Reputation: 1251
Azure App Service to App Service communication via Private Link
I have an Azure app with two App Services. App Service A calls an API on App Service B.
I want to use Private Link to make sure the traffic between them is private and not going through public IP. So here is what I did:
Created a new VNet
Configured Private Endpoint from the two App Services to the new VNet, with Private DNS Integration
Made sure the Private DNS got created, is linked to the new VNet, and both the services are registered in it.
Made sure both the services are not accessible publicly (I get 403)
For testing: Created a new VM in the VNet, and made sure I can browse from the VM to the services. Works fine. I browsed the services using their original URL: serviceX.azurewebsites.net.
However - when I try to call service B from service A (using the same URL - serviceb.azurewebsites.net), I get 403 (Forbidden).
What am I missing?
How can I make two app services connected with Private Link to the same VNet connect with each other?
Upvotes: 2
Views: 4758
Answers (1)
Reputation: 28284
In this case, probably you need to integrate your app with an Azure virtual network and the integration subnet requires an unused subnet in the same VNet.
From Using Private Endpoints for Azure Web App,
Private Endpoint is only used for incoming flows to your Web App. Outgoing flows will not use this Private Endpoint, but you can inject outgoing flows to your network in a different subnet through the VNet integration feature.
Also, note that
If you route all of your outbound traffic into your VNet, it's subject to the NSGs and UDRs that are applied to your integration subnet. When you route all of your outbound traffic into your VNet, your outbound addresses are still the outbound addresses that are listed in your app properties unless you provide routes to send the traffic elsewhere.
In addition, If you set WEBSITE_VNET_ROUTE_ALL in the app settings to 1, all of your outbound calls are affected and If you wanted to have your app use Azure DNS private zones, you should set WEBSITE_DNS_SERVER with value 168.63.129.16.
Upvotes: 2
Related Questions
- How enable requests from Azure APIM to an App Service with Private Endpoint
- Azure URL app service not working in vnet with private endpoint
- Access on-premise server from app service
- Azure Web App VNet integration to Storage account with Private Link
- Can we access azure web app by private link
- app service and vm in azure with same virtual network
- How to access Azure VM from App Service in virtual network by private DNS name?
- Access an App Service integrated with a Virtual Network from other Azure resources
- Azure App Service and VNet to VNet Connectivity
- Vnet between Virtual Machine and App Service in Azure