Azure Networking: Azure PrivateLink
Use Azure Private Link to create private connections from Astro to your Azure services without exposing your data to the public internet.
Astro clusters are pre-configured with the Azure blob private endpoint.
To request additional endpoints, or assistance connecting to other Azure services, provide Astronomer support with the following information for the resource you want to connect to using Private Link:
- Resource name
- Resource ID
- Group ID
For example, to connect with Azure Container Registry:
- Follow the Azure documentation to create the container registry. Copy the name of container registry.
- Follow the Azure documentation to create a private endpoint for your container registry. Then, copy the name of the Data endpoint.
- Then, from the left panel, go to Overview menu, and click on JSON view in Essentials, to copy the resource ID. You can also run Azure CLI command
az acr show -n myRegistryto get the resource ID. - Contact Astronomer Support with your request to connect. Provide the resource name, data endpoint name, and resource ID.
- When Astronomer support adds an Azure private endpoint, corresponding private DNS zone and Canonical Name (CNAME) records are created to allow you to address the service by its private link name. Astronomer support will send the connection request in Azure Portal’s Private Link Center.
- Approve the connection requests from your Azure portal, then confirm that you’ve completed this in your support ticket. Astronomer support will then test whether the DNS resolves the endpoint correctly.
After Astronomer configures the connection, you can create Airflow connections to your resource. In some circumstances, you might need to modify your dags to address the service by its private link name (For example, StorageAccountA.privatelink.blob.core.windows.net instead of StorageAccountA.blob.core.windows.net).
Note that you’ll incur additional Azure infrastructure costs for every Azure private endpoint that you use. See Azure Private Link pricing.
