| title | description | ms.service | ms.subservice | ms.topic | ms.author | author | ms.devlang | ms.custom | ms.date |
|---|---|---|---|---|---|---|---|---|---|
Use virtual network rules - Azure CLI - Azure Database for PostgreSQL - Single Server |
This article describes how to create and manage VNet service endpoints and rules for Azure Database for PostgreSQL using Azure CLI command line. |
postgresql |
single-server |
how-to |
nlarin |
niklarin |
azurecli |
devx-track-azurecli |
06/24/2022 |
Create and manage VNet service endpoints for Azure Database for PostgreSQL - Single Server using Azure CLI
[!INCLUDE applies-to-postgresql-single-server]
[!INCLUDE azure-database-for-postgresql-single-server-deprecation]
Virtual Network (VNet) services endpoints and rules extend the private address space of a Virtual Network to your Azure Database for PostgreSQL server. Using convenient Azure CLI commands, you can create, update, delete, list, and show VNet service endpoints and rules to manage your server. For an overview of Azure Database for PostgreSQL VNet service endpoints, including limitations, see Azure Database for PostgreSQL Server VNet service endpoints. VNet service endpoints are available in all supported regions for Azure Database for PostgreSQL.
[!INCLUDE quickstarts-free-trial-note]
[!INCLUDE azure-cli-prepare-your-environment.md]
Note
Support for VNet service endpoints is only for General Purpose and Memory Optimized servers. In case of VNet peering, if traffic is flowing through a common VNet Gateway with service endpoints and is supposed to flow to the peer, please create an ACL/VNet rule to allow Azure Virtual Machines in the Gateway VNet to access the Azure Database for PostgreSQL server.
The az network vnet commands are used to configure virtual networks. Service endpoints can be configured on virtual networks independently, by a user with write access to the virtual network.
To secure Azure service resources to a VNet, the user must have permission to "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/" for the subnets being added. This permission is included in the built-in service administrator roles, by default and can be modified by creating custom roles.
Learn more about built-in roles and assigning specific permissions to custom roles.
VNets and Azure service resources can be in the same or different subscriptions. If the VNet and Azure service resources are in different subscriptions, the resources should be under the same Active Directory (AD) tenant. Ensure that both the subscriptions have the Microsoft.Sql resource provider registered. For more information, see resource-manager-registration.
Important
It is highly recommended to read this article about service endpoint configurations and considerations before running the sample script below, or configuring service endpoints. Virtual Network service endpoint: A Virtual Network service endpoint is a subnet whose property values include one or more formal Azure service type names. VNet services endpoints use the service type name Microsoft.Sql, which refers to the Azure service named SQL Database. This service tag also applies to the Azure SQL Database, Azure Database for PostgreSQL and MySQL services. It is important to note when applying the Microsoft.Sql service tag to a VNet service endpoint it configures service endpoint traffic for all Azure Database services, including Azure SQL Database, Azure Database for PostgreSQL and Azure Database for MySQL servers on the subnet.
[!INCLUDE cli-launch-cloud-shell-sign-in.md]
:::code language="azurecli" source="~/azure_cli_scripts/postgresql/create-postgresql-server-vnet/create-postgresql-server.sh" id="FullScript":::
[!INCLUDE cli-clean-up-resources.md]
echo "Cleaning up resources by removing the resource group..."
az group delete --name $resourceGroup -y