0

I am trying to create a private endpoint in one subscription (say xxxx) and my Vnet is in another subscription (say YYYYY). both are managed under a management group. So, i am deploying at management group level. But while creating the endpoint it is giving error that Resource is not found. Please suggest how to solve this issue.

Below is my code for main file:

targetScope = 'managementGroup'
param env string = 'xxxxx'
param appname string = 'abcd'
param tags object
param strgSKU string
param strgKind string
//variables
var envfullname = ((env == 'PrePrd') ? 'preprod' : ((env == 'Prd') ? 'prod' : ((env == 'SB') ? 'sb' : 'dev')))
var strgActName = toLower('${envfullname}${appname}sa1')
var saPrvtEndptName = '${envfullname}-${appname}-sa-pe1'
resource RG 'Microsoft.Resources/resourceGroups@2021-04-01'  existing = {
  scope:subscription('xxxxxxxxxxxxxxxxxxxxx')
  name: '${env}-${appname}-RG'
}
resource vnet 'Microsoft.Network/virtualNetworks@2021-08-01' existing = {
  scope: resourceGroup('yyyyyyyyyyyyyyyyy','Networking_RG')
  name: 'Vnet1'
}
resource linkSubnet 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' existing = {
  scope: resourceGroup('yyyyyyyyyyyyyyy','Networking_RG')
  name: 'Vnet1/subnet1'
}
var location = RG.location
var vnetid = vnet.id
//Deploy Resources
/////////////// STORAGE ACCOUNT///////////////////////////////////
//call storage Account bicep module to deploy the storage account
module storageAct './modules/storageAccount.bicep' = {
  scope:RG
  name: strgActName
  params:{
    strgActName: strgActName
    location: location
    tags: tags
    sku: strgSKU
    kind: strgKind
  }
}
// Create a private endpoint and link to storage Account
module saPrivateEndPoint './modules/privateEndpoint.bicep' = {
  scope:RG
  name: saPrvtEndptName
  params: {
    prvtEndpointName: saPrvtEndptName
    prvtLinkServiceId: storageAct.outputs.saId
    tags: tags
    location: location
    subnetId: linkSubnet.id
    //ipaddress: privateDNSip
    fqdn: '${strgActName}.blob.core.cloudapi.net'
    groupId: 'blob'
  }
  dependsOn: [
    storageAct
  ]
}

And my privateendpoint module file looks like:

param prvtEndpointName string
param prvtLinkServiceId string
param tags object
param location string
param subnetId string
//param ipaddress string
param fqdn string
param groupId string
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2020-11-01' = {
  name: prvtEndpointName
  location: location
  tags: tags
  properties: {
    privateLinkServiceConnections: [
      {
        name: '${prvtEndpointName}_cef3fd7f-f1d3-4970-ae54-497245676050'
        properties: {
          privateLinkServiceId: prvtLinkServiceId
          groupIds: [
            groupId
          ]
          privateLinkServiceConnectionState: {
            status: 'Approved'
            description: 'Auto-Approved'
            actionsRequired: 'None'
          }
        }
      }
    ]
    manualPrivateLinkServiceConnections: []
    subnet: {
      id: subnetId
    }
    customDnsConfigs: [
      {
        fqdn: fqdn
        // ipAddresses: [
        //   ipaddress
        // ]
      }
    ]
  }
}

Command to execute the script is:

az deployment mg create --location 'USEast2' --name 'dev2'--management-group-id xt74yryuihfjdnv --template-file main.bicep --parameters main.parameters.json
James Z
  • 12,209
  • 10
  • 24
  • 44
Pooja Garg
  • 1
  • 1
  • Does this answer your question? [Azure Bicep multiple scopes in template](https://stackoverflow.com/questions/69696317/azure-bicep-multiple-scopes-in-template) – Stringfellow May 24 '22 at 19:11

1 Answers1

0

Looks like privateEndpoint should be created in same subscription where Vnet resides, however it can be used across subscription resources.

https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#private-endpoint-properties

link for reference.

Pooja Garg
  • 1
  • 1