<t>I'm deploying Azure OpenAI Service via Terraform, and I want to set up a private endpoint for it. The docs and this article suggest that, besides a private endpoint, I need a private DNS zone containing an A record for the private endpoint.<br/>
<br/>
It looks like this is not enough because I get the error "Public access is disabled. Please configure private endpoint." in Azure AI Studio when I test my GPT-35-turbo model.<br/>
<br/>
Here's my Terraform code:<br/>
<br/>
main.tf<br/>
<br/>
resource "azurerm_resource_group" "rg" {<br/>
location = "westeurope"<br/>
name = "test-rg"<br/>
}<br/>
<br/>
resource "azurerm_cognitive_account" "openai" {<br/>
name = "REDACTED"<br/>
location = "westeurope"<br/>
resource_group_name = azurerm_resource_group.rg.name<br/>
kind = "OpenAI"<br/>
sku_name = "S0"<br/>
custom_subdomain_name = "REDACTED"<br/>
public_network_access_enabled = false<br/>
}<br/>
<br/>
resource "azurerm_virtual_network" "vnet" {<br/>
name = "test-network"<br/>
location = azurerm_resource_group.rg.location<br/>
resource_group_name = azurerm_resource_group.rg.name<br/>
address_space = ["10.1.0.0/16"]<br/>
}<br/>
<br/>
resource "azurerm_subnet" "private_subnet" {<br/>
name = "test-private-subnet"<br/>
resource_group_name = azurerm_resource_group.rg.name<br/>
virtual_network_name = azurerm_virtual_network.vnet.name<br/>
address_prefixes = ["10.1.1.0/24"]<br/>
private_endpoint_network_policies_enabled = true<br/>
}<br/>
<br/>
resource "azurerm_private_endpoint" "private_endpoint" {<br/>
name = "test-openai-private-endpoint"<br/>
location = azurerm_resource_group.rg.location<br/>
resource_group_name = azurerm_resource_group.rg.name<br/>
subnet_id = azurerm_subnet.private_subnet.id<br/>
<br/>
private_service_connection {<br/>
name = "test-openai-privconn"<br/>
private_connection_resource_id = azurerm_cognitive_account.openai.id<br/>
subresource_names = ["account"]<br/>
is_manual_connection = false<br/>
}<br/>
}<br/>
<br/>
resource "azurerm_private_dns_zone" "openai" {<br/>
name = "privatelink.openai.azure.com"<br/>
resource_group_name = azurerm_resource_group.rg.name<br/>
}<br/>
<br/>
resource "azurerm_private_dns_a_record" "openai" {<br/>
name = "test-openai-private-endpoint"<br/>
zone_name = "privatelink.openai.azure.com"<br/>
resource_group_name = azurerm_resource_group.rg.name<br/>
ttl = 300<br/>
records = [azurerm_private_endpoint.private_endpoint.private_service_connection[0].private_ip_address]<br/>
}<br/>
<br/>
resource "azurerm_private_dns_zone_virtual_network_link" "link" {<br/>
name = "test-vnet-link"<br/>
resource_group_name = azurerm_resource_group.rg.name<br/>
private_dns_zone_name = azurerm_private_dns_zone.openai.name<br/>
virtual_network_id = azurerm_virtual_network.vnet.id<br/>
}<br/>
<br/>
resource "azurerm_cognitive_deployment" "model_gpt_35_turbo" {<br/>
name = "test-gpt-35-turbo-model"<br/>
cognitive_account_id = azurerm_cognitive_account.openai.id<br/>
<br/>
model {<br/>
format = "OpenAI"<br/>
name = "gpt-35-turbo"<br/>
version = "0301"<br/>
}<br/>
<br/>
scale {<br/>
type = "Standard"<br/>
}<br/>
}<br/>
<br/>
```<br/>
<br/>
**providers.tf**<br/>
<br/>
```<br/>
terraform {<br/>
required_version = ">=0.12"<br/>
<br/>
required_providers {<br/>
azurerm = {<br/>
source = "hashicorp/azurerm"<br/>
version = "~>3.64.0"<br/>
}<br/>
}<br/>
}<br/>
<br/>
provider "azurerm" {<br/>
features {}<br/>
subscription_id = "REDACTED"<br/>
}<br/>
<br/>
```<br/>
<br/>
Additional info: I don't have any DNS server (the virtual network uses the default DNS server by Azure).</t>
