Reputation: 21
Restricting access to Azure SQL from Azure VM
Since Azure SQL have only DNS address and no IP , we can not enforce ACL's/NSG's on our Azure app VM as it needs to communicate with our Azure SQL.. ACL's/NSG's only have IP ranges restriction..no DNS restrictions..
So , potentially, a hacker who managed to sneak to our Azure App VM , can push its stolen data to what ever IP he wants as long as he is going out in port 1433.
Anyway we can restrict outbound communication from Azure VM only to our Azure SQL ?
Upvotes: 2
Views: 722
Answers (1)
Reputation: 29885
You are correct, you can not place an Azure SQL Database within a Virtual Network (VNet). Also, you can only configure a NSG Outbound Security rule to use a Tag that restricts communication to Internet, Azure Load Balancer, or Azure Traffic Manager endpoint. So, unfortunately, it's currently not possible to restrict an Azure VM with NSG to only be able to communicate to a specific Azure SQL Database over Port 1433.
However, on the other side you can restrict the Azure SQL Database firewall rules to only allow your Azure VM to connect to the database by specifying it's IP Address in the SQL Database Firewall rules.
Upvotes: 1
Related Questions
- Limit Azure Sql Database to only be accessible from certain Azure App Service, in different regions
- Limit sql azure access from an azure web app
- How to disallow users from accessing the application database when offering VM Image on Azure Marketplace?
- Limit access to Azure SQL Server to specific azure web apps
- How can I allow unknown users to access my SQL (Azure) DB?
- How to deny port 1433 access to SQL Server VM while allowing SQL query from Integrated Web App
- Azure SQL Server security
- Filter access to sql Server hosted to Azure from Web App Azure
- Secure access to SQL Azure
- Azure how can I secure SQL server VM from the WAN?