const privateEndpointId = privateEndpoint.id;
export const dnsZoneId = privateDnsZone.id;

In this configuration:

  • The Resource Group holds all other resources.
  • The Virtual Network is the foundational building block for your private network.
  • The Subnet is a network subdivision within the Virtual Network.
  • The Private DNS Zone allows internal DNS name resolution of the Private Link.
  • The Redis Cache is the actual cache resource.
  • The Private Endpoint creates a private, network-isolated connection to the Redis Cache.
  • The DNS A Record maps the Redis hostname to its private IP address.

In conclusion, this setup ensures that your Azure Cache for Redis can be accessed securely through a private endpoint, without exposing it to the public internet.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up