The complete list of groupIds for private endpoint & privatelink service connection

Azure 3 Minutes

azure

When creating a private link using ARM or Bicep, you need to specify a few settings, one of which are groupId for the privateLinkServiceConnections of the resource type you are connecting it to.  You can’t omit this value and it has to be exactly correct in order for the deployment to succeed, it is even case sensitive.

Example:

resource myPrivateEndpoint 'Microsoft.Network/privateEndpoints@2022-09-01' = {
  name: '${webAppName}-privateendpoint'
  location: location
  properties: {
    subnet: {
      id: resourceId(networking.vNetResourceGroup, 'Microsoft.Network/virtualNetworks/subnets', networking.existingVNetName, privateLinkSubnet)
    }
    privateLinkServiceConnections: [
      {
        name: '${appService}-privateLink'
        properties: {
          privateLinkServiceId: appService.id
          groupIds: [
            'sites'
          ]
        }
      }
    ]
  }
  dependsOn: [
    appService
  ]
}

I have scoured the earth to find a list of them, the documentation of private endpoint bicep helpfully states that it is a ‘string’, but leaves out the values for the different resource types that you can connect to. This is all the documentation tells you:

PrivateEndpointIPConfigurationProperties

Name Description Value
groupId The ID of a group obtained from the remote resource that this private endpoint should connect to. string
PrivateLinkServiceConnectionProperties
Name Description Value
groupIds The ID(s) of the group(s) obtained from the remote resource that this private endpoint should connect to. string[]

https://learn.microsoft.com/en-us/azure/templates/microsoft.network/privateendpoints?pivots=deployment-language-bicep

There’s also a number of examples that helps find the groupid for sql, blob, table sites and a few more. But every time you need it for a new bicep, you have to look and look for the correct value.

Today, I spent some time not giving up, I started collecting every groupid I could find in a list, and after finding maybe 15 different ones, I got real lucky. Via a series of related searches I got to the key word ‘ListSupportedPrivateLinkResources’. This took me to a public GitHub repo named ‘Private Endpoint Overview’. A bit down on this page, there is a table called ‘private link resource’. This lists in turn: Private-link resource name, Resource type & Subresources. Subresources is the goldmine!

This is the (complete?) list of resource types that can have a Private Endpoint and their groupid’s

Private-link resource name Resource type Subresources
Azure API Management Service Microsoft.ApiManagement/service Gateway
Azure App Configuration Microsoft.Appconfiguration/configurationStores configurationStores
Azure Automation Microsoft.Automation/automationAccounts Webhook, DSCAndHybridWorker
Azure Cosmos DB Microsoft.AzureCosmosDB/databaseAccounts SQL, MongoDB, Cassandra, Gremlin, Table
Azure Batch Microsoft.Batch/batchAccounts batchAccount, nodeManagement
Azure Cache for Redis Microsoft.Cache/Redis redisCache
Azure Cache for Redis Enterprise Microsoft.Cache/redisEnterprise redisEnterprise
Azure Cognitive Services Microsoft.CognitiveServices/accounts account
Azure Managed Disks Microsoft.Compute/diskAccesses managed disk
Azure Container Registry Microsoft.ContainerRegistry/registries registry
Azure Kubernetes Service – Kubernetes API Microsoft.ContainerService/managedClusters management
Azure Data Factory Microsoft.DataFactory/factories dataFactory
Azure Data Explorer Microsoft.Kusto/clusters cluster
Azure Database for MariaDB Microsoft.DBforMariaDB/servers mariadbServer
Azure Database for MySQL Microsoft.DBforMySQL/servers mysqlServer
Azure Database for PostgreSQL – Single server Microsoft.DBforPostgreSQL/servers postgresqlServer
Azure Device Provisioning Service Microsoft.Devices/provisioningServices iotDps
Azure IoT Hub Microsoft.Devices/IotHubs iotHub
Azure IoT Central Microsoft.IoTCentral/IoTApps IoTApps
Azure Digital Twins Microsoft.DigitalTwins/digitalTwinsInstances API
Azure Event Grid Microsoft.EventGrid/domains domain
Azure Event Grid Microsoft.EventGrid/topics topic
Azure Event Hub Microsoft.EventHub/namespaces namespace
Azure HDInsight Microsoft.HDInsight/clusters cluster
Azure API for FHIR (Fast Healthcare Interoperability Resources) Microsoft.HealthcareApis/services fhir
Azure Key Vault HSM (hardware security module) Microsoft.Keyvault/managedHSMs HSM
Azure Key Vault Microsoft.KeyVault/vaults vault
Azure Machine Learning Microsoft.MachineLearningServices/workspaces amlworkspace
Azure Migrate Microsoft.Migrate/assessmentProjects project
Application Gateway Microsoft.Network/applicationgateways application gateway
Private Link service (your own service) Microsoft.Network/privateLinkServices empty
Power BI Microsoft.PowerBI/privateLinkServicesForPowerBI Power BI
Microsoft Purview Microsoft.Purview/accounts account
Microsoft Purview Microsoft.Purview/accounts portal
Azure Backup Microsoft.RecoveryServices/vaults AzureBackup, AzureSiteRecovery
Azure Relay Microsoft.Relay/namespaces namespace
Azure Cognitive Search Microsoft.Search/searchServices searchService
Azure Service Bus Microsoft.ServiceBus/namespaces namespace
Azure SignalR Service Microsoft.SignalRService/SignalR signalr
Azure SignalR Service Microsoft.SignalRService/webPubSub webpubsub
Azure SQL Database Microsoft.Sql/servers SQL Server (sqlServer)
Azure Storage Microsoft.Storage/storageAccounts Blob (blob, blob_secondary)
Table (table, table_secondary)
Queue (queue, queue_secondary)
File (file, file_secondary)
Web (web, web_secondary)
Dfs (dfs, dfs_secondary)
Azure File Sync Microsoft.StorageSync/storageSyncServices File Sync Service
Azure Synapse Microsoft.Synapse/privateLinkHubs web
Azure Synapse Analytics Microsoft.Synapse/workspaces Sql, SqlOnDemand, Dev
Azure App Service Microsoft.Web/hostingEnvironments hosting environment
Azure App Service Microsoft.Web/sites sites
Azure App Service Staging slot Microsoft.Web/sites sites-staging (undocumented?)
Azure Static Web Apps Microsoft.Web/staticSites staticSites
Azure Media Services Microsoft.Media/mediaservices keydelivery, liveevent, streamingendpoint
Resource Management Private Links Microsoft.Authorization/resourceManagementPrivateLinks ResourceManagement
Azure Databricks Microsoft.Databricks/workspaces databricks_ui_api, browser_authentication
Azure Monitor Private Link Scope Microsoft.Insights/privatelinkscopes azuremonitor
 
Happy deployment!
 

References

Private Endpoint Overview (GitHub) (Go here in case there are updates…)
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/private-link/private-endpoint-overview.md


___________________________________________________________________________________________________

Enjoy!

Regards

 Thomas Odell Balkeståhl on LinkedIn

Published by Thomas Balkeståhl

Yup, this is me!

Published

2 thoughts on “The complete list of groupIds for private endpoint & privatelink service connection

  1. Thank you! This is a real help!

    It’s riciulous how hard it is to find the values in MS documentation.

    Reply

Leave a comment