Microsoft Azure – Connect to a Storage Account using Private Link
In this article we will learn how to securely connect to a Storage Account using private links. In this article, we are going to look into the new private link in the Azure Portal. And you could find that by searching.
The good thing about the private link is that it allows your resources to communicate with each other along with the Microsoft backbone, as opposed to having traffic flowing along with the public internet. This keeps your data secure and safe away from prying eyes.
Let’s start with creating a private endpoint in order to build a connection to your service.So, what you are going to do here is fill in some basics, first, your resource group and a name for your private endpoint.
And then now that you have that set, you can keep on going. In this article, we will be connecting to a resource in your own directory. You can also connect to somebody else’s resources in a different directory and a different subscription. And so, you already have your subscription set. Since you are going to connect your Storage Account, you can choose the specific Storage Account you are going to connect to.
And then lastly, you need to choose the sub resource behind the Storage Account that you want to access. Storage Accounts have several different sub resources like tables, files, queues, for now, we are going to connect to a blob for demonstration. So, this is everything you need for your resource.
Moving onto the other side of the private link. This is where you choose the subnet and VNet that will have access to connect to your Storage Account. And lastly, you need to decide whether you want private DNS integration. For most customers, you want to integrate here. Because this will ensure that traffic will flow cleanly between your VNet and your storage account. And so you already have it chosen to yes and just make sure that you have it within your VNet. You can set tags if you’d like. And then you can move to review and create.
So, your private endpoint’s been created. Once it’s fully deployed, there will be a private link connecting the VNet that you just specified to the Storage Account that you just specified and all traffic that flows along that will be safe and secure within the Microsoft Azure Cloud. And you can still connect your storage account using the same mechanisms that you do today over the public internet. You can use your REST APIs, you can use SMD, you can use your connection strings. That will all work the exact same way. It’s just that the connection would be as secure as we can make it.
Please Login to comment...