Error creating Private Endpoint for OpenAI - ai-service doesn't have CustomSubDomainName

Question

Unable to create Private Endpoint for OpenAI Service. I am not specifying optional argument custom_subdomain_name since per doc the property custom_subdomain_name is optional.

Terraform config:

resource "azurerm_private_endpoint" "private_endpoint" {
    for_each = {for private_endpoint in local.private_endpoint_list : "${private_endpoint.name}" => private_endpoint}
  name                = ...     
  location            = ..
  resource_group_name = ..
  subnet_id           = ..

  private_dns_zone_group {
    name                 = ...        
    private_dns_zone_ids = ["/subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.Network/privateDnsZones/privatelink.openai.azure.com"]
  }

  private_service_connection {
    name                           = ...    
    private_connection_resource_id = azurerm_cognitive_account.openai_services[each.value.name].id
    is_manual_connection           = false
    subresource_names              = [each.value.subresource_name]
  }
}

Error message:

Error: creating Private Endpoint (Subscription: "xxx"
Resource Group Name: "yyy"
Private Endpoint Name: "xxx-oai-service-account"): performing CreateOrUpdate: unexpected status 400 with error: AccountCustomSubDomainNameNotSet: Call to Microsoft.CognitiveServices/accounts failed. Error message: Account /subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.CognitiveServices/accounts/xxx-oai-service doesn't have CustomSubDomainName

  with module.openai_service.azurerm_private_endpoint.private_endpoint["xxx-oai-service-pe-account"],
  on ../modules/LandingZone/AIKM/openai_service/main.tf line 84, in resource "azurerm_private_endpoint" "private_endpoint":
  84: resource "azurerm_private_endpoint" "private_endpoint" {

##[error]Bash exited with code '1'.
##[section]Finishing: Terraform Apply

Answer 1

Private Endpoint Name: "xxx-oai-service-account"): performing CreateOrUpdate: unexpected status 400 with error: AccountCustomSubDomainNameNotSet: Call to Microsoft.CognitiveServices/accounts failed. Error message: Account /subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.CognitiveServices/accounts/xxx-oai-service doesn't have CustomSubDomainName

The CustomSubDomainName is optional for the cognitive_account as per the Terraform documentation, but it is not optional for the private endpoint

Even if you haven't created a cognitive_account without a custom domain name using Terraform, it is still mandatory for network operations.

I created cognitive_account without custom domain name.

In the portal, it is prompting me to generate a custom domain name for any network operations, as shown below.

However, when you create a cognitive_account from the Azure portal, it is created with a custom domain name by default, which is not the case when using Terraform.

To create a Private Endpoint for OpenAI, please generate a custom domain in the portal if it hasn't been created through Terraform.

provider "azurerm" {
  features {}
}
data "azurerm_resource_group" "example" {
  name = "existing-RG"
}
data "azurerm_cognitive_account" "openai" {
  name                = "venkat-openai-account"
  resource_group_name = "existing-RG"
}
data "azurerm_subnet" "example" {
  name                 = "subnet-1"
  virtual_network_name = "venkat-open-ai"
  resource_group_name  = "existing-RG"
}
resource "azurerm_private_dns_zone" "example" {
  name                = "privatelink2.openai.azure.com"
  resource_group_name = data.azurerm_resource_group.example.name
}
resource "azurerm_private_endpoint" "example-pe01" {
  name                = "venkat-openai"
  location            = data.azurerm_resource_group.example.location
  resource_group_name = data.azurerm_resource_group.example.name
  subnet_id           = data.azurerm_subnet.example.id


  private_service_connection {
    name                           = "venkat-openai"
    private_connection_resource_id = data.azurerm_cognitive_account.openai.id
    subresource_names              = ["account"]
    is_manual_connection           = false
  }

      private_dns_zone_group {
    name                 = "default"
    private_dns_zone_ids = [azurerm_private_dns_zone.example.id]
  }
  depends_on = [ azurerm_private_dns_zone.example ]
}

Terraform apply