Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,452 questions
Can't deploy API management with private link to key vault
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 66%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMF%3C/text%3E%3C/svg%3E)
Mark Fisher
1
Reputation point
So I have a hub and spoke network structure set up in azure, and on the spoke network I have a subnet dedicated for my API management which I am trying to deploy to via bicep file. Also linked to this same subnet are 2 private endpoints - one for a private link to azure key vault and another for a private link to azure container registry. The key vault private link is needed for the API management to access the certificates in key vault for the portal, gateway, and management backends, and then the container registry link will be needed for an AKS cluster deployment to pull images. I have the associated private DNS zones set up for both of these private endpoints, and on the subnet I have privateEndpointNetworkPolicies and privateLinkServiceNetworkPolicies both set to Disabled.
If I remove the private endpoints, the API management deployment works fine, but with the private endpoints added, I get the following error when trying to deploy the API management:
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'."
}
}
This isn't a whole lot of detail to go off of, and I've been struggling to figure out what the issue is here. Does anyone have any suggestions?
Azure Key Vault
Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,455 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
550 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 10%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
MuthuKumaranMurugaachari-MSFT 22,441 Reputation points Moderator2022-07-05T16:33:05.533+00:00 @Mark Fisher Thank you for reaching out to Microsoft Q&A. I am sorry to hear that you are facing this issue. In order to better assist you with this, we would need to take a look at the logs for the deployment, bicep file, subscription etc. and hence I recommend you create a support ticket for a deeper investigation.
Do you have a support plan for this subscription? If not, no worries :). I can have a one-time free support ticket created to have this specific issue investigated. I will share the details in a separate message after you confirm.
-
MuthuKumaranMurugaachari-MSFT 22,441 Reputation points Moderator
2022-07-12T00:10:55.73+00:00 @Mark Fisher I would like to follow up on my previous comment to get your thoughts. Please confirm if you have already a support plan or let me know so that I can create a one-time free support ticket to assist you further.
Sign in to comment
Sign in to answer