New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow access from other Azure resources with public IP #10359
Comments
@superminiek Thanks for your feedback! We will investigate and update as appropriate. |
@superminiek this answer from Gaurav breaks down the accessibility of Storage account from different subscriptions: https://stackoverflow.com/questions/31024894/accessing-azure-storage-services-from-a-different-subscription |
Requests to storage are Source-NAT'ed so we do not see the public IP address of the VM. You can use VNET rules across different subscriptions, as long as they are in subscriptions sharing the same Azure AD Tenant. @NarayanAnnamalai , FYI |
I've got the same issue. Adding a VM to a VNet and then attaching the VNet/subnet to the storage account fixes the issue. However I can't find away to get it to work for requests coming from an App Service |
you can use an App Service Environment to get App Service in a VNET. https://docs.microsoft.com/en-us/azure/app-service/environment/intro#virtual-network-support |
Regarding "Requests to storage are Source-NAT'ed so we do not see the public IP address of the VM." - after connecting to another VM I can see that IP (source) is correct, for storage - not so it seems that still it is not working properly or it is planned somehow. In which business cases ASF would be helpful here? I understand that I cannot use ASF for restrict access to File storage from VM. |
Except the app service environment costs almost nearly as much on its own as our whole azure environment. To me it does not make sense that Azure does not provide away to securely store files in the cloud. I get that a storage account is access secured, but ultimately it's accessible from anywhere on the internet. Which does make it vulnerable. Good luck passing a security audit from a financial institution. It has a password on it does not really provide confidence. 😔 |
@zyrow123 I'd highly recommend adding your feedback here: https://feedback.azure.com/forums/217313-networking , it will be examined by the product group. Thanks, |
How to enable access to storage from different Azure item with public IP (VM) which is configured in different subscription and different account? I put public IP in "Firewall" but access is not working.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: