Reputation: 849
How to create azure standard logic app with vnet integration to enable access between storage accounts in different azure subscriptions?
I have dev and prod azure subscriptions, where there are separate virtual networks like dev-virtual-nw and prod-virtual-nw. There are storage accounts under both subscriptions, which don't have access to each other as they both are in different virtual networks(also different subscriptions).
I am trying to create a logic app under dev subscription, need help in providing access to both the storage accounts(read access to prod storage account and write access to dev storage account) in logic app.
After some exploration, I get to know that I need to enable vnet integration in my standard logic app (consumption logic app won't support vnet integration) to provide access to this two storage accounts from logic app, but I am not sure how to do that. Can you help in implementing that?
Upvotes: 0
Views: 1119
Answers (1)
Reputation: 5570
I tried to reproduce the same in my environment to enable vnet integration in my standard logic app check the below workarounds:
After some exploration, I get to know that I need to enable vnet integration in my standard logic app (consumption logic app won't support vnet integration) to provide access to this two storage accounts from logic app, but I am not sure how to do that. Can you help in implementing that?
I have created a standard logic app with storage account like below:
In your virtual network make sure to add vnet peering between the subscription like below:
In your Storage account under networking -> Enable from selected virtual networks and add your peered virtual network with subnet like below and vice versa:
Make sure to Enable the service endpoint it will allow the traffic from the subnet to storage account like below:
Now that access to the storage account has been restricted to certain subnets only, you may see access refused in the logic app. You need to add vnet integration to the logic app as shown below.
In logic app -> Under setting, Networking -> VNet integration -> Add
Then in logic app -> configuration -> Add application WEBSITE_VNET_ROUTE_ALL and WEBSITE_CONTENTOVERVNET like below:
Once VNet integration is enabled, you can access the storage accounts by using the connection string of the storage accounts in the logic app.
Reference:
azure-docs/connectors-create-api-azureblobstorage.md at main · MicrosoftDocs/azure-docs · GitHub
Upvotes: 3
Related Questions
- Accessing Azure Storage Accounts After Disabling the Public Access
- Unable to Access VNET-Connected Azure Storage from Consumption Logic App
- Standard Logic App fails to connect to storage account
- Azure Logic App (consumption) access to Storage Account behind VNET
- Can an Azure Logic app which is under consumption plan call the the azure function which is under app service plan with VNet integration
- Provide Azure VM access to multiple Storage Accounts
- Azure Keyvault to access resources from different azure subscriptions
- Reading azure storage blob from azure app service returns 403 when integrated with VNet (preview)
- App Service VNet Integration with Azure Storage Service Endpoint
- Vnet between Virtual Machine and App Service in Azure