I create a front door origin pointing to my app service using a private link. This ads a private endpoint to the app service, in the pending state. I use the UI to approve it, and everything works expected.
If I delete the app service and recreate it I lose the private link. How do I get the private link again?
I've tried deleting the origin in front door and re-adding that, but the link does not appear again.
The only way I have found to do it, is to delete the entire front door resource and recreate it. This works for now, but is not a good solution once I add other apps to front door.
If you have multiple private links to the same app service, only one link will be created (per this article). I don't have multiple, but I think the problem might have to do with how this is tracked.
Created Front door origin pointing to my app service using a private link and approved like below:
Once you recreate App service, you can add your app service in same origin host name apply and update:
Now I am able get front door private link pending request and approved like below:
You don't need to delete entire front door. Add your created App service in origin host name you will get new private link request and approved.
Update
Furthermore, inside a single Azure Front Door profile, a single private endpoint is created all the different origins across different origin groups.
So, for a given resource, which is an app service in this case, Azure will check in its databases if a private endpoint is created or not for a given tuple
(resourceId, tenant, region, groupId). If the tuple changes, Azure creates one, or else it won't create a new private endpoint.Now the lifetime of this private endpoint is scoped to origin and not the backend resource, which means if you delete and recreate your app service, Azure won't create a new private endpoint and if you create a new origin with the same app service, Azure won't create a new private endpoint and you don't see new connections to approve.
To ensure you get a new private endpoint connection when you create an origin with
PrivateLinkResourceId, GroupId, PrivateLinkLocationyou need to ensure you delete all the origins/origin groups under your tenant with the samePrivateLinkResourceId, GroupId, PrivateLinkLocation. Once all the origins/origin groups withPrivateLinkResourceId, GroupId, PrivateLinkLocationare deleted, Azure will internally delete the private endpoint.This is a known behavior at this moment.
To summarize, only deleting the origin will not help. You need to delete the origin group where the app service was added before. And also delete any other origin groups containing an origin with the same set of Private Link location, resource ID and group ID. Once the origin groups are deleted, you can recreate the origin group with the newly created app service, and you will see new private endpoint connections to approve.
To delete an origin group, it should be unassociated, meaning it should not be associated to any route. refer this
To do this, you can either associate any other existing origin group (which doesn't have the same set of Private Link location, resource ID and group ID) to the route or create a new dummy origin group and add this dummy origin group to the route and then disassociate the origin group you need to delete.
Or I have deleted route to unassociated origin group and deleted existing origin group and added dummy origin groups like below:
Now, you I am able to see new private endpoint connections for approval within your app service. Once approved, I added routes to the origin.