Endpoint

Azure v6.35.0, Apr 21 26

We recommend using Azure Native.

Viewing docs for Azure v6.35.0
published on Tuesday, Apr 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure

We recommend using Azure Native.

Viewing docs for Azure v6.35.0
published on Tuesday, Apr 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure

Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. The service could be an Azure service such as Azure Storage, SQL, etc. or your own Private Link Service.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-resources",
    location: "West Europe",
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
    name: "example-network",
    addressSpaces: ["10.0.0.0/16"],
    location: example.location,
    resourceGroupName: example.name,
});
const service = new azure.network.Subnet("service", {
    name: "service",
    resourceGroupName: example.name,
    virtualNetworkName: exampleVirtualNetwork.name,
    addressPrefixes: ["10.0.1.0/24"],
    enforcePrivateLinkServiceNetworkPolicies: true,
});
const endpoint = new azure.network.Subnet("endpoint", {
    name: "endpoint",
    resourceGroupName: example.name,
    virtualNetworkName: exampleVirtualNetwork.name,
    addressPrefixes: ["10.0.2.0/24"],
    enforcePrivateLinkEndpointNetworkPolicies: true,
});
const examplePublicIp = new azure.network.PublicIp("example", {
    name: "example-pip",
    sku: "Standard",
    location: example.location,
    resourceGroupName: example.name,
    allocationMethod: "Static",
});
const exampleLoadBalancer = new azure.lb.LoadBalancer("example", {
    name: "example-lb",
    sku: "Standard",
    location: example.location,
    resourceGroupName: example.name,
    frontendIpConfigurations: [{
        name: examplePublicIp.name,
        publicIpAddressId: examplePublicIp.id,
    }],
});
const exampleLinkService = new azure.privatedns.LinkService("example", {
    name: "example-privatelink",
    location: example.location,
    resourceGroupName: example.name,
    natIpConfigurations: [{
        name: examplePublicIp.name,
        primary: true,
        subnetId: service.id,
    }],
    loadBalancerFrontendIpConfigurationIds: [exampleLoadBalancer.frontendIpConfigurations.apply(frontendIpConfigurations => frontendIpConfigurations?.[0]?.id)],
});
const exampleEndpoint = new azure.privatelink.Endpoint("example", {
    name: "example-endpoint",
    location: example.location,
    resourceGroupName: example.name,
    subnetId: endpoint.id,
    privateServiceConnection: {
        name: "example-privateserviceconnection",
        privateConnectionResourceId: exampleLinkService.id,
        isManualConnection: false,
    },
});

import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-resources",
    location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("example",
    name="example-network",
    address_spaces=["10.0.0.0/16"],
    location=example.location,
    resource_group_name=example.name)
service = azure.network.Subnet("service",
    name="service",
    resource_group_name=example.name,
    virtual_network_name=example_virtual_network.name,
    address_prefixes=["10.0.1.0/24"],
    enforce_private_link_service_network_policies=True)
endpoint = azure.network.Subnet("endpoint",
    name="endpoint",
    resource_group_name=example.name,
    virtual_network_name=example_virtual_network.name,
    address_prefixes=["10.0.2.0/24"],
    enforce_private_link_endpoint_network_policies=True)
example_public_ip = azure.network.PublicIp("example",
    name="example-pip",
    sku="Standard",
    location=example.location,
    resource_group_name=example.name,
    allocation_method="Static")
example_load_balancer = azure.lb.LoadBalancer("example",
    name="example-lb",
    sku="Standard",
    location=example.location,
    resource_group_name=example.name,
    frontend_ip_configurations=[{
        "name": example_public_ip.name,
        "public_ip_address_id": example_public_ip.id,
    }])
example_link_service = azure.privatedns.LinkService("example",
    name="example-privatelink",
    location=example.location,
    resource_group_name=example.name,
    nat_ip_configurations=[{
        "name": example_public_ip.name,
        "primary": True,
        "subnet_id": service.id,
    }],
    load_balancer_frontend_ip_configuration_ids=[example_load_balancer.frontend_ip_configurations[0].id])
example_endpoint = azure.privatelink.Endpoint("example",
    name="example-endpoint",
    location=example.location,
    resource_group_name=example.name,
    subnet_id=endpoint.id,
    private_service_connection={
        "name": "example-privateserviceconnection",
        "private_connection_resource_id": example_link_service.id,
        "is_manual_connection": False,
    })

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/lb"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatelink"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-resources"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
			Name: pulumi.String("example-network"),
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
			Location:          example.Location,
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		service, err := network.NewSubnet(ctx, "service", &network.SubnetArgs{
			Name:               pulumi.String("service"),
			ResourceGroupName:  example.Name,
			VirtualNetworkName: exampleVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
			EnforcePrivateLinkServiceNetworkPolicies: true,
		})
		if err != nil {
			return err
		}
		endpoint, err := network.NewSubnet(ctx, "endpoint", &network.SubnetArgs{
			Name:               pulumi.String("endpoint"),
			ResourceGroupName:  example.Name,
			VirtualNetworkName: exampleVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.2.0/24"),
			},
			EnforcePrivateLinkEndpointNetworkPolicies: true,
		})
		if err != nil {
			return err
		}
		examplePublicIp, err := network.NewPublicIp(ctx, "example", &network.PublicIpArgs{
			Name:              pulumi.String("example-pip"),
			Sku:               pulumi.String("Standard"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			AllocationMethod:  pulumi.String("Static"),
		})
		if err != nil {
			return err
		}
		exampleLoadBalancer, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
			Name:              pulumi.String("example-lb"),
			Sku:               pulumi.String("Standard"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			FrontendIpConfigurations: lb.LoadBalancerFrontendIpConfigurationArray{
				&lb.LoadBalancerFrontendIpConfigurationArgs{
					Name:              examplePublicIp.Name,
					PublicIpAddressId: examplePublicIp.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		exampleLinkService, err := privatedns.NewLinkService(ctx, "example", &privatedns.LinkServiceArgs{
			Name:              pulumi.String("example-privatelink"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			NatIpConfigurations: privatedns.LinkServiceNatIpConfigurationArray{
				&privatedns.LinkServiceNatIpConfigurationArgs{
					Name:     examplePublicIp.Name,
					Primary:  pulumi.Bool(true),
					SubnetId: service.ID(),
				},
			},
			LoadBalancerFrontendIpConfigurationIds: pulumi.StringArray{
				pulumi.String(exampleLoadBalancer.FrontendIpConfigurations.ApplyT(func(frontendIpConfigurations []lb.LoadBalancerFrontendIpConfiguration) (*string, error) {
					return &frontendIpConfigurations[0].Id, nil
				}).(pulumi.StringPtrOutput)),
			},
		})
		if err != nil {
			return err
		}
		_, err = privatelink.NewEndpoint(ctx, "example", &privatelink.EndpointArgs{
			Name:              pulumi.String("example-endpoint"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			SubnetId:          endpoint.ID(),
			PrivateServiceConnection: &privatelink.EndpointPrivateServiceConnectionArgs{
				Name:                        pulumi.String("example-privateserviceconnection"),
				PrivateConnectionResourceId: exampleLinkService.ID(),
				IsManualConnection:          pulumi.Bool(false),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-resources",
        Location = "West Europe",
    });

    var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
    {
        Name = "example-network",
        AddressSpaces = new[]
        {
            "10.0.0.0/16",
        },
        Location = example.Location,
        ResourceGroupName = example.Name,
    });

    var service = new Azure.Network.Subnet("service", new()
    {
        Name = "service",
        ResourceGroupName = example.Name,
        VirtualNetworkName = exampleVirtualNetwork.Name,
        AddressPrefixes = new[]
        {
            "10.0.1.0/24",
        },
        EnforcePrivateLinkServiceNetworkPolicies = true,
    });

    var endpoint = new Azure.Network.Subnet("endpoint", new()
    {
        Name = "endpoint",
        ResourceGroupName = example.Name,
        VirtualNetworkName = exampleVirtualNetwork.Name,
        AddressPrefixes = new[]
        {
            "10.0.2.0/24",
        },
        EnforcePrivateLinkEndpointNetworkPolicies = true,
    });

    var examplePublicIp = new Azure.Network.PublicIp("example", new()
    {
        Name = "example-pip",
        Sku = "Standard",
        Location = example.Location,
        ResourceGroupName = example.Name,
        AllocationMethod = "Static",
    });

    var exampleLoadBalancer = new Azure.Lb.LoadBalancer("example", new()
    {
        Name = "example-lb",
        Sku = "Standard",
        Location = example.Location,
        ResourceGroupName = example.Name,
        FrontendIpConfigurations = new[]
        {
            new Azure.Lb.Inputs.LoadBalancerFrontendIpConfigurationArgs
            {
                Name = examplePublicIp.Name,
                PublicIpAddressId = examplePublicIp.Id,
            },
        },
    });

    var exampleLinkService = new Azure.PrivateDns.LinkService("example", new()
    {
        Name = "example-privatelink",
        Location = example.Location,
        ResourceGroupName = example.Name,
        NatIpConfigurations = new[]
        {
            new Azure.PrivateDns.Inputs.LinkServiceNatIpConfigurationArgs
            {
                Name = examplePublicIp.Name,
                Primary = true,
                SubnetId = service.Id,
            },
        },
        LoadBalancerFrontendIpConfigurationIds = new[]
        {
            exampleLoadBalancer.FrontendIpConfigurations.Apply(frontendIpConfigurations => frontendIpConfigurations[0]?.Id),
        },
    });

    var exampleEndpoint = new Azure.PrivateLink.Endpoint("example", new()
    {
        Name = "example-endpoint",
        Location = example.Location,
        ResourceGroupName = example.Name,
        SubnetId = endpoint.Id,
        PrivateServiceConnection = new Azure.PrivateLink.Inputs.EndpointPrivateServiceConnectionArgs
        {
            Name = "example-privateserviceconnection",
            PrivateConnectionResourceId = exampleLinkService.Id,
            IsManualConnection = false,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.PublicIp;
import com.pulumi.azure.network.PublicIpArgs;
import com.pulumi.azure.lb.LoadBalancer;
import com.pulumi.azure.lb.LoadBalancerArgs;
import com.pulumi.azure.lb.inputs.LoadBalancerFrontendIpConfigurationArgs;
import com.pulumi.azure.privatedns.LinkService;
import com.pulumi.azure.privatedns.LinkServiceArgs;
import com.pulumi.azure.privatedns.inputs.LinkServiceNatIpConfigurationArgs;
import com.pulumi.azure.privatelink.Endpoint;
import com.pulumi.azure.privatelink.EndpointArgs;
import com.pulumi.azure.privatelink.inputs.EndpointPrivateServiceConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-resources")
            .location("West Europe")
            .build());

        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .name("example-network")
            .addressSpaces("10.0.0.0/16")
            .location(example.location())
            .resourceGroupName(example.name())
            .build());

        var service = new Subnet("service", SubnetArgs.builder()
            .name("service")
            .resourceGroupName(example.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.1.0/24")
            .enforcePrivateLinkServiceNetworkPolicies(true)
            .build());

        var endpoint = new Subnet("endpoint", SubnetArgs.builder()
            .name("endpoint")
            .resourceGroupName(example.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.2.0/24")
            .enforcePrivateLinkEndpointNetworkPolicies(true)
            .build());

        var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()
            .name("example-pip")
            .sku("Standard")
            .location(example.location())
            .resourceGroupName(example.name())
            .allocationMethod("Static")
            .build());

        var exampleLoadBalancer = new LoadBalancer("exampleLoadBalancer", LoadBalancerArgs.builder()
            .name("example-lb")
            .sku("Standard")
            .location(example.location())
            .resourceGroupName(example.name())
            .frontendIpConfigurations(LoadBalancerFrontendIpConfigurationArgs.builder()
                .name(examplePublicIp.name())
                .publicIpAddressId(examplePublicIp.id())
                .build())
            .build());

        var exampleLinkService = new LinkService("exampleLinkService", LinkServiceArgs.builder()
            .name("example-privatelink")
            .location(example.location())
            .resourceGroupName(example.name())
            .natIpConfigurations(LinkServiceNatIpConfigurationArgs.builder()
                .name(examplePublicIp.name())
                .primary(true)
                .subnetId(service.id())
                .build())
            .loadBalancerFrontendIpConfigurationIds(exampleLoadBalancer.frontendIpConfigurations().applyValue(_frontendIpConfigurations -> _frontendIpConfigurations[0].id()))
            .build());

        var exampleEndpoint = new Endpoint("exampleEndpoint", EndpointArgs.builder()
            .name("example-endpoint")
            .location(example.location())
            .resourceGroupName(example.name())
            .subnetId(endpoint.id())
            .privateServiceConnection(EndpointPrivateServiceConnectionArgs.builder()
                .name("example-privateserviceconnection")
                .privateConnectionResourceId(exampleLinkService.id())
                .isManualConnection(false)
                .build())
            .build());

    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-resources
      location: West Europe
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    name: example
    properties:
      name: example-network
      addressSpaces:
        - 10.0.0.0/16
      location: ${example.location}
      resourceGroupName: ${example.name}
  service:
    type: azure:network:Subnet
    properties:
      name: service
      resourceGroupName: ${example.name}
      virtualNetworkName: ${exampleVirtualNetwork.name}
      addressPrefixes:
        - 10.0.1.0/24
      enforcePrivateLinkServiceNetworkPolicies: true
  endpoint:
    type: azure:network:Subnet
    properties:
      name: endpoint
      resourceGroupName: ${example.name}
      virtualNetworkName: ${exampleVirtualNetwork.name}
      addressPrefixes:
        - 10.0.2.0/24
      enforcePrivateLinkEndpointNetworkPolicies: true
  examplePublicIp:
    type: azure:network:PublicIp
    name: example
    properties:
      name: example-pip
      sku: Standard
      location: ${example.location}
      resourceGroupName: ${example.name}
      allocationMethod: Static
  exampleLoadBalancer:
    type: azure:lb:LoadBalancer
    name: example
    properties:
      name: example-lb
      sku: Standard
      location: ${example.location}
      resourceGroupName: ${example.name}
      frontendIpConfigurations:
        - name: ${examplePublicIp.name}
          publicIpAddressId: ${examplePublicIp.id}
  exampleLinkService:
    type: azure:privatedns:LinkService
    name: example
    properties:
      name: example-privatelink
      location: ${example.location}
      resourceGroupName: ${example.name}
      natIpConfigurations:
        - name: ${examplePublicIp.name}
          primary: true
          subnetId: ${service.id}
      loadBalancerFrontendIpConfigurationIds:
        - ${exampleLoadBalancer.frontendIpConfigurations[0].id}
  exampleEndpoint:
    type: azure:privatelink:Endpoint
    name: example
    properties:
      name: example-endpoint
      location: ${example.location}
      resourceGroupName: ${example.name}
      subnetId: ${endpoint.id}
      privateServiceConnection:
        name: example-privateserviceconnection
        privateConnectionResourceId: ${exampleLinkService.id}
        isManualConnection: false

Example coming soon!

Using a Private Link Service Alias with existing resources:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = azure.core.getResourceGroup({
    name: "example-resources",
});
const vnet = example.then(example => azure.network.getVirtualNetwork({
    name: "example-network",
    resourceGroupName: example.name,
}));
const subnet = Promise.all([vnet, example]).then(([vnet, example]) => azure.network.getSubnet({
    name: "default",
    virtualNetworkName: vnet.name,
    resourceGroupName: example.name,
}));
const exampleEndpoint = new azure.privatelink.Endpoint("example", {
    name: "example-endpoint",
    location: example.then(example => example.location),
    resourceGroupName: example.then(example => example.name),
    subnetId: subnet.then(subnet => subnet.id),
    privateServiceConnection: {
        name: "example-privateserviceconnection",
        privateConnectionResourceAlias: "example-privatelinkservice.d20286c8-4ea5-11eb-9584-8f53157226c6.centralus.azure.privatelinkservice",
        isManualConnection: true,
        requestMessage: "PL",
    },
});

import pulumi
import pulumi_azure as azure

example = azure.core.get_resource_group(name="example-resources")
vnet = azure.network.get_virtual_network(name="example-network",
    resource_group_name=example.name)
subnet = azure.network.get_subnet(name="default",
    virtual_network_name=vnet.name,
    resource_group_name=example.name)
example_endpoint = azure.privatelink.Endpoint("example",
    name="example-endpoint",
    location=example.location,
    resource_group_name=example.name,
    subnet_id=subnet.id,
    private_service_connection={
        "name": "example-privateserviceconnection",
        "private_connection_resource_alias": "example-privatelinkservice.d20286c8-4ea5-11eb-9584-8f53157226c6.centralus.azure.privatelinkservice",
        "is_manual_connection": True,
        "request_message": "PL",
    })

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatelink"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.LookupResourceGroup(ctx, &core.LookupResourceGroupArgs{
			Name: "example-resources",
		}, nil)
		if err != nil {
			return err
		}
		vnet, err := network.LookupVirtualNetwork(ctx, &network.LookupVirtualNetworkArgs{
			Name:              "example-network",
			ResourceGroupName: example.Name,
		}, nil)
		if err != nil {
			return err
		}
		subnet, err := network.LookupSubnet(ctx, &network.LookupSubnetArgs{
			Name:               "default",
			VirtualNetworkName: vnet.Name,
			ResourceGroupName:  example.Name,
		}, nil)
		if err != nil {
			return err
		}
		_, err = privatelink.NewEndpoint(ctx, "example", &privatelink.EndpointArgs{
			Name:              pulumi.String("example-endpoint"),
			Location:          pulumi.String(pulumi.String(example.Location)),
			ResourceGroupName: pulumi.String(pulumi.String(example.Name)),
			SubnetId:          pulumi.String(pulumi.String(subnet.Id)),
			PrivateServiceConnection: &privatelink.EndpointPrivateServiceConnectionArgs{
				Name:                           pulumi.String("example-privateserviceconnection"),
				PrivateConnectionResourceAlias: pulumi.String("example-privatelinkservice.d20286c8-4ea5-11eb-9584-8f53157226c6.centralus.azure.privatelinkservice"),
				IsManualConnection:             pulumi.Bool(true),
				RequestMessage:                 pulumi.String("PL"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = Azure.Core.GetResourceGroup.Invoke(new()
    {
        Name = "example-resources",
    });

    var vnet = Azure.Network.GetVirtualNetwork.Invoke(new()
    {
        Name = "example-network",
        ResourceGroupName = example.Apply(getResourceGroupResult => getResourceGroupResult.Name),
    });

    var subnet = Azure.Network.GetSubnet.Invoke(new()
    {
        Name = "default",
        VirtualNetworkName = vnet.Apply(getVirtualNetworkResult => getVirtualNetworkResult.Name),
        ResourceGroupName = example.Apply(getResourceGroupResult => getResourceGroupResult.Name),
    });

    var exampleEndpoint = new Azure.PrivateLink.Endpoint("example", new()
    {
        Name = "example-endpoint",
        Location = example.Apply(getResourceGroupResult => getResourceGroupResult.Location),
        ResourceGroupName = example.Apply(getResourceGroupResult => getResourceGroupResult.Name),
        SubnetId = subnet.Apply(getSubnetResult => getSubnetResult.Id),
        PrivateServiceConnection = new Azure.PrivateLink.Inputs.EndpointPrivateServiceConnectionArgs
        {
            Name = "example-privateserviceconnection",
            PrivateConnectionResourceAlias = "example-privatelinkservice.d20286c8-4ea5-11eb-9584-8f53157226c6.centralus.azure.privatelinkservice",
            IsManualConnection = true,
            RequestMessage = "PL",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetResourceGroupArgs;
import com.pulumi.azure.network.NetworkFunctions;
import com.pulumi.azure.network.inputs.GetVirtualNetworkArgs;
import com.pulumi.azure.network.inputs.GetSubnetArgs;
import com.pulumi.azure.privatelink.Endpoint;
import com.pulumi.azure.privatelink.EndpointArgs;
import com.pulumi.azure.privatelink.inputs.EndpointPrivateServiceConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = CoreFunctions.getResourceGroup(GetResourceGroupArgs.builder()
            .name("example-resources")
            .build());

        final var vnet = NetworkFunctions.getVirtualNetwork(GetVirtualNetworkArgs.builder()
            .name("example-network")
            .resourceGroupName(example.name())
            .build());

        final var subnet = NetworkFunctions.getSubnet(GetSubnetArgs.builder()
            .name("default")
            .virtualNetworkName(vnet.name())
            .resourceGroupName(example.name())
            .build());

        var exampleEndpoint = new Endpoint("exampleEndpoint", EndpointArgs.builder()
            .name("example-endpoint")
            .location(example.location())
            .resourceGroupName(example.name())
            .subnetId(subnet.id())
            .privateServiceConnection(EndpointPrivateServiceConnectionArgs.builder()
                .name("example-privateserviceconnection")
                .privateConnectionResourceAlias("example-privatelinkservice.d20286c8-4ea5-11eb-9584-8f53157226c6.centralus.azure.privatelinkservice")
                .isManualConnection(true)
                .requestMessage("PL")
                .build())
            .build());

    }
}

resources:
  exampleEndpoint:
    type: azure:privatelink:Endpoint
    name: example
    properties:
      name: example-endpoint
      location: ${example.location}
      resourceGroupName: ${example.name}
      subnetId: ${subnet.id}
      privateServiceConnection:
        name: example-privateserviceconnection
        privateConnectionResourceAlias: example-privatelinkservice.d20286c8-4ea5-11eb-9584-8f53157226c6.centralus.azure.privatelinkservice
        isManualConnection: true
        requestMessage: PL
variables:
  example:
    fn::invoke:
      function: azure:core:getResourceGroup
      arguments:
        name: example-resources
  vnet:
    fn::invoke:
      function: azure:network:getVirtualNetwork
      arguments:
        name: example-network
        resourceGroupName: ${example.name}
  subnet:
    fn::invoke:
      function: azure:network:getSubnet
      arguments:
        name: default
        virtualNetworkName: ${vnet.name}
        resourceGroupName: ${example.name}

Example coming soon!

Using a Private Endpoint pointing to an owned Azure service, with proper DNS configuration:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.core.ResourceGroup("example", {
    name: "example-rg",
    location: "West Europe",
});
const exampleAccount = new azure.storage.Account("example", {
    name: "exampleaccount",
    resourceGroupName: example.name,
    location: example.location,
    accountTier: "Standard",
    accountReplicationType: "LRS",
});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
    name: "virtnetname",
    addressSpaces: ["10.0.0.0/16"],
    location: example.location,
    resourceGroupName: example.name,
});
const exampleSubnet = new azure.network.Subnet("example", {
    name: "subnetname",
    resourceGroupName: example.name,
    virtualNetworkName: exampleVirtualNetwork.name,
    addressPrefixes: ["10.0.2.0/24"],
});
const exampleZone = new azure.privatedns.Zone("example", {
    name: "privatelink.blob.core.windows.net",
    resourceGroupName: example.name,
});
const exampleEndpoint = new azure.privatelink.Endpoint("example", {
    name: "example-endpoint",
    location: example.location,
    resourceGroupName: example.name,
    subnetId: exampleSubnet.id,
    privateServiceConnection: {
        name: "example-privateserviceconnection",
        privateConnectionResourceId: exampleAccount.id,
        subresourceNames: ["blob"],
        isManualConnection: false,
    },
    privateDnsZoneGroup: {
        name: "example-dns-zone-group",
        privateDnsZoneIds: [exampleZone.id],
    },
});
const exampleZoneVirtualNetworkLink = new azure.privatedns.ZoneVirtualNetworkLink("example", {
    name: "example-link",
    resourceGroupName: example.name,
    privateDnsZoneName: exampleZone.name,
    virtualNetworkId: exampleVirtualNetwork.id,
});

import pulumi
import pulumi_azure as azure

example = azure.core.ResourceGroup("example",
    name="example-rg",
    location="West Europe")
example_account = azure.storage.Account("example",
    name="exampleaccount",
    resource_group_name=example.name,
    location=example.location,
    account_tier="Standard",
    account_replication_type="LRS")
example_virtual_network = azure.network.VirtualNetwork("example",
    name="virtnetname",
    address_spaces=["10.0.0.0/16"],
    location=example.location,
    resource_group_name=example.name)
example_subnet = azure.network.Subnet("example",
    name="subnetname",
    resource_group_name=example.name,
    virtual_network_name=example_virtual_network.name,
    address_prefixes=["10.0.2.0/24"])
example_zone = azure.privatedns.Zone("example",
    name="privatelink.blob.core.windows.net",
    resource_group_name=example.name)
example_endpoint = azure.privatelink.Endpoint("example",
    name="example-endpoint",
    location=example.location,
    resource_group_name=example.name,
    subnet_id=example_subnet.id,
    private_service_connection={
        "name": "example-privateserviceconnection",
        "private_connection_resource_id": example_account.id,
        "subresource_names": ["blob"],
        "is_manual_connection": False,
    },
    private_dns_zone_group={
        "name": "example-dns-zone-group",
        "private_dns_zone_ids": [example_zone.id],
    })
example_zone_virtual_network_link = azure.privatedns.ZoneVirtualNetworkLink("example",
    name="example-link",
    resource_group_name=example.name,
    private_dns_zone_name=example_zone.name,
    virtual_network_id=example_virtual_network.id)

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatedns"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/privatelink"
	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
			Name:     pulumi.String("example-rg"),
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleAccount, err := storage.NewAccount(ctx, "example", &storage.AccountArgs{
			Name:                   pulumi.String("exampleaccount"),
			ResourceGroupName:      example.Name,
			Location:               example.Location,
			AccountTier:            pulumi.String("Standard"),
			AccountReplicationType: pulumi.String("LRS"),
		})
		if err != nil {
			return err
		}
		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "example", &network.VirtualNetworkArgs{
			Name: pulumi.String("virtnetname"),
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
			Location:          example.Location,
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		exampleSubnet, err := network.NewSubnet(ctx, "example", &network.SubnetArgs{
			Name:               pulumi.String("subnetname"),
			ResourceGroupName:  example.Name,
			VirtualNetworkName: exampleVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.2.0/24"),
			},
		})
		if err != nil {
			return err
		}
		exampleZone, err := privatedns.NewZone(ctx, "example", &privatedns.ZoneArgs{
			Name:              pulumi.String("privatelink.blob.core.windows.net"),
			ResourceGroupName: example.Name,
		})
		if err != nil {
			return err
		}
		_, err = privatelink.NewEndpoint(ctx, "example", &privatelink.EndpointArgs{
			Name:              pulumi.String("example-endpoint"),
			Location:          example.Location,
			ResourceGroupName: example.Name,
			SubnetId:          exampleSubnet.ID(),
			PrivateServiceConnection: &privatelink.EndpointPrivateServiceConnectionArgs{
				Name:                        pulumi.String("example-privateserviceconnection"),
				PrivateConnectionResourceId: exampleAccount.ID(),
				SubresourceNames: pulumi.StringArray{
					pulumi.String("blob"),
				},
				IsManualConnection: pulumi.Bool(false),
			},
			PrivateDnsZoneGroup: &privatelink.EndpointPrivateDnsZoneGroupArgs{
				Name: pulumi.String("example-dns-zone-group"),
				PrivateDnsZoneIds: pulumi.StringArray{
					exampleZone.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = privatedns.NewZoneVirtualNetworkLink(ctx, "example", &privatedns.ZoneVirtualNetworkLinkArgs{
			Name:               pulumi.String("example-link"),
			ResourceGroupName:  example.Name,
			PrivateDnsZoneName: exampleZone.Name,
			VirtualNetworkId:   exampleVirtualNetwork.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var example = new Azure.Core.ResourceGroup("example", new()
    {
        Name = "example-rg",
        Location = "West Europe",
    });

    var exampleAccount = new Azure.Storage.Account("example", new()
    {
        Name = "exampleaccount",
        ResourceGroupName = example.Name,
        Location = example.Location,
        AccountTier = "Standard",
        AccountReplicationType = "LRS",
    });

    var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("example", new()
    {
        Name = "virtnetname",
        AddressSpaces = new[]
        {
            "10.0.0.0/16",
        },
        Location = example.Location,
        ResourceGroupName = example.Name,
    });

    var exampleSubnet = new Azure.Network.Subnet("example", new()
    {
        Name = "subnetname",
        ResourceGroupName = example.Name,
        VirtualNetworkName = exampleVirtualNetwork.Name,
        AddressPrefixes = new[]
        {
            "10.0.2.0/24",
        },
    });

    var exampleZone = new Azure.PrivateDns.Zone("example", new()
    {
        Name = "privatelink.blob.core.windows.net",
        ResourceGroupName = example.Name,
    });

    var exampleEndpoint = new Azure.PrivateLink.Endpoint("example", new()
    {
        Name = "example-endpoint",
        Location = example.Location,
        ResourceGroupName = example.Name,
        SubnetId = exampleSubnet.Id,
        PrivateServiceConnection = new Azure.PrivateLink.Inputs.EndpointPrivateServiceConnectionArgs
        {
            Name = "example-privateserviceconnection",
            PrivateConnectionResourceId = exampleAccount.Id,
            SubresourceNames = new[]
            {
                "blob",
            },
            IsManualConnection = false,
        },
        PrivateDnsZoneGroup = new Azure.PrivateLink.Inputs.EndpointPrivateDnsZoneGroupArgs
        {
            Name = "example-dns-zone-group",
            PrivateDnsZoneIds = new[]
            {
                exampleZone.Id,
            },
        },
    });

    var exampleZoneVirtualNetworkLink = new Azure.PrivateDns.ZoneVirtualNetworkLink("example", new()
    {
        Name = "example-link",
        ResourceGroupName = example.Name,
        PrivateDnsZoneName = exampleZone.Name,
        VirtualNetworkId = exampleVirtualNetwork.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.privatedns.Zone;
import com.pulumi.azure.privatedns.ZoneArgs;
import com.pulumi.azure.privatelink.Endpoint;
import com.pulumi.azure.privatelink.EndpointArgs;
import com.pulumi.azure.privatelink.inputs.EndpointPrivateServiceConnectionArgs;
import com.pulumi.azure.privatelink.inputs.EndpointPrivateDnsZoneGroupArgs;
import com.pulumi.azure.privatedns.ZoneVirtualNetworkLink;
import com.pulumi.azure.privatedns.ZoneVirtualNetworkLinkArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new ResourceGroup("example", ResourceGroupArgs.builder()
            .name("example-rg")
            .location("West Europe")
            .build());

        var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
            .name("exampleaccount")
            .resourceGroupName(example.name())
            .location(example.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());

        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()
            .name("virtnetname")
            .addressSpaces("10.0.0.0/16")
            .location(example.location())
            .resourceGroupName(example.name())
            .build());

        var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()
            .name("subnetname")
            .resourceGroupName(example.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.2.0/24")
            .build());

        var exampleZone = new Zone("exampleZone", ZoneArgs.builder()
            .name("privatelink.blob.core.windows.net")
            .resourceGroupName(example.name())
            .build());

        var exampleEndpoint = new Endpoint("exampleEndpoint", EndpointArgs.builder()
            .name("example-endpoint")
            .location(example.location())
            .resourceGroupName(example.name())
            .subnetId(exampleSubnet.id())
            .privateServiceConnection(EndpointPrivateServiceConnectionArgs.builder()
                .name("example-privateserviceconnection")
                .privateConnectionResourceId(exampleAccount.id())
                .subresourceNames("blob")
                .isManualConnection(false)
                .build())
            .privateDnsZoneGroup(EndpointPrivateDnsZoneGroupArgs.builder()
                .name("example-dns-zone-group")
                .privateDnsZoneIds(exampleZone.id())
                .build())
            .build());

        var exampleZoneVirtualNetworkLink = new ZoneVirtualNetworkLink("exampleZoneVirtualNetworkLink", ZoneVirtualNetworkLinkArgs.builder()
            .name("example-link")
            .resourceGroupName(example.name())
            .privateDnsZoneName(exampleZone.name())
            .virtualNetworkId(exampleVirtualNetwork.id())
            .build());

    }
}

resources:
  example:
    type: azure:core:ResourceGroup
    properties:
      name: example-rg
      location: West Europe
  exampleAccount:
    type: azure:storage:Account
    name: example
    properties:
      name: exampleaccount
      resourceGroupName: ${example.name}
      location: ${example.location}
      accountTier: Standard
      accountReplicationType: LRS
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    name: example
    properties:
      name: virtnetname
      addressSpaces:
        - 10.0.0.0/16
      location: ${example.location}
      resourceGroupName: ${example.name}
  exampleSubnet:
    type: azure:network:Subnet
    name: example
    properties:
      name: subnetname
      resourceGroupName: ${example.name}
      virtualNetworkName: ${exampleVirtualNetwork.name}
      addressPrefixes:
        - 10.0.2.0/24
  exampleEndpoint:
    type: azure:privatelink:Endpoint
    name: example
    properties:
      name: example-endpoint
      location: ${example.location}
      resourceGroupName: ${example.name}
      subnetId: ${exampleSubnet.id}
      privateServiceConnection:
        name: example-privateserviceconnection
        privateConnectionResourceId: ${exampleAccount.id}
        subresourceNames:
          - blob
        isManualConnection: false
      privateDnsZoneGroup:
        name: example-dns-zone-group
        privateDnsZoneIds:
          - ${exampleZone.id}
  exampleZone:
    type: azure:privatedns:Zone
    name: example
    properties:
      name: privatelink.blob.core.windows.net
      resourceGroupName: ${example.name}
  exampleZoneVirtualNetworkLink:
    type: azure:privatedns:ZoneVirtualNetworkLink
    name: example
    properties:
      name: example-link
      resourceGroupName: ${example.name}
      privateDnsZoneName: ${exampleZone.name}
      virtualNetworkId: ${exampleVirtualNetwork.id}

Example coming soon!

Example HCL Configurations

How to conneca Private Endpoint to a Application Gateway
How to connect a Private Endpoint to a Cosmos MongoDB
How to connect a Private Endpoint to a Cosmos PostgreSQL
How to connect a Private Endpoint to a PostgreSQL Server
How to connect a Private Endpoint to a Private Link Service
How to connect a Private Endpoint to a Private DNS Group
How to connect a Private Endpoint to a Databricks Workspace
How to connect a Private Endpoint to a Managed Redis

API Providers

This resource uses the following Azure API Providers:

Microsoft.Network - 2025-01-01

Create Endpoint Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Endpoint(name: string, args: EndpointArgs, opts?: CustomResourceOptions);

@overload
def Endpoint(resource_name: str,
             args: EndpointArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Endpoint(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             private_service_connection: Optional[EndpointPrivateServiceConnectionArgs] = None,
             resource_group_name: Optional[str] = None,
             subnet_id: Optional[str] = None,
             custom_network_interface_name: Optional[str] = None,
             ip_configurations: Optional[Sequence[EndpointIpConfigurationArgs]] = None,
             location: Optional[str] = None,
             name: Optional[str] = None,
             private_dns_zone_group: Optional[EndpointPrivateDnsZoneGroupArgs] = None,
             tags: Optional[Mapping[str, str]] = None)

func NewEndpoint(ctx *Context, name string, args EndpointArgs, opts ...ResourceOption) (*Endpoint, error)

public Endpoint(string name, EndpointArgs args, CustomResourceOptions? opts = null)

public Endpoint(String name, EndpointArgs args)
public Endpoint(String name, EndpointArgs args, CustomResourceOptions options)

type: azure:privatelink:Endpoint
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "azure_privatelink_endpoint" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args EndpointArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var azureEndpointResource = new Azure.PrivateLink.Endpoint("azureEndpointResource", new()
{
    PrivateServiceConnection = new Azure.PrivateLink.Inputs.EndpointPrivateServiceConnectionArgs
    {
        IsManualConnection = false,
        Name = "string",
        PrivateConnectionResourceAlias = "string",
        PrivateConnectionResourceId = "string",
        PrivateIpAddress = "string",
        RequestMessage = "string",
        SubresourceNames = new[]
        {
            "string",
        },
    },
    ResourceGroupName = "string",
    SubnetId = "string",
    CustomNetworkInterfaceName = "string",
    IpConfigurations = new[]
    {
        new Azure.PrivateLink.Inputs.EndpointIpConfigurationArgs
        {
            Name = "string",
            PrivateIpAddress = "string",
            MemberName = "string",
            SubresourceName = "string",
        },
    },
    Location = "string",
    Name = "string",
    PrivateDnsZoneGroup = new Azure.PrivateLink.Inputs.EndpointPrivateDnsZoneGroupArgs
    {
        Name = "string",
        PrivateDnsZoneIds = new[]
        {
            "string",
        },
        Id = "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := privatelink.NewEndpoint(ctx, "azureEndpointResource", &privatelink.EndpointArgs{
	PrivateServiceConnection: &privatelink.EndpointPrivateServiceConnectionArgs{
		IsManualConnection:             pulumi.Bool(false),
		Name:                           pulumi.String("string"),
		PrivateConnectionResourceAlias: pulumi.String("string"),
		PrivateConnectionResourceId:    pulumi.String("string"),
		PrivateIpAddress:               pulumi.String("string"),
		RequestMessage:                 pulumi.String("string"),
		SubresourceNames: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	ResourceGroupName:          pulumi.String("string"),
	SubnetId:                   pulumi.String("string"),
	CustomNetworkInterfaceName: pulumi.String("string"),
	IpConfigurations: privatelink.EndpointIpConfigurationArray{
		&privatelink.EndpointIpConfigurationArgs{
			Name:             pulumi.String("string"),
			PrivateIpAddress: pulumi.String("string"),
			MemberName:       pulumi.String("string"),
			SubresourceName:  pulumi.String("string"),
		},
	},
	Location: pulumi.String("string"),
	Name:     pulumi.String("string"),
	PrivateDnsZoneGroup: &privatelink.EndpointPrivateDnsZoneGroupArgs{
		Name: pulumi.String("string"),
		PrivateDnsZoneIds: pulumi.StringArray{
			pulumi.String("string"),
		},
		Id: pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

resource "azure_privatelink_endpoint" "azureEndpointResource" {
  private_service_connection = {
    is_manual_connection              = false
    name                              = "string"
    private_connection_resource_alias = "string"
    private_connection_resource_id    = "string"
    private_ip_address                = "string"
    request_message                   = "string"
    subresource_names                 = ["string"]
  }
  resource_group_name           = "string"
  subnet_id                     = "string"
  custom_network_interface_name = "string"
  ip_configurations {
    name               = "string"
    private_ip_address = "string"
    member_name        = "string"
    subresource_name   = "string"
  }
  location = "string"
  name     = "string"
  private_dns_zone_group = {
    name                 = "string"
    private_dns_zone_ids = ["string"]
    id                   = "string"
  }
  tags = {
    "string" = "string"
  }
}

var azureEndpointResource = new com.pulumi.azure.privatelink.Endpoint("azureEndpointResource", com.pulumi.azure.privatelink.EndpointArgs.builder()
    .privateServiceConnection(EndpointPrivateServiceConnectionArgs.builder()
        .isManualConnection(false)
        .name("string")
        .privateConnectionResourceAlias("string")
        .privateConnectionResourceId("string")
        .privateIpAddress("string")
        .requestMessage("string")
        .subresourceNames("string")
        .build())
    .resourceGroupName("string")
    .subnetId("string")
    .customNetworkInterfaceName("string")
    .ipConfigurations(EndpointIpConfigurationArgs.builder()
        .name("string")
        .privateIpAddress("string")
        .memberName("string")
        .subresourceName("string")
        .build())
    .location("string")
    .name("string")
    .privateDnsZoneGroup(EndpointPrivateDnsZoneGroupArgs.builder()
        .name("string")
        .privateDnsZoneIds("string")
        .id("string")
        .build())
    .tags(Map.of("string", "string"))
    .build());

azure_endpoint_resource = azure.privatelink.Endpoint("azureEndpointResource",
    private_service_connection={
        "is_manual_connection": False,
        "name": "string",
        "private_connection_resource_alias": "string",
        "private_connection_resource_id": "string",
        "private_ip_address": "string",
        "request_message": "string",
        "subresource_names": ["string"],
    },
    resource_group_name="string",
    subnet_id="string",
    custom_network_interface_name="string",
    ip_configurations=[{
        "name": "string",
        "private_ip_address": "string",
        "member_name": "string",
        "subresource_name": "string",
    }],
    location="string",
    name="string",
    private_dns_zone_group={
        "name": "string",
        "private_dns_zone_ids": ["string"],
        "id": "string",
    },
    tags={
        "string": "string",
    })

const azureEndpointResource = new azure.privatelink.Endpoint("azureEndpointResource", {
    privateServiceConnection: {
        isManualConnection: false,
        name: "string",
        privateConnectionResourceAlias: "string",
        privateConnectionResourceId: "string",
        privateIpAddress: "string",
        requestMessage: "string",
        subresourceNames: ["string"],
    },
    resourceGroupName: "string",
    subnetId: "string",
    customNetworkInterfaceName: "string",
    ipConfigurations: [{
        name: "string",
        privateIpAddress: "string",
        memberName: "string",
        subresourceName: "string",
    }],
    location: "string",
    name: "string",
    privateDnsZoneGroup: {
        name: "string",
        privateDnsZoneIds: ["string"],
        id: "string",
    },
    tags: {
        string: "string",
    },
});

type: azure:privatelink:Endpoint
properties:
    customNetworkInterfaceName: string
    ipConfigurations:
        - memberName: string
          name: string
          privateIpAddress: string
          subresourceName: string
    location: string
    name: string
    privateDnsZoneGroup:
        id: string
        name: string
        privateDnsZoneIds:
            - string
    privateServiceConnection:
        isManualConnection: false
        name: string
        privateConnectionResourceAlias: string
        privateConnectionResourceId: string
        privateIpAddress: string
        requestMessage: string
        subresourceNames:
            - string
    resourceGroupName: string
    subnetId: string
    tags:
        string: string

Endpoint Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Endpoint resource accepts the following input properties:

PrivateServiceConnection EndpointPrivateServiceConnection: A privateServiceConnection block as defined below.
ResourceGroupName string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
SubnetId string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
CustomNetworkInterfaceName string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
IpConfigurations List<EndpointIpConfiguration>: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
Location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
PrivateDnsZoneGroup EndpointPrivateDnsZoneGroup: A privateDnsZoneGroup block as defined below.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.

PrivateServiceConnection EndpointPrivateServiceConnectionArgs: A privateServiceConnection block as defined below.
ResourceGroupName string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
SubnetId string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
CustomNetworkInterfaceName string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
IpConfigurations []EndpointIpConfigurationArgs: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
Location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
PrivateDnsZoneGroup EndpointPrivateDnsZoneGroupArgs: A privateDnsZoneGroup block as defined below.
Tags map[string]string: A mapping of tags to assign to the resource.

private_service_connection object: A privateServiceConnection block as defined below.
resource_group_name string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnet_id string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
custom_network_interface_name string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ip_configurations list(object): One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
private_dns_zone_group object: A privateDnsZoneGroup block as defined below.
tags map(string): A mapping of tags to assign to the resource.

privateServiceConnection EndpointPrivateServiceConnection: A privateServiceConnection block as defined below.
resourceGroupName String: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnetId String: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
customNetworkInterfaceName String: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ipConfigurations List<EndpointIpConfiguration>: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location String: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
privateDnsZoneGroup EndpointPrivateDnsZoneGroup: A privateDnsZoneGroup block as defined below.
tags Map<String,String>: A mapping of tags to assign to the resource.

privateServiceConnection EndpointPrivateServiceConnection: A privateServiceConnection block as defined below.
resourceGroupName string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnetId string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
customNetworkInterfaceName string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ipConfigurations EndpointIpConfiguration[]: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
privateDnsZoneGroup EndpointPrivateDnsZoneGroup: A privateDnsZoneGroup block as defined below.
tags {[key: string]: string}: A mapping of tags to assign to the resource.

private_service_connection EndpointPrivateServiceConnectionArgs: A privateServiceConnection block as defined below.
resource_group_name str: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnet_id str: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
custom_network_interface_name str: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ip_configurations Sequence[EndpointIpConfigurationArgs]: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location str: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
private_dns_zone_group EndpointPrivateDnsZoneGroupArgs: A privateDnsZoneGroup block as defined below.
tags Mapping[str, str]: A mapping of tags to assign to the resource.

privateServiceConnection Property Map: A privateServiceConnection block as defined below.
resourceGroupName String: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnetId String: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
customNetworkInterfaceName String: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ipConfigurations List<Property Map>: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location String: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
privateDnsZoneGroup Property Map: A privateDnsZoneGroup block as defined below.
tags Map<String>: A mapping of tags to assign to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Endpoint resource produces the following output properties:

CustomDnsConfigs List<EndpointCustomDnsConfig>: A customDnsConfigs block as defined below.
Id string: The provider-assigned unique ID for this managed resource.
NetworkInterfaces List<EndpointNetworkInterface>: A networkInterface block as defined below.
PrivateDnsZoneConfigs List<EndpointPrivateDnsZoneConfig>: A privateDnsZoneConfigs block as defined below.

CustomDnsConfigs []EndpointCustomDnsConfig: A customDnsConfigs block as defined below.
Id string: The provider-assigned unique ID for this managed resource.
NetworkInterfaces []EndpointNetworkInterface: A networkInterface block as defined below.
PrivateDnsZoneConfigs []EndpointPrivateDnsZoneConfig: A privateDnsZoneConfigs block as defined below.

custom_dns_configs list(object): A customDnsConfigs block as defined below.
id string: The provider-assigned unique ID for this managed resource.
network_interfaces list(object): A networkInterface block as defined below.
private_dns_zone_configs list(object): A privateDnsZoneConfigs block as defined below.

customDnsConfigs List<EndpointCustomDnsConfig>: A customDnsConfigs block as defined below.
id String: The provider-assigned unique ID for this managed resource.
networkInterfaces List<EndpointNetworkInterface>: A networkInterface block as defined below.
privateDnsZoneConfigs List<EndpointPrivateDnsZoneConfig>: A privateDnsZoneConfigs block as defined below.

customDnsConfigs EndpointCustomDnsConfig[]: A customDnsConfigs block as defined below.
id string: The provider-assigned unique ID for this managed resource.
networkInterfaces EndpointNetworkInterface[]: A networkInterface block as defined below.
privateDnsZoneConfigs EndpointPrivateDnsZoneConfig[]: A privateDnsZoneConfigs block as defined below.

custom_dns_configs Sequence[EndpointCustomDnsConfig]: A customDnsConfigs block as defined below.
id str: The provider-assigned unique ID for this managed resource.
network_interfaces Sequence[EndpointNetworkInterface]: A networkInterface block as defined below.
private_dns_zone_configs Sequence[EndpointPrivateDnsZoneConfig]: A privateDnsZoneConfigs block as defined below.

customDnsConfigs List<Property Map>: A customDnsConfigs block as defined below.
id String: The provider-assigned unique ID for this managed resource.
networkInterfaces List<Property Map>: A networkInterface block as defined below.
privateDnsZoneConfigs List<Property Map>: A privateDnsZoneConfigs block as defined below.

Look up Existing Endpoint Resource

Get an existing Endpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: EndpointState, opts?: CustomResourceOptions): Endpoint

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        custom_dns_configs: Optional[Sequence[EndpointCustomDnsConfigArgs]] = None,
        custom_network_interface_name: Optional[str] = None,
        ip_configurations: Optional[Sequence[EndpointIpConfigurationArgs]] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        network_interfaces: Optional[Sequence[EndpointNetworkInterfaceArgs]] = None,
        private_dns_zone_configs: Optional[Sequence[EndpointPrivateDnsZoneConfigArgs]] = None,
        private_dns_zone_group: Optional[EndpointPrivateDnsZoneGroupArgs] = None,
        private_service_connection: Optional[EndpointPrivateServiceConnectionArgs] = None,
        resource_group_name: Optional[str] = None,
        subnet_id: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None) -> Endpoint

func GetEndpoint(ctx *Context, name string, id IDInput, state *EndpointState, opts ...ResourceOption) (*Endpoint, error)

public static Endpoint Get(string name, Input<string> id, EndpointState? state, CustomResourceOptions? opts = null)

public static Endpoint get(String name, Output<String> id, EndpointState state, CustomResourceOptions options)

resources:  _:    type: azure:privatelink:Endpoint    get:      id: ${id}

import {
  to = azure_privatelink_endpoint.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CustomDnsConfigs List<EndpointCustomDnsConfig>: A customDnsConfigs block as defined below.
CustomNetworkInterfaceName string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
IpConfigurations List<EndpointIpConfiguration>: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
Location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
NetworkInterfaces List<EndpointNetworkInterface>: A networkInterface block as defined below.
PrivateDnsZoneConfigs List<EndpointPrivateDnsZoneConfig>: A privateDnsZoneConfigs block as defined below.
PrivateDnsZoneGroup EndpointPrivateDnsZoneGroup: A privateDnsZoneGroup block as defined below.
PrivateServiceConnection EndpointPrivateServiceConnection: A privateServiceConnection block as defined below.
ResourceGroupName string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
SubnetId string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
Tags Dictionary<string, string>: A mapping of tags to assign to the resource.

CustomDnsConfigs []EndpointCustomDnsConfigArgs: A customDnsConfigs block as defined below.
CustomNetworkInterfaceName string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
IpConfigurations []EndpointIpConfigurationArgs: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
Location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
NetworkInterfaces []EndpointNetworkInterfaceArgs: A networkInterface block as defined below.
PrivateDnsZoneConfigs []EndpointPrivateDnsZoneConfigArgs: A privateDnsZoneConfigs block as defined below.
PrivateDnsZoneGroup EndpointPrivateDnsZoneGroupArgs: A privateDnsZoneGroup block as defined below.
PrivateServiceConnection EndpointPrivateServiceConnectionArgs: A privateServiceConnection block as defined below.
ResourceGroupName string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
SubnetId string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
Tags map[string]string: A mapping of tags to assign to the resource.

custom_dns_configs list(object): A customDnsConfigs block as defined below.
custom_network_interface_name string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ip_configurations list(object): One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
network_interfaces list(object): A networkInterface block as defined below.
private_dns_zone_configs list(object): A privateDnsZoneConfigs block as defined below.
private_dns_zone_group object: A privateDnsZoneGroup block as defined below.
private_service_connection object: A privateServiceConnection block as defined below.
resource_group_name string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnet_id string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
tags map(string): A mapping of tags to assign to the resource.

customDnsConfigs List<EndpointCustomDnsConfig>: A customDnsConfigs block as defined below.
customNetworkInterfaceName String: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ipConfigurations List<EndpointIpConfiguration>: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location String: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
networkInterfaces List<EndpointNetworkInterface>: A networkInterface block as defined below.
privateDnsZoneConfigs List<EndpointPrivateDnsZoneConfig>: A privateDnsZoneConfigs block as defined below.
privateDnsZoneGroup EndpointPrivateDnsZoneGroup: A privateDnsZoneGroup block as defined below.
privateServiceConnection EndpointPrivateServiceConnection: A privateServiceConnection block as defined below.
resourceGroupName String: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnetId String: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
tags Map<String,String>: A mapping of tags to assign to the resource.

customDnsConfigs EndpointCustomDnsConfig[]: A customDnsConfigs block as defined below.
customNetworkInterfaceName string: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ipConfigurations EndpointIpConfiguration[]: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location string: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
networkInterfaces EndpointNetworkInterface[]: A networkInterface block as defined below.
privateDnsZoneConfigs EndpointPrivateDnsZoneConfig[]: A privateDnsZoneConfigs block as defined below.
privateDnsZoneGroup EndpointPrivateDnsZoneGroup: A privateDnsZoneGroup block as defined below.
privateServiceConnection EndpointPrivateServiceConnection: A privateServiceConnection block as defined below.
resourceGroupName string: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnetId string: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
tags {[key: string]: string}: A mapping of tags to assign to the resource.

custom_dns_configs Sequence[EndpointCustomDnsConfigArgs]: A customDnsConfigs block as defined below.
custom_network_interface_name str: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ip_configurations Sequence[EndpointIpConfigurationArgs]: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location str: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name str: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
network_interfaces Sequence[EndpointNetworkInterfaceArgs]: A networkInterface block as defined below.
private_dns_zone_configs Sequence[EndpointPrivateDnsZoneConfigArgs]: A privateDnsZoneConfigs block as defined below.
private_dns_zone_group EndpointPrivateDnsZoneGroupArgs: A privateDnsZoneGroup block as defined below.
private_service_connection EndpointPrivateServiceConnectionArgs: A privateServiceConnection block as defined below.
resource_group_name str: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnet_id str: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
tags Mapping[str, str]: A mapping of tags to assign to the resource.

customDnsConfigs List<Property Map>: A customDnsConfigs block as defined below.
customNetworkInterfaceName String: The custom name of the network interface attached to the private endpoint. Changing this forces a new resource to be created.
ipConfigurations List<Property Map>: One or more ipConfiguration blocks as defined below. This allows a static IP address to be set for this Private Endpoint, otherwise an address is dynamically allocated from the Subnet.
location String: The supported Azure location where the resource exists. Changing this forces a new resource to be created.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
networkInterfaces List<Property Map>: A networkInterface block as defined below.
privateDnsZoneConfigs List<Property Map>: A privateDnsZoneConfigs block as defined below.
privateDnsZoneGroup Property Map: A privateDnsZoneGroup block as defined below.
privateServiceConnection Property Map: A privateServiceConnection block as defined below.
resourceGroupName String: Specifies the Name of the Resource Group within which the Private Endpoint should exist. Changing this forces a new resource to be created.
subnetId String: The ID of the Subnet from which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
tags Map<String>: A mapping of tags to assign to the resource.

Supporting Types

EndpointCustomDnsConfig, EndpointCustomDnsConfigArgs

Fqdn string: The fully qualified domain name to the privateDnsZone.
IpAddresses List<string>: A list of all IP Addresses that map to the privateDnsZone fqdn.

Fqdn string: The fully qualified domain name to the privateDnsZone.
IpAddresses []string: A list of all IP Addresses that map to the privateDnsZone fqdn.

fqdn string: The fully qualified domain name to the privateDnsZone.
ip_addresses list(string): A list of all IP Addresses that map to the privateDnsZone fqdn.

fqdn String: The fully qualified domain name to the privateDnsZone.
ipAddresses List<String>: A list of all IP Addresses that map to the privateDnsZone fqdn.

fqdn string: The fully qualified domain name to the privateDnsZone.
ipAddresses string[]: A list of all IP Addresses that map to the privateDnsZone fqdn.

fqdn str: The fully qualified domain name to the privateDnsZone.
ip_addresses Sequence[str]: A list of all IP Addresses that map to the privateDnsZone fqdn.

fqdn String: The fully qualified domain name to the privateDnsZone.
ipAddresses List<String>: A list of all IP Addresses that map to the privateDnsZone fqdn.

EndpointIpConfiguration, EndpointIpConfigurationArgs

Name string: Specifies the Name of the IP Configuration. Changing this forces a new resource to be created.
PrivateIpAddress string: Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created.
MemberName string: Specifies the member name this IP address applies to. If it is not specified, it will use the value of subresourceName. Changing this forces a new resource to be created.
Note: memberName will be required and will not take the value of subresourceName in the next major version.
SubresourceName string: Specifies the subresource this IP address applies to. subresourceNames corresponds to groupId. Changing this forces a new resource to be created.

Name string: Specifies the Name of the IP Configuration. Changing this forces a new resource to be created.
PrivateIpAddress string: Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created.
MemberName string: Specifies the member name this IP address applies to. If it is not specified, it will use the value of subresourceName. Changing this forces a new resource to be created.
Note: memberName will be required and will not take the value of subresourceName in the next major version.
SubresourceName string: Specifies the subresource this IP address applies to. subresourceNames corresponds to groupId. Changing this forces a new resource to be created.

name string: Specifies the Name of the IP Configuration. Changing this forces a new resource to be created.
private_ip_address string: Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created.
member_name string: Specifies the member name this IP address applies to. If it is not specified, it will use the value of subresourceName. Changing this forces a new resource to be created.
Note: memberName will be required and will not take the value of subresourceName in the next major version.
subresource_name string: Specifies the subresource this IP address applies to. subresourceNames corresponds to groupId. Changing this forces a new resource to be created.

name String: Specifies the Name of the IP Configuration. Changing this forces a new resource to be created.
privateIpAddress String: Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created.
memberName String: Specifies the member name this IP address applies to. If it is not specified, it will use the value of subresourceName. Changing this forces a new resource to be created.
Note: memberName will be required and will not take the value of subresourceName in the next major version.
subresourceName String: Specifies the subresource this IP address applies to. subresourceNames corresponds to groupId. Changing this forces a new resource to be created.

name string: Specifies the Name of the IP Configuration. Changing this forces a new resource to be created.
privateIpAddress string: Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created.
memberName string: Specifies the member name this IP address applies to. If it is not specified, it will use the value of subresourceName. Changing this forces a new resource to be created.
Note: memberName will be required and will not take the value of subresourceName in the next major version.
subresourceName string: Specifies the subresource this IP address applies to. subresourceNames corresponds to groupId. Changing this forces a new resource to be created.

name str: Specifies the Name of the IP Configuration. Changing this forces a new resource to be created.
private_ip_address str: Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created.
member_name str: Specifies the member name this IP address applies to. If it is not specified, it will use the value of subresourceName. Changing this forces a new resource to be created.
Note: memberName will be required and will not take the value of subresourceName in the next major version.
subresource_name str: Specifies the subresource this IP address applies to. subresourceNames corresponds to groupId. Changing this forces a new resource to be created.

name String: Specifies the Name of the IP Configuration. Changing this forces a new resource to be created.
privateIpAddress String: Specifies the static IP address within the private endpoint's subnet to be used. Changing this forces a new resource to be created.
memberName String: Specifies the member name this IP address applies to. If it is not specified, it will use the value of subresourceName. Changing this forces a new resource to be created.
Note: memberName will be required and will not take the value of subresourceName in the next major version.
subresourceName String: Specifies the subresource this IP address applies to. subresourceNames corresponds to groupId. Changing this forces a new resource to be created.

EndpointNetworkInterface, EndpointNetworkInterfaceArgs

Id string: The ID of the Private DNS Zone Config.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.

Id string: The ID of the Private DNS Zone Config.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.

id string: The ID of the Private DNS Zone Config.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.

id String: The ID of the Private DNS Zone Config.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.

id string: The ID of the Private DNS Zone Config.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.

id str: The ID of the Private DNS Zone Config.
name str: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.

id String: The ID of the Private DNS Zone Config.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.

EndpointPrivateDnsZoneConfig, EndpointPrivateDnsZoneConfigArgs

Id string: The ID of the Private DNS Zone Config.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
PrivateDnsZoneId string: The ID of the Private DNS Zone that the config belongs to.
RecordSets List<EndpointPrivateDnsZoneConfigRecordSet>: A recordSets block as defined below.

Id string: The ID of the Private DNS Zone Config.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
PrivateDnsZoneId string: The ID of the Private DNS Zone that the config belongs to.
RecordSets []EndpointPrivateDnsZoneConfigRecordSet: A recordSets block as defined below.

id string: The ID of the Private DNS Zone Config.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
private_dns_zone_id string: The ID of the Private DNS Zone that the config belongs to.
record_sets list(object): A recordSets block as defined below.

id String: The ID of the Private DNS Zone Config.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
privateDnsZoneId String: The ID of the Private DNS Zone that the config belongs to.
recordSets List<EndpointPrivateDnsZoneConfigRecordSet>: A recordSets block as defined below.

id string: The ID of the Private DNS Zone Config.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
privateDnsZoneId string: The ID of the Private DNS Zone that the config belongs to.
recordSets EndpointPrivateDnsZoneConfigRecordSet[]: A recordSets block as defined below.

id str: The ID of the Private DNS Zone Config.
name str: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
private_dns_zone_id str: The ID of the Private DNS Zone that the config belongs to.
record_sets Sequence[EndpointPrivateDnsZoneConfigRecordSet]: A recordSets block as defined below.

id String: The ID of the Private DNS Zone Config.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
privateDnsZoneId String: The ID of the Private DNS Zone that the config belongs to.
recordSets List<Property Map>: A recordSets block as defined below.

EndpointPrivateDnsZoneConfigRecordSet, EndpointPrivateDnsZoneConfigRecordSetArgs

Fqdn string: The fully qualified domain name to the privateDnsZone.
IpAddresses List<string>: A list of all IP Addresses that map to the privateDnsZone fqdn.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
Ttl int: The time to live for each connection to the privateDnsZone.
Type string: The type of DNS record.

Fqdn string: The fully qualified domain name to the privateDnsZone.
IpAddresses []string: A list of all IP Addresses that map to the privateDnsZone fqdn.
Name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
Ttl int: The time to live for each connection to the privateDnsZone.
Type string: The type of DNS record.

fqdn string: The fully qualified domain name to the privateDnsZone.
ip_addresses list(string): A list of all IP Addresses that map to the privateDnsZone fqdn.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
ttl number: The time to live for each connection to the privateDnsZone.
type string: The type of DNS record.

fqdn String: The fully qualified domain name to the privateDnsZone.
ipAddresses List<String>: A list of all IP Addresses that map to the privateDnsZone fqdn.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
ttl Integer: The time to live for each connection to the privateDnsZone.
type String: The type of DNS record.

fqdn string: The fully qualified domain name to the privateDnsZone.
ipAddresses string[]: A list of all IP Addresses that map to the privateDnsZone fqdn.
name string: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
ttl number: The time to live for each connection to the privateDnsZone.
type string: The type of DNS record.

fqdn str: The fully qualified domain name to the privateDnsZone.
ip_addresses Sequence[str]: A list of all IP Addresses that map to the privateDnsZone fqdn.
name str: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
ttl int: The time to live for each connection to the privateDnsZone.
type str: The type of DNS record.

fqdn String: The fully qualified domain name to the privateDnsZone.
ipAddresses List<String>: A list of all IP Addresses that map to the privateDnsZone fqdn.
name String: Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
ttl Number: The time to live for each connection to the privateDnsZone.
type String: The type of DNS record.

EndpointPrivateDnsZoneGroup, EndpointPrivateDnsZoneGroupArgs

Name string: Specifies the Name of the Private DNS Zone Group.
PrivateDnsZoneIds List<string>: Specifies the list of Private DNS Zones to include within the privateDnsZoneGroup.
Id string: The ID of the Private DNS Zone Config.

Name string: Specifies the Name of the Private DNS Zone Group.
PrivateDnsZoneIds []string: Specifies the list of Private DNS Zones to include within the privateDnsZoneGroup.
Id string: The ID of the Private DNS Zone Config.

name string: Specifies the Name of the Private DNS Zone Group.
private_dns_zone_ids list(string): Specifies the list of Private DNS Zones to include within the privateDnsZoneGroup.
id string: The ID of the Private DNS Zone Config.

name String: Specifies the Name of the Private DNS Zone Group.
privateDnsZoneIds List<String>: Specifies the list of Private DNS Zones to include within the privateDnsZoneGroup.
id String: The ID of the Private DNS Zone Config.

name string: Specifies the Name of the Private DNS Zone Group.
privateDnsZoneIds string[]: Specifies the list of Private DNS Zones to include within the privateDnsZoneGroup.
id string: The ID of the Private DNS Zone Config.

name str: Specifies the Name of the Private DNS Zone Group.
private_dns_zone_ids Sequence[str]: Specifies the list of Private DNS Zones to include within the privateDnsZoneGroup.
id str: The ID of the Private DNS Zone Config.

name String: Specifies the Name of the Private DNS Zone Group.
privateDnsZoneIds List<String>: Specifies the list of Private DNS Zones to include within the privateDnsZoneGroup.
id String: The ID of the Private DNS Zone Config.

EndpointPrivateServiceConnection, EndpointPrivateServiceConnectionArgs

IsManualConnection bool: Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.
Note: If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to true.
Name string: Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created.
PrivateConnectionResourceAlias string: The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created.
PrivateConnectionResourceId string: The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself.
PrivateIpAddress string: (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the privateServiceConnection block to obtain the address associated with the private endpoint.
RequestMessage string: A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of 140 characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if isManualConnection is set to true.
Note: When connected to an SQL resource the requestMessage maximum length is 128.
SubresourceNames List<string>: A list of subresource names which the Private Endpoint is able to connect to. subresourceNames corresponds to groupId. Possible values are detailed in the product documentation in the Subresources column. Changing this forces a new resource to be created.
Note: Some resource types (such as Storage Account) only support 1 subresource per private endpoint.
Note: For most Private Links one or more subresourceNames will need to be specified, please see the linked documentation for details.

IsManualConnection bool: Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.
Note: If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to true.
Name string: Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created.
PrivateConnectionResourceAlias string: The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created.
PrivateConnectionResourceId string: The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself.
PrivateIpAddress string: (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the privateServiceConnection block to obtain the address associated with the private endpoint.
RequestMessage string: A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of 140 characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if isManualConnection is set to true.
Note: When connected to an SQL resource the requestMessage maximum length is 128.
SubresourceNames []string: A list of subresource names which the Private Endpoint is able to connect to. subresourceNames corresponds to groupId. Possible values are detailed in the product documentation in the Subresources column. Changing this forces a new resource to be created.
Note: Some resource types (such as Storage Account) only support 1 subresource per private endpoint.
Note: For most Private Links one or more subresourceNames will need to be specified, please see the linked documentation for details.

is_manual_connection bool: Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.
Note: If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to true.
name string: Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created.
private_connection_resource_alias string: The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created.
private_connection_resource_id string: The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself.
private_ip_address string: (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the privateServiceConnection block to obtain the address associated with the private endpoint.
request_message string: A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of 140 characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if isManualConnection is set to true.
Note: When connected to an SQL resource the requestMessage maximum length is 128.
subresource_names list(string): A list of subresource names which the Private Endpoint is able to connect to. subresourceNames corresponds to groupId. Possible values are detailed in the product documentation in the Subresources column. Changing this forces a new resource to be created.
Note: Some resource types (such as Storage Account) only support 1 subresource per private endpoint.
Note: For most Private Links one or more subresourceNames will need to be specified, please see the linked documentation for details.

isManualConnection Boolean: Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.
Note: If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to true.
name String: Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created.
privateConnectionResourceAlias String: The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created.
privateConnectionResourceId String: The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself.
privateIpAddress String: (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the privateServiceConnection block to obtain the address associated with the private endpoint.
requestMessage String: A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of 140 characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if isManualConnection is set to true.
Note: When connected to an SQL resource the requestMessage maximum length is 128.
subresourceNames List<String>: A list of subresource names which the Private Endpoint is able to connect to. subresourceNames corresponds to groupId. Possible values are detailed in the product documentation in the Subresources column. Changing this forces a new resource to be created.
Note: Some resource types (such as Storage Account) only support 1 subresource per private endpoint.
Note: For most Private Links one or more subresourceNames will need to be specified, please see the linked documentation for details.

isManualConnection boolean: Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.
Note: If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to true.
name string: Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created.
privateConnectionResourceAlias string: The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created.
privateConnectionResourceId string: The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself.
privateIpAddress string: (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the privateServiceConnection block to obtain the address associated with the private endpoint.
requestMessage string: A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of 140 characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if isManualConnection is set to true.
Note: When connected to an SQL resource the requestMessage maximum length is 128.
subresourceNames string[]: A list of subresource names which the Private Endpoint is able to connect to. subresourceNames corresponds to groupId. Possible values are detailed in the product documentation in the Subresources column. Changing this forces a new resource to be created.
Note: Some resource types (such as Storage Account) only support 1 subresource per private endpoint.
Note: For most Private Links one or more subresourceNames will need to be specified, please see the linked documentation for details.

is_manual_connection bool: Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.
Note: If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to true.
name str: Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created.
private_connection_resource_alias str: The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created.
private_connection_resource_id str: The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself.
private_ip_address str: (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the privateServiceConnection block to obtain the address associated with the private endpoint.
request_message str: A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of 140 characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if isManualConnection is set to true.
Note: When connected to an SQL resource the requestMessage maximum length is 128.
subresource_names Sequence[str]: A list of subresource names which the Private Endpoint is able to connect to. subresourceNames corresponds to groupId. Possible values are detailed in the product documentation in the Subresources column. Changing this forces a new resource to be created.
Note: Some resource types (such as Storage Account) only support 1 subresource per private endpoint.
Note: For most Private Links one or more subresourceNames will need to be specified, please see the linked documentation for details.

isManualConnection Boolean: Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created.
Note: If you are trying to connect the Private Endpoint to a remote resource without having the correct RBAC permissions on the remote resource set this value to true.
name String: Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created.
privateConnectionResourceAlias String: The Service Alias of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created.
privateConnectionResourceId String: The ID of the Private Link Enabled Remote Resource which this Private Endpoint should be connected to. One of privateConnectionResourceId or privateConnectionResourceAlias must be specified. Changing this forces a new resource to be created. For a web app or function app slot, the parent web app should be used in this field instead of a reference to the slot itself.
privateIpAddress String: (Required) The static IP address set by this configuration. It is recommended to use the private IP address exported in the privateServiceConnection block to obtain the address associated with the private endpoint.
requestMessage String: A message passed to the owner of the remote resource when the private endpoint attempts to establish the connection to the remote resource. The provider allows a maximum request message length of 140 characters, however the request message maximum length is dependent on the service the private endpoint is connected to. Only valid if isManualConnection is set to true.
Note: When connected to an SQL resource the requestMessage maximum length is 128.
subresourceNames List<String>: A list of subresource names which the Private Endpoint is able to connect to. subresourceNames corresponds to groupId. Possible values are detailed in the product documentation in the Subresources column. Changing this forces a new resource to be created.
Note: Some resource types (such as Storage Account) only support 1 subresource per private endpoint.
Note: For most Private Links one or more subresourceNames will need to be specified, please see the linked documentation for details.

Import

Private Endpoints can be imported using the resource id, e.g.

$ pulumi import azure:privatelink/endpoint:Endpoint example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/privateEndpoints/endpoint1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Viewing docs for Azure v6.35.0
published on Tuesday, Apr 21, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure

azure.privatelink.Endpoint

On this page

On this page

Example Usage

Example HCL Configurations

API Providers

Create Endpoint Resource

Constructor syntax

Parameters

Constructor example

Endpoint Resource Properties

Inputs

Outputs

Look up Existing Endpoint Resource

Supporting Types

EndpointCustomDnsConfig, EndpointCustomDnsConfigArgs

EndpointIpConfiguration, EndpointIpConfigurationArgs

EndpointNetworkInterface, EndpointNetworkInterfaceArgs

EndpointPrivateDnsZoneConfig, EndpointPrivateDnsZoneConfigArgs

EndpointPrivateDnsZoneConfigRecordSet, EndpointPrivateDnsZoneConfigRecordSetArgs

EndpointPrivateDnsZoneGroup, EndpointPrivateDnsZoneGroupArgs

EndpointPrivateServiceConnection, EndpointPrivateServiceConnectionArgs

Import

Package Details

On this page

On this page