Question 104524 in Azure Question posted in
The official documentation to get you started can be found here.

How to disconnect private link from Azure Front Door Origin via Powershell

We have deployed an Azure front door premium instance connecting to an App Service instance over private endpoints using Az powershell, namely New-AzFrontDoorCdnOrigin then approving with Approve-AzPrivateEndpointConnection.
This all works fine.

However, how can this link be removed via preferably Az powershell?

It is as simple as unchecking the "Enable private link service" in the portal, but the Az powershell documentation is unclear to me here.

Things I’ve tried:

  • Using Update-AzFrontDoorCdnOrigin: specifying a SharedPrivateLinkResourceStatus of Removed or Disconnected does nothing.
  • Using Update-AzFrontDoorCdnOrigin: PrivateLinkId of empty or null is not allowed.
  • Using Remove-AzPrivateEndpointConnection. This removes the connection at the app service, but front door is not aware of the change in state and stops routing traffic to the app service until you manually uncheck the "Enable private link service" box on the origin.

Current workaround is

  • Create a second temporary origin in the origin group (so that I don’t have to disconnect the origin group from the route, etc)
  • Delete the origin with the private link
  • Recreate the origin (pref is to have origin with the original name)
  • Delete the temporary origin
Tags:

2

Answers


  1. 0

    Issues may arise because of active connections. The problem will be resolved if all connections were rejected or deleted before deleting the service.

    Usually, front door service is not renewed immediately. Before you delete the service, ensure that there are no private endpoint connections associated with it.

    1. Need to delete the Endpoints which links to Private link by using this command

      Remove-AzPrivateEndpointConnection -Name testendpoint -ResourceGroupName <ResourceGroupName> -ServiceName <privatelinkservice> -PrivateLinkResourceType Microsoft.Network/privateLinkServices

    2. Remove all end points

      Remove-AzPrivateEndpoint -Name testendpoint -ResourceGroupName <ResourceGroupName>

    3. Remove private link service from the service.
      Remove-AzPrivateLinkService -ResourceGroupName rg-swarnaacctestrg -Name privatelinkswarna

    4. From Front Door side, we need to purge the so that changes will reflect/ refresh
      az afd endpoint purge -g <ResourceGroupName> --profile-name profile --domains <DomainName> --content-paths '/*'

    Login or Signup to reply.
  2. 0

    I know the question is about Az Powershell however if you have stumbled upon this don’t waste your time :). The only way I was able to resolve the this was with az cli and the use of az afd origin create and az afd origin update.

    see
    https://learn.microsoft.com/en-us/cli/azure/afd/origin?view=azure-cli-latest#az-afd-origin-create

    and https://learn.microsoft.com/en-us/cli/azure/afd/origin?view=azure-cli-latest#az-afd-origin-update

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search