Reputation: 1398
Azure Automation Runbook, can it call web api through a VNet?
First question is: Is my understanding and my company's current usage of Azure Automation correct?
We have a web app running on Azure production slot. There is an Azure Automation Runbook that is configured to run once a week. In the runbook script, it first authenticates with the app running on the slot and then calls the weekly batch process. This is all using public IPs.
My goal is to create another automation that will run on the development slot. The development slot runs on an Azure virtual network. While it does have a public IP address, I am trying to configure things so that all the internal network traffic stays on the Vnet. In all my searching I have not seen any documentation about how to get an Automation Runbook to execute in a defined Azure Virtual Network. This is leading me to believe that our current usage of Automation Runbooks is not how it was designed to work.
Q1: Are Azure Automation Runbooks designed to be able to call a web service on an Azure Virtual Network?
Q2: If Yes to Q1, how should that be configured?
Q3: If No to Q1, what is the correct way of having the Azure Automation Runbook trigger the batch process within the Application slot?
Upvotes: 0
Views: 948
Answers (2)
Reputation: 1
No it does not work to send outgoing calls to private endpoints resources: https://learn.microsoft.com/en-us/azure/automation/how-to/private-link-security#limitations
Upvotes: 0
Reputation: 40553
If your slot doesn't have public IP I guess you used Private Endpoint.
So if you want your runbook to access resource in private network you should use private link.
You will find more information here - Use Azure Private Link to securely connect networks to Azure Automation
Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the Automation service into your VNet. Network traffic between the machines on the VNet and the Automation account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet.
Upvotes: 0
Related Questions
- How to call a child (powershell) runbook inline from a parent (powershell) runbook in Azure automation?
- Azure Automation Account PowerShell Runbook Restarting Itself
- How to have Azure Monitor alert trigger an Azure Automation runbook whose public access is disabled
- Runbook deployment on Azure Stack
- Connect to web server on Azure VM from Azure Automation runbook
- Azure Automation jobs sharing subscription context
- Azure Automation Runbook Import fails
- Cannot integrate Azure Web App to Vnet
- Azure app service - routing traffic through vnet - does IP translation take place?