Azure Front Door Premimum and Private Endpoint CLI commands

afd-premium-pe.azcli

#Parameters = make changes based on your needs
rg=afd-lab #set resource group
afdprofile=mauserafd #set AFD Premium Profile already created.
groupname=PE-example #set origin group name
stgacctname=afdtestpe #set storage account name.
location=westus3 #location for Private Endpoint access from AFD.

#variables (do not change)
blobfqdn=$(echo $stgacctname.blob.core.windows.net) #blob storage account
stgacctid=$(az storage account show -g $rg -n $stgacctname --query id -o tsv)

# Create Origin Group (skip this step if already exists)
az afd origin-group create -g $rg --origin-group-name $groupname --profile-name $afdprofile --probe-request-type HEAD --probe-protocol Http --probe-interval-in-seconds 120 --probe-path / --sample-size 4 --successful-samples-required 3 --additional-latency-in-milliseconds 50

# Create Private Link
az afd origin create -g $rg --host-name $blobfqdn \
 --profile-name $afdprofile \
 --origin-group-name $groupname \
 --origin-name stgaccounts \
 --origin-host-header $blobfqdn \
 --priority 1 \
 --weight 500 \
 --enabled-state Enabled \
 --http-port 80 \
 --https-port 443 \
 --enable-private-link true \
 --private-link-resource $stgacctid \
 --private-link-location $location \
 --private-link-request-message 'Please approve this request' \
 --private-link-sub-resource blob

# Approve Private Endpont connection Storage Account
id=$(az storage account show -n $stgacctname --query "privateEndpointConnections[0].id" -o tsv)
az storage account private-endpoint-connection approve --id $id

#Clean up
az afd origin-group delete -g $rg --origin-group-name $groupname --profile-name $afdprofile