-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot create private AML compute #2780
Comments
@t-young31 agree. The docs say:
So not sure why this is being requested. Will ask some questions internally and get back to you. |
@t-young31 I read the docs incorrectly - it's if you have private endpoints 445 is still required. We can limit what that can connect to using a service endpoint policy on the subnet - https://github.com/jhirono/azureml-dlp What I'm thinking at the moment is that a dedicated subnet for AML is created and the firewall allows outbound traffic form only that subnet, and that subnet has the endpoint policy configured. Hopefully this will get easier longer term. |
This requires this #1846 to be completed first. |
Describe the bug
When trying to create AML compute with no public IP fails with
Looks like the compute is trying to access public storage(?), which is disabled
AzureTRE/templates/workspace_services/azureml/terraform/network.tf
Line 110 in ae3efac
because the service isn't exposed externally. I've had a look at https://learn.microsoft.com/en-us/azure/machine-learning/how-to-secure-workspace-vnet?tabs=pe%2Ccli#azure-storage-account and there is some storage inside the ws vnet that has a private endpoint, so I'm not really any the wiser.
Any help would be much appreciated!
Steps to reproduce
The text was updated successfully, but these errors were encountered: