azurerm_private_link_service only supports Load Balancer

[sharmaarnav]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

https://docs.microsoft.com/en-gb/azure/private-link/private-link-overview

AzureRM provider azurerm_private_link_service only supports Load Balancer
azurerm_private_link_service

No option to add any other PaaS service like SQL or something else here.

resource "azurerm_private_link_service" "example" {
name = "abcdef"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name

nat_ip_configuration {
name = "primary"
private_ip_address_version = "IPv4"
subnet_id = azurerm_subnet.endpoint.id
primary = true
}

References

Refer : https://docs.microsoft.com/en-gb/azure/private-link/availability#service-availability
The Private link service is available for many resources and not only Load Balancer

However, the documentation says Load Balancer is mandatory
load_balancer_frontend_ip_configuration_ids - (Required) A list of Frontend IP Configuration ID's from a Standard Load Balancer, where traffic from the Private Link Service should be routed. You can use Load Balancer Rules to direct this traffic to appropriate backend pools where your applications are running.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_link_service

[haflidif]

Hi @sharmaarnav I think you are confusing with azurerm_private_endpoint resource here even though they are practicaly the same resource in Azure under Azure Private Link and are tightly connected they are however two sets of resources - Private Link Services always needs a Standard LoadBalancer based on microsofts documentation: https://docs.microsoft.com/en-gb/azure/private-link/private-link-service-overview however the Private Endpoint which is also part of Azure Private Link can be connected to sub resources like SQL, Blob, Service Bus and many more services and can also be connected with A Private Link Service.

So I think the correct resource you are looking for here is azurerm_private_endpoint https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint

See the difference between Azure Link Service (azurerm_private_link_service): https://docs.microsoft.com/en-gb/azure/private-link/private-link-service-overview and limitations: https://docs.microsoft.com/en-gb/azure/private-link/private-link-service-overview#limitations
and
Azure Private Endpoint (azurerm_private_endpoint): https://docs.microsoft.com/en-gb/azure/private-link/private-endpoint-overview and limitations: https://docs.microsoft.com/en-gb/azure/private-link/private-endpoint-overview#limitations

Hope this answers your query :)

[EricStG]

Could it be a private link service connection instead of a private link service?

From the CosmoDB doc, they use New-AzPrivateLinkServiceConnection followed by New-AzPrivateEndpoint, neither require a load balancer, but it's not just a private endpoint either.