question

jianhuang avatar image
0 Votes"
jianhuang asked timleyden-msft answered

How to set OS disk's networking to AllowPrivate 'Private endpoint (through disk access) using Azure Bicep

Hi,

I have a requirement to use Azure bicep to create a virtual machine, where the OS disk's networking needs to set to private

In Bicep: it is defined under the disk resource with property 'networkAccessPolicy' set to 'AllowPrivate'
In portal: it is defined under disk resource page -> networking -> Private endpoint (through disk access)

Approaches:

  1. Create the OS disk within virtual machine resource, however there is no option for me to set the networkAccesPolicy

  2. Create the OS disk in disk resource, and then attach to the virtual machine resource, however this way I am not allowed to specific 'osProfile' which I need to specify them
    osProfile: {
    computerName: 'string'
    adminUsername: 'string'
    adminPassword: 'string'
    windowsConfiguration: {
    provisionVMAgent: bool
    }
    }

Any guidance would be helpful to resolve this problem.

Thanks

windows-servernot-supported-azure
· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm not sure if there is a better way. But i was able to make it work by creating separate bicep modules:

  • one that creates the vm and outputs the os disk name

  • one that queries the disk and returns creationdata

  • one that creates a diskaccess object and updates disk with network access policy and disk access id

Tim

1 Vote 1 ·

@timleyden-msft can you elaborate on the step 3, "one that creates a diskaccess object and updates disk with network access policy and disk access id".

how do you update existing disk with network access policy by using bicep.

0 Votes 0 ·

here is an example bicep file that i used to update an existing disk. The key is you will need to provide creationdata as it is a required field for PUT operations

 param osdiskname string
 param osdiskcreationdata object
 param location string
    
 resource disk 'Microsoft.Compute/disks@2020-12-01' = {
   name: osdiskname
   dependsOn: [
     diskaccess
   ]
   location: location
   properties: {
     creationData: osdiskcreationdata
     networkAccessPolicy: 'AllowPrivate'
     diskAccessId: diskaccess.id
   }
 }
    
 resource diskaccess 'Microsoft.Compute/diskAccesses@2020-12-01' = {
   location: location
   name: 'diskaccesses'
   properties: {}
 }

here is a sample of how i got the creation data. I found this needs to be in a separate module to avoid a circular dependency

 param diskname string
    
 resource origdisk 'Microsoft.Compute/disks@2020-12-01' existing ={
   name:diskname
 }
 output creationData object = origdisk.properties.creationData
2 Votes 2 ·

Adding tag for windows team as well if they have any inputs on the issue

0 Votes 0 ·

@prmanhas-MSFT Thanks, I have sent the email to AzCommunity according to your instruction.

0 Votes 0 ·

@jianhuang Thank you for sharing the details. I would also request you to share your solution over this thread so it can help others in community looking for help on similar issues :)

Thanks

0 Votes 0 ·
Show more comments

1 Answer

timleyden-msft avatar image
0 Votes"
timleyden-msft answered

here is an example bicep file that i used to update an existing disk. The key is you will need to provide creationdata as it is a required field for PUT operations

 param osdiskname string
 param osdiskcreationdata object
 param location string
    
 resource disk 'Microsoft.Compute/disks@2020-12-01' = {
   name: osdiskname
   dependsOn: [
     diskaccess
   ]
   location: location
   properties: {
     creationData: osdiskcreationdata
     networkAccessPolicy: 'AllowPrivate'
     diskAccessId: diskaccess.id
   }
 }
    
 resource diskaccess 'Microsoft.Compute/diskAccesses@2020-12-01' = {
   location: location
   name: 'diskaccesses'
   properties: {}
 }

here is a sample of how i got the creation data. I found this needs to be in a separate module to avoid a circular dependency

 param diskname string
    
 resource origdisk 'Microsoft.Compute/disks@2020-12-01' existing ={
   name:diskname
 }
 output creationData object = origdisk.properties.creationData
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@timleyden-msft

fantastic, I got it working using your approach, it is just a bit annoying needs to create 2 additional bicep files to just set the OS disk network access policy, however your solution is the best so far, thank you.

0 Votes 0 ·