Unable to Access VNET-Connected Azure Storage from Consumption Logic App

Question

I'm facing an issue with accessing Azure Storage Tables from a Consumption Logic App. The Storage Account is within a VNET and uses firewall rules for specific subnets/IPs. Since the Logic App can't join a VNET, it's blocked. Allowing "Enabled from all networks" works, but isn't an option. Using user assigned managed identity and Create Block Blob V2 in logic apps.

-Added the Logic App's runtime and connector IPs to the firewall allow list.

• Tried adding the Logic App to the Storage Account's exception resources and assigned various roles (Contributor, Owner, etc.) to its Managed Identity.

None of these solutions worked. How can I resolve this without moving to Logic App Standard or opening the Storage Account to all networks?

Answer 1

In order to access the storage account tables in consumption logic app by enabling Enabled from selected virtual networks and IP addresses, you can either follow the below steps or refer to the SO-Thread as commented by Pete - MSFT.

1. While enabling the virtual network, add your logic app instance as shown below. This will help you to create the connection with the storage account from your logic app using system assigned managed identity.

2. Then I have enabled the Managed Identity in logic app.

3. Assigned Storage Table Data Contributor RBAC role as shown below-

4. Now you can create the storage account connection in the logic app by selecting Authentication Type as Logic Apps Managed Identity

• I am able to create a table in the virtual network enabled storage account using consumption logic app.