Can the DSC VM Extension receive configuration ps1.zip files from a storage blob through a private link?
I had set up a private dns zone with an a record configured correctly. The VM that I had provisioned was in the same subnet as the private link. I confirmed the correct private ip address for the private link using nslookup on the vm. I could even download a file from the storage blob using the private link fqdn onto the vm.
However, when I run the DSC VM Extension, it fails to retrieve the blob.
I did whitelist the subnet the vm was in on the storage account. Additionally, I set it to bypass the Deny network policy for Azure Services. However, it still failed.
I understand that an Azure Automation Account could be better for higher security, but I am just curious if there was something that I could have missed.
I am using terraform to provision resources. Additionally, I have since removed the private link and ensured that the storage is accessible by public networks to ensure the DSC Extension can reach the correct blob.