Document Details

Deployment Script Vnet Private Endpoint
Home / Scan 41 / Deployment Script Vnet Private Endpoint
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ powershell_heavy
⚠️ missing_linux_example
⚠️ windows_tools
Summary:
The documentation exclusively demonstrates the use of Azure PowerShell for deployment scripts (kind: 'AzurePowerShell', azPowerShellVersion, scriptContent: 'Write-Host ...'), with no mention or example of Bash or Linux scripting. The script content and deploymentScript kind are both Windows/PowerShell-centric, and there is no guidance for users who may prefer or require Linux-based (Bash) deployment scripts.
Recommendations:
  • Provide an equivalent example using 'AzureCLI' (Bash) as the deployment script kind, including sample Bash script content.
  • Explicitly mention that both PowerShell and Bash (AzureCLI) are supported for deployment scripts, and link to documentation for both.
  • Show both PowerShell and Bash scriptContent examples side-by-side, or allow the user to select their preferred scripting language.
  • Clarify any differences in prerequisites or behavior between PowerShell and Bash deployment scripts in this scenario.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-07-12 23:44 #41 in_progress ❌ Biased
2025-07-12 00:58 #8 cancelled ✅ Clean
2025-07-10 05:06 #7 processing ✅ Clean

Flagged Code Snippets

@maxLength(10) // Required maximum length, because the storage account has a maximum of 26 characters param namePrefix string param location string = resourceGroup().location param userAssignedIdentityName string = '${namePrefix}Identity' param storageAccountName string = '${namePrefix}stg${uniqueString(resourceGroup().id)}' param vnetName string = '${namePrefix}Vnet' param deploymentScriptName string = '${namePrefix}ds' var roleNameStorageFileDataPrivilegedContributor = '69566ab7-960f-475b-8e7c-b3118f30c6bd' var vnetAddressPrefix = '192.168.4.0/23' var subnetEndpointAddressPrefix = '192.168.4.0/24' var subnetACIAddressPrefix = '192.168.5.0/24' resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2024-11-30' = { name: userAssignedIdentityName location: location } resource storageAccount 'Microsoft.Storage/storageAccounts@2024-01-01' = { name: storageAccountName kind: 'StorageV2' location: location sku: { name: 'Standard_LRS' } properties: { publicNetworkAccess: 'Disabled' networkAcls: { defaultAction: 'Deny' bypass: 'AzureServices' } } } resource privateEndpoint 'Microsoft.Network/privateEndpoints@2024-05-01' = { name: storageAccount.name location: location properties: { privateLinkServiceConnections: [ { name: storageAccount.name properties: { privateLinkServiceId: storageAccount.id groupIds: [ 'file' ] } } ] customNetworkInterfaceName: '${storageAccount.name}-nic' subnet: { id: virtualNetwork::privateEndpointSubnet.id } } } resource storageFileDataPrivilegedContributorReference 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = { name: roleNameStorageFileDataPrivilegedContributor scope: tenant() } resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(storageFileDataPrivilegedContributorReference.id, managedIdentity.id, storageAccount.id) scope: storageAccount properties: { principalId: managedIdentity.properties.principalId roleDefinitionId: storageFileDataPrivilegedContributorReference.id principalType: 'ServicePrincipal' } } resource privateDnsZone 'Microsoft.Network/privateDnsZones@2024-06-01' = { name: 'privatelink.file.core.windows.net' location: 'global' resource virtualNetworkLink 'virtualNetworkLinks' = { name: uniqueString(virtualNetwork.name) location: 'global' properties: { registrationEnabled: false virtualNetwork: { id: virtualNetwork.id } } } resource resRecord 'A' = { name: storageAccount.name properties: { ttl: 10 aRecords: [ { ipv4Address: first(first(privateEndpoint.properties.customDnsConfigs)!.ipAddresses) } ] } } } resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = { name: vnetName location: location properties:{ addressSpace: { addressPrefixes: [ vnetAddressPrefix ] } } resource privateEndpointSubnet 'subnets' = { name: 'PrivateEndpointSubnet' properties: { addressPrefixes: [ subnetEndpointAddressPrefix ] } } resource containerInstanceSubnet 'subnets' = { name: 'ContainerInstanceSubnet' properties: { addressPrefix: subnetACIAddressPrefix delegations: [ { name: 'containerDelegation' properties: { serviceName: 'Microsoft.ContainerInstance/containerGroups' } } ] } } } resource privateDeploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = { name: deploymentScriptName dependsOn: [ privateEndpoint privateDnsZone::virtualNetworkLink ] location: location kind: 'AzurePowerShell' identity: { type: 'UserAssigned' userAssignedIdentities: { '${managedIdentity.id}' : {} } } properties: { storageAccountSettings: { storageAccountName: storageAccount.name } containerSettings: { subnetIds: [ { id: virtualNetwork::containerInstanceSubnet.id } ] } azPowerShellVersion: '9.0' retentionInterval: 'P1D' scriptContent: 'Write-Host "Hello World!"' } }