When you create a logic app of type standard, it runs in a single-tenant environment.
Meaning, the logic app runs in a single dedicated instance. The standard Logic is hosted as an extension on Azure Functions runtime.
This means you can run logic apps anywhere that Azure Functions runs. Also, you can apply any network topology and
choose any available compute size. This also requires Storage Account to be associated with it. The Storage account hosts the content needed
for the logic app to be up and running.
Due to the increase in security and policies many organizations want Storage Accounts to be secured behind the network.
In this blog, we will see how to create a stand logic app with a storage account secured with VENT or private endpoints.
Create a standard logic app (this creates App Service Plan and Storage Account).
By default, the storage account is publicly accessible over the internet.
Azure Standard Logic App with Private Storage Account - Storage Account
Storage Account File Share contains the site content needed for the logic app to be up and running
Azure Standard Logic App with Private Storage Account - site content
Create a simple test workflow
Azure Standard Logic App with Private Storage Account - site content
Create a subnet ‘subnet-lg’ in the VNET. We will restrict traffic to this subnet
Azure Standard Logic App with Private Storage Account - site content
Restrict the storage account access only from ‘subnet-lg’
Azure Standard Logic App with Private STorage Account - Storage Account Network Settings
As soon as we restrict the storage account access, the logic app instance throws the error. It can’t reach the storage account.
Azure Standard Logic App with Private STorage Account - Logic App Error
It can’t even retrieve the work flow we created.
Azure Standard Logic App with Private STorage Account - Work Flow
Configure logic app for the outbound traffic via ‘subnet-lg’
Azure Standard Logic App with Private STorage Account - Work Flow ErrorAzure Standard Logic App with Private STorage Account - Logic App Outbound Configuration
Go to Logic App application settings and add below two settings
WEBSITE_VNET_ROUTE_ALL to 1
WEBSITE_CONTENTOVERVNET to 1
Azure Standard Logic App with Private STorage Account - Logic App application Settings
After all these setups, if you go back to the logic app, the error should go away and the test workflow will appear again
Azure Standard Logic App with Private STorage Account - Logic App Error resolved