Connect to a storage account from a VM via private endpoint

Last updated: 18/06/2020

This sample shows how to use connect a virtual network to access a blob storage account via private endpoint.

This Azure Resource Manager (ARM) template was created by a member of the community and not by Microsoft. Each ARM template is licensed to you under a licence agreement by its owner, not Microsoft. Microsoft is not responsible for ARM templates provided and licensed by community members and does not screen for security, compatibility or performance. Community ARM templates are not supported under any Microsoft support programme or service, and are made available AS IS without warranty of any kind.

Parameters

Parameter Name Description
location Specifies the location for all the resources.
virtualNetworkName Specifies the name of the virtual network hosting the virtual machine.
virtualNetworkAddressPrefix Specifies the address prefix of the virtual network hosting the virtual machine.
subnetName Specifies the name of the subnet hosting the virtual machine.
subnetAddressPrefix Specifies the address prefix of the subnet hosting the virtual machine.
adlsStorageAccountName Specifies the globally unique DNS Name for the ADLS Gen 2 storage account.
blobStorageAccountName Specifies the globally unique name for the storage account used to store the boot diagnostics logs of the virtual machine.
vmName Specifies the name of the virtual machine.
vmSize Specifies the size of the virtual machine.
imagePublisher Specifies the image publisher of the disk image used to create the virtual machine.
imageOffer Specifies the offer of the platform image or marketplace image used to create the virtual machine.
imageSku Specifies the Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version.
authenticationType Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended.
adminUsername Specifies the name of the administrator account of the virtual machine.
adminPasswordOrKey Specifies the SSH Key or password for the virtual machine. SSH key is recommended.
diskStorageAccounType Specifies the storage account type for OS and data disk.
numDataDisks Specifies the number of data disks of the virtual machine.
osDiskSize Specifies the size in GB of the OS disk of the VM.
dataDiskSize Specifies the size in GB of the OS disk of the virtual machine.
dataDiskCaching Specifies the caching requirements for the data disks.
_artifactsLocation Specifies the base URI where artifacts required by this template are located including a trailing '/'
_artifactsLocationSasToken Specifies the sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured.
scriptFileName The name of the script to download from the URI specified by the scriptFilePath parameter.
deployLogAnalytics Specifies whether to deploy a Log Analytics workspace to monitor the health and performance of the virtual machine.
workspaceName Specifies the globally unique name of the Log Analytics workspace.
workspaceSku Specifies the SKU of the Log Analytics workspace.
adlsStorageAccountPrivateEndpointName Specifies the name of the private link to the storage account.
blobStorageAccountPrivateEndpointName Specifies the name of the private link to the boot diagnostics storage account.

Use the template

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-blob-storage-private-endpoint/azuredeploy.json
Installing and configuring Azure PowerShell

Command line

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-blob-storage-private-endpoint/azuredeploy.json
Installing and configuring the Azure cross-platform command-line interface