Private Link
Last updated: May 16, 2025Some of the Azure services (e.g. Azure Storage, CosmosDB, etc.) cannot be hosted directly in your virtual network. When your cloud resources connect to these PaaS services, the communication to them can be either through public internet or through the Azure backbone network.
Azure Private Link makes it possible to access those Azure services without leaving the Azure network. The communication is done over a private endpoint in your virtual network.
To set it up, you basically:
Azure Private Link makes it possible to access those Azure services without leaving the Azure network. The communication is done over a private endpoint in your virtual network.
To set it up, you basically:
- Create a network interface in your virtual network, it gets an IP address from your virtual network address space
- Create a DNS zone to map the specific service
- Link the DNS Zone with the virtual network
The code example looks like this:
Log in to get access to this part
This is a blurred line of code
Another blurred line of code
Yet another blurred line of code
Some Private DNS zone names
- Azure AI services (Microsoft.CognitiveServices/accounts) - privatelink.cognitiveservices.azure.com
- Azure Event Hubs (Microsoft.EventHub/namespaces) - privatelink.servicebus.windows.net
- Azure Service Bus (Microsoft.ServiceBus/namespaces) - privatelink.servicebus.windows.net
- Azure Container Apps - privatelink.{regionName}.azurecontainerapps.io
- Azure Container Registry - privatelink.azurecr.io
- Azure SQL Database (Microsoft.Sql/servers) - privatelink.database.windows.net
- Azure Cosmos DB - SQL (Microsoft.DocumentDB/databaseAccounts) - privatelink.documents.azure.com
- Azure Cosmos DB - MongoDB (Microsoft.DocumentDB/databaseAccounts) - privatelink.mongo.cosmos.azure.com
- Azure Cache for Redis (Microsoft.Cache/Redis) - privatelink.redis.cache.windows.net
- Storage account (Microsoft.Storage/storageAccounts) - Blob - privatelink.blob.core.windows.net
Further reading