Reputation: 89
Write CSV-file from Canvas Power App to Azure Blob Storage Container behind firewall
I have a PowerApp that allows users to upload a .csv-file. I want to automatically upload this .csv-file to an Azure Blob Storage Container inside a Storage Account. However, the Storage Account is set up to only allow traffic from selected vNets and IP address ranges. The vNet it allows traffic from is also protected by a Network Security Group (NSG).
I tried to establish a connection using the PowerApps built-in "Azure Blob Storage connection". But as expected, access is denied.
This request is not authorized to perform this operation.
I already configured an NSG rule to allow inbound traffic from the "PowerPlatformInfra"-Service Tag. In the networking options of my storage account, I wanted to whitelist PowerApps IP ranges, however I am struggling to find the correct IP ranges, as I can't add Service Tags here.
I also considered using Azure Functions with vNet integration as a workaround (create a flow to upload the csv file to the blob storage). However, as these csv-files can be quite large, I dont want to transmit it's content via the HTTP-body. I would like to directly pass the csv as an input to the function. I am not sure if this is even possible.
Does anyone have an idea how to write a csv-file from a canvas power app to the firewall protected storage account?
I am clueless. Thank you so much for your time in advance!
Upvotes: 0
Views: 656
Answers (1)
Reputation: 1741
as you said I wanted to whitelist PowerApps IP ranges, however I am struggling to find the correct IP ranges
*You can use the Azure IP Ranges and Service Tags - Public Cloud service to locate the appropriate IP ranges for PowerApps. For Azure services, including PowerApps, this service gives a list of IP address ranges and service tags. You can set up your Azure Private Link settings and NSG rules using this information.
- Use Azure Private Link to add PowerApps IP ranges to the whitelist in your storage account's networking settings. Through a private endpoint in your virtual network, Azure Private Link enables you to access Azure services (like Azure Blob Storage).
- Created storage account and container and uploaded csv file in container.
- Make sure that the Power App's vNet and IP address range are allowed to send communication to the Storage Account.
- As shown in below images you can allow particular vnets and ip ranges from firewall and virtual network by selecting Enabled from selected virtual networks and IP addresses.
Using the "Azure Blob Storage connection" in Power Apps, connect to the Azure Blob Storage account.
Add a file upload control to the Power App and set it up to save the file to the Azure Blob Storage container using the connection you just made. Then you can do as per you requirement in PowerApps. - Reference blob power apps MS document.
Upvotes: 0
Related Questions
- How to properly setup Azure connectivity from App service to Storageaccount?
- PowerApps: Access Azure Storage Account only accessible from selected vNet and IP address ranges
- Azure Media Services : Streaming Assets from Private Storage Account
- CannotVerifyCopySource when copying a file from one datalake container (A) to another datalake container(B) within the same azure storage account
- unable to connect to azure gen2 storage account in South Central US region from azure databrick in EAST US
- Connecting Azure App Service to IP restricted storage account
- Upload a File object to azure storage from react js / node js
- Azure Storage Account firewall AnonymousIpAuthorizationError
- SSIS Azure Blob upload task : Secure way to provide Storage Account key as Key URI in AzureStorageConnection