Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,836 questions
Can the DSC VM Extension receive configuration ps1.zip files from a storage blob through a private link?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 1%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
C Slone
0
Reputation points
I had set up a private dns zone with an a record configured correctly. The VM that I had provisioned was in the same subnet as the private link. I confirmed the correct private ip address for the private link using nslookup on the vm. I could even download a file from the storage blob using the private link fqdn onto the vm.
However, when I run the DSC VM Extension, it fails to retrieve the blob.
I did whitelist the subnet the vm was in on the storage account. Additionally, I set it to bypass the Deny network policy for Azure Services. However, it still failed.
I understand that an Azure Automation Account could be better for higher security, but I am just curious if there was something that I could have missed.
I am using terraform to provision resources. Additionally, I have since removed the private link and ensured that the storage is accessible by public networks to ensure the DSC Extension can reach the correct blob.
Sign in to answer