Secure Remote MCP Server

// Parameters @description('Specifies the name of the virtual network.') param virtualNetworkName string @description('Specifies the name of the subnet which contains the virtual machine.') param subnetName string @description('Specifies the resource name of the Storage resource with an endpoint.') param resourceName string @description('Specifies the location.') param location string = resourceGroup().location param tags object = {} // Virtual Network resource vnet 'Microsoft.Network/virtualNetworks@2021-08-01' existing = { name: virtualNetworkName } resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing = { name: resourceName } var blobPrivateDNSZoneName = format('privatelink.blob.{0}', environment().suffixes.storage) var blobPrivateDnsZoneVirtualNetworkLinkName = format('{0}-blob-link-{1}', resourceName, take(toLower(uniqueString(resourceName, virtualNetworkName)), 4)) var queuePrivateDNSZoneName = format('privatelink.queue.{0}', environment().suffixes.storage) var queuePrivateDnsZoneVirtualNetworkLinkName = format('{0}-queue-link-{1}', resourceName, take(toLower(uniqueString(resourceName, virtualNetworkName)), 4)) // Private DNS Zones resource blobPrivateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { name: blobPrivateDNSZoneName location: 'global' tags: tags properties: {} dependsOn: [ vnet ] } resource queuePrivateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { name: queuePrivateDNSZoneName location: 'global' tags: tags properties: {} dependsOn: [ vnet ] } // Virtual Network Links resource blobPrivateDnsZoneVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { parent: blobPrivateDnsZone name: blobPrivateDnsZoneVirtualNetworkLinkName location: 'global' tags: tags properties: { registrationEnabled: false virtualNetwork: { id: vnet.id } } } resource queuePrivateDnsZoneVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = { parent: queuePrivateDnsZone name: queuePrivateDnsZoneVirtualNetworkLinkName location: 'global' tags: tags properties: { registrationEnabled: false virtualNetwork: { id: vnet.id } } } // Private Endpoints resource blobPrivateEndpoint 'Microsoft.Network/privateEndpoints@2021-08-01' = { name: 'blob-private-endpoint' location: location tags: tags properties: { privateLinkServiceConnections: [ { name: 'blobPrivateLinkConnection' properties: { privateLinkServiceId: storageAccount.id groupIds: [ 'blob' ] } } ] subnet: { id: '${vnet.id}/subnets/${subnetName}' } } } resource blobPrivateDnsZoneGroupName 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2022-01-01' = { parent: blobPrivateEndpoint name: 'blobPrivateDnsZoneGroup' properties: { privateDnsZoneConfigs: [ { name: 'storageBlobARecord' properties: { privateDnsZoneId: blobPrivateDnsZone.id } } ] } } resource queuePrivateEndpoint 'Microsoft.Network/privateEndpoints@2021-08-01' = { name: 'queue-private-endpoint' location: location tags: tags properties: { privateLinkServiceConnections: [ { name: 'queuePrivateLinkConnection' properties: { privateLinkServiceId: storageAccount.id groupIds: [ 'queue' ] } } ] subnet: { id: '${vnet.id}/subnets/${subnetName}' } } } resource queuePrivateDnsZoneGroupName 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2022-01-01' = { parent: queuePrivateEndpoint name: 'queuePrivateDnsZoneGroup' properties: { privateDnsZoneConfigs: [ { name: 'storageQueueARecord' properties: { privateDnsZoneId: queuePrivateDnsZone.id } } ] } }