not possible to create private endpoint to connect to private link service using its alias with az cli

[ramdaspotale]

I was working on possible automation of creating private endpoints, especially connecting to private link service by using private link service alias. however, I did not find any option to do this using azure cli.

usually lots of things that azure portal can not do, they can be done using az cli; however, it seems to be inaccurate in this case. you can create private endpoints with private link service alias using portal but not with az cli.

this is very much needed in automating things in cross-subscription scenarios.

error: az network private-endpoint create -g platdev2-cust-eastus -n testpep --subnet /subscriptions/_{/resourceGroups/platdev2-cust-eastus/providers/Microsoft.Network/virtualNetworks/platdev2-cust-eastus-vnet/subnets/platdev2-cust-eastus-sub-endpoint-02 --private-connection-resource-id "elastic-obsv-mgmt-eastus-privlink-01.****fba.eastus.azure.privatelinkservice" --connection-name test (LinkedInvalidPropertyId) Property id 'elastic-obsv-mgmt-eastus-privlink-01.**-*fba.eastus.azure.privatelinkservice' at path 'properties.privateLinkServiceConnections[0].properties.privateLinkServiceId' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'. Code: LinkedInvalidPropertyId Message: Property id 'elastic-obsv-mgmt-eastus-privlink-01.****-*fba.eastus.azure.privatelinkservice' at path 'properties.privateLinkServiceConnections[0].properties.privateLinkServiceId' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'.}

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8911e94f-9496-a68d-50c0-b5d536a375a4
• Version Independent ID: cc37b77b-0fa2-991b-e16b-fcdbbf183853
• Content: az network private-endpoint
• Content Source: latest/docs-ref-autogen/network/private-endpoint.yml
• Service: virtual-network
• GitHub Login: @rloutlaw
• Microsoft Alias: routlaw

[yonzhan]

@necusjz for awareness

[ynden]

Hey @ramdaspotale, You need to add the --manual-request true argument. In your case:

az network private-endpoint create \
-g platdev2-cust-eastus \  
-n testpep \
--subnet /subscriptions//resourceGroups/platdev2-cust-eastus/providers/Microsoft.Network/virtualNetworks/platdev2-cust-eastus-vnet/subnets/platdev2-cust-eastus-sub-endpoint-02 \
--private-connection-resource-id "elastic-obsv-mgmt-eastus-privlink-01.fba.eastus.azure.privatelinkservice" \
--connection-name test \
--manual-request true

Please confirm if that solves the problem, thanks!

[ghost]

Hi, we're sending this friendly reminder because we haven't heard back from you in a while. We need more information about this issue to help address it. Please be sure to give us your input within the next 7 days. If we don't hear back from you within 14 days of this comment the issue will be automatically closed. Thank you!

[ramdaspotale]

Hi @ynden

apologies for the delay in feedback. I tried manualrequest:true and I was able to create private endpoint successfully using private link alias.

the problem here is with vague docs, one can not understand how to use private link alias with current description of parameters. it would be great to add a line to description of [--private-connection-resource-id] that private link alias can be used when manual request is true.