Home > Software design >  securing app service connectivity to azure storage
securing app service connectivity to azure storage

Time:09-29

we have a blob container with anonymous access (open to internet) and an appservice talking to it.

What are our options of ensuring that only the appservice can talk to this storage endpoint? vnet integration is our last option.

Thanks -nen

CodePudding user response:

What are our options of ensuring that only the appservice can talk to this storage endpoint?

One option would be to make use of Azure Role Based Access Control (RBAC) Data roles.

For this, first you would assign a managed identity to your App Service and then assign that identity appropriate Azure Storage RBAC data roles.

You would also need to block access to the storage account via access keys or shared access signature so that only your App Service can connect to your storage account using Azure AD authorization.

You can read more about it here: https://docs.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal.

Page link:https//www.codepudding.com/Softwaredesign/132385.html

Prev:Is there a call to Azure API to list resource details in regions that I use in my subscription?
Next:What is the point of Azure App Config KeyVault references?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding