HomeAbout Me

Azure Standard Logic App with Secured (Private) Storage Account

By Sri Gunnala
Published in Microsoft Azure
November 18, 2022
2 min read
Azure Standard Logic App with Secured (Private) Storage Account

When you create a logic app of type standard, it runs in a single-tenant environment. Meaning, the logic app runs in a single dedicated instance. The standard Logic is hosted as an extension on Azure Functions runtime. This means you can run logic apps anywhere that Azure Functions runs. Also, you can apply any network topology and choose any available compute size. This also requires Storage Account to be associated with it. The Storage account hosts the content needed for the logic app to be up and running.

Due to the increase in security and policies many organizations want Storage Accounts to be secured behind the network. In this blog, we will see how to create a stand logic app with a storage account secured with VENT or private endpoints.



STEP 1: Create a Standard Logic App and Virtual Network

  1. Create a standard logic app (this creates App Service Plan and Storage Account).
  2. By default, the storage account is publicly accessible over the internet.
    Azure Standard Logic App with Private Storage Account - Storage Account
    Azure Standard Logic App with Private Storage Account - Storage Account
  3. Storage Account File Share contains the site content needed for the logic app to be up and running
    Azure Standard Logic App with Private Storage Account - site content
    Azure Standard Logic App with Private Storage Account - site content
  4. Create a simple test workflow
    Azure Standard Logic App with Private Storage Account - site content
    Azure Standard Logic App with Private Storage Account - site content
  5. Create a subnet ‘subnet-lg’ in the VNET. We will restrict traffic to this subnet
    Azure Standard Logic App with Private Storage Account - site content
    Azure Standard Logic App with Private Storage Account - site content


STEP 2: Secure the Storage Account Access to Virtual Network

  1. Restrict the storage account access only from ‘subnet-lg’
    Azure Standard Logic App with Private STorage Account - Storage Account Network Settings
    Azure Standard Logic App with Private STorage Account - Storage Account Network Settings
  2. As soon as we restrict the storage account access, the logic app instance throws the error. It can’t reach the storage account.
    Azure Standard Logic App with Private STorage Account - Logic App Error
    Azure Standard Logic App with Private STorage Account - Logic App Error
  3. It can’t even retrieve the work flow we created.
    Azure Standard Logic App with Private STorage Account - Work Flow
    Azure Standard Logic App with Private STorage Account - Work Flow


STEP 3: Restrict Standard Logic App Outbound Traffic

  1. Configure logic app for the outbound traffic via ‘subnet-lg’
    Azure Standard Logic App with Private STorage Account - Work Flow Error
    Azure Standard Logic App with Private STorage Account - Work Flow Error
    Azure Standard Logic App with Private STorage Account - Logic App Outbound Configuration
    Azure Standard Logic App with Private STorage Account - Logic App Outbound Configuration


STEP 4: Add Application Settings

Go to Logic App application settings and add below two settings

WEBSITE_VNET_ROUTE_ALL to 1

WEBSITE_CONTENTOVERVNET to 1

Azure Standard Logic App with Private STorage Account - Logic App application Settings
Azure Standard Logic App with Private STorage Account - Logic App application Settings

After all these setups, if you go back to the logic app, the error should go away and the test workflow will appear again

Azure Standard Logic App with Private STorage Account - Logic App Error resolved
Azure Standard Logic App with Private STorage Account - Logic App Error resolved


Tags

#Azure#AzureLogicApps#AzureStorageAccount
Previous Article
Integrate Azure API Management (Internal Mode) with Azure Application Gateway
Sri Gunnala

Sri Gunnala

Learner | Reader | Blogger | Azure Enthusiast

Topics

Front End
Microsoft Azure
Microsoft .NET

Newsletter

Sri Gunnala - Make sure to subscribe to newsletter and be the first to know the news.

Related Posts

Debug Azure API Management Policies | Send-Request APIM Policy | Managed Identity Authentication
May 18, 2024
2 min

Legal Stuff

Privacy NoticeCookie PolicyTerms Of Use

Social Media