0
0
Azurecloud~30 mins

Private Link for secure service access in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Private Link for secure service access
📖 Scenario: You work for a company that wants to securely connect its virtual network to an Azure Storage Account without exposing the storage endpoint to the public internet. You will create a Private Endpoint using Azure Private Link to achieve this secure connection.
🎯 Goal: Build an Azure Private Endpoint to securely connect a virtual network to an Azure Storage Account using Private Link, ensuring traffic stays within the Microsoft backbone network.
📋 What You'll Learn
Create a resource group named rg-private-link-demo
Create a virtual network named vnet-demo with a subnet named subnet-demo
Create an Azure Storage Account named storagedemoprivatelink
Create a Private Endpoint named pe-storage in subnet-demo linked to the Storage Account
Configure the Private Endpoint with the correct private link service connection
💡 Why This Matters
🌍 Real World
Companies use Azure Private Link to keep their service traffic private and secure, avoiding exposure to the public internet.
💼 Career
Cloud engineers and architects often configure Private Link to meet security and compliance requirements for enterprise cloud deployments.
Progress0 / 4 steps
1
Create the resource group and virtual network
Create a resource group called rg-private-link-demo in the eastus region. Then create a virtual network called vnet-demo with address prefix 10.0.0.0/16 and a subnet called subnet-demo with address prefix 10.0.1.0/24 inside the resource group.
Azure
Need a hint?

Use az group create to create the resource group and az network vnet create to create the virtual network with subnet.

2
Create the Azure Storage Account
Create an Azure Storage Account named storagedemoprivatelink in the resource group rg-private-link-demo with the Standard_LRS SKU and StorageV2 kind in the eastus location.
Azure
Need a hint?

Use az storage account create with the specified parameters.

3
Create the Private Endpoint
Create a Private Endpoint named pe-storage in the resource group rg-private-link-demo inside the subnet subnet-demo of virtual network vnet-demo. Link this Private Endpoint to the Storage Account storagedemoprivatelink using the private link service connection for the blob service.
Azure
Need a hint?

Use az network private-endpoint create with the storage account resource ID and specify blob as the group ID.

4
Approve the Private Endpoint connection
Approve the Private Endpoint connection for pe-storage on the Storage Account storagedemoprivatelink by setting the connection status to Approved in the resource group rg-private-link-demo.
Azure
Need a hint?

Use az network private-endpoint-connection approve with the correct parameters to approve the connection.