Reputation: 1
Accessing Azure Storage Accounts After Disabling the Public Access
As per the S360, I need to Disabled the Public access Azure Storage Accounts. Azure Function App and Azure Data Factory is going down. But when I try to enable the "Enabled from selected virtual networks and IP addresses" option getting below error
Failed to save firewall and virtual network settings for storage account Error: Resource 'storage account name' was disallowed by policy. Reasons: 'This configuration is not compliant. Please refer to 'Remediation scenarios' from https://aka.ms/cloudgov-policies-and-remediations for more details.'. See error details for policy resource IDs.
Is there a way to to configure the Data Factory and Function Apps after disabling public access for Azure Storage Accounts.
I have created a VNET and SubNet but not able to add in Storage accounts as getting same error as above.
I have tried to check in Remediation scenarios document but didn't find anything useful.
Is there a way to handle storage account public access?
Upvotes: 0
Views: 678
Answers (1)
Reputation: 5317
Failed to save firewall and virtual network settings for the storage account. Error: Resource 'storage account name' was disallowed by policy. Reasons: 'This configuration is not compliant. Please refer to 'Remediation scenarios' from https://aka.ms/cloudgov-policies-and-remediations for more details.'. See error details for policy resource IDs.
The policy, which states that the storage account does not use a private link, is not assigned to the subscription, which may be the reason for the above error.
You will need to contact your Subscription Administrator so that they can change the policy to Storage accounts should use private link as shown below:
After enabling the private network, you can use a private endpoint to connect a blob storage account. You can follow the procedure below to connect a blob storage account using a private endpoint:
- Create an integration runtime with a virtual network configuration as shown below:
Go to the Azure Data Factory manage tab and create a new private endpoint by clicking the "New" option. Select the Azure SQL database option and choose your server name from the list. Click on "Create." This action will require approval from the SQL server.
In the blob storage account, go to the networking tab and select "Private endpoint connections." You will see a hyperlink that leads you to approve the private endpoint at the storage account level. Click on the hyperlink and approve it, as shown below:
- After approving successfully, create a new blob storage linked service using the previously created integration runtime with the required details. The linked service will be tested successfully, as shown below:
Use the above created linked service for your use.
Upvotes: 0
Related Questions
- Azure function can't connect to its own storage account over vnet any more
- Azure functions : Getting 403 error while accessing the storage account
- Cannot select Azure function app in Resource instances when limiting access to storage account
- How to create azure standard logic app with vnet integration to enable access between storage accounts in different azure subscriptions?
- Accessing Azure Storage Accounts with Selected Network Enabled
- Azure web activity error public access is not permitted
- Unable to copy data from Azure Germany Storage account using Azure Data Factory
- How to create a custom policy for storage account to deny public access and allow selected networks bypassing the AzureServices?