Configuring Firewall and Virtual Network access on Azure Storage Accounts
ฝัง
- เผยแพร่เมื่อ 14 ก.ค. 2024
- In the previous video, we saw how to securely accessing Azure Storage accounts using Shared Access Signatures. You can check that video here: • How to securely access...
In this video, we are taking the security one step further by limiting the access to storage accounts completely by configuring Firewalls on them. We can limit the access to either particular subnets within specific virtual networks in Azure. Or we can limit access to specific IP addresses or address ranges.
This ensures that the storage account will only be accessible from the locations you configure. That way control the access.
![[LIVE] : ONE ลุมพินี 70 | คู่เอก "โฟกัส vs สเตฟาน"](http://i.ytimg.com/vi/_fVieQ89DRQ/mqdefault.jpg)
So much easier to understand when you break it down this way.
Straight to the point and genuine content!
Excellent!! Keep uploading more topics in Azure. Thank you ☺️
Well thought out presentation. Thanks.
Very useful and clear info... thanks
Well Explained
Nice video. If I may, I think you mixed up service endpoint and private endpoint. Service endpoint doesn't ensure the traffic travels over Azure's backbone - that's enabled by private endpoint and Private Link. Service endpoint allows a subnet to be referred to as an object in the storage account's native firewall.
Nice information.
good explanation
very well said Amn.Thank You!
it would be great if you also share some architecture diagrams with different use-cases were it covers most of the azure services with end to end flow (like secured network architecture and deployment architecture)
Thanks you so much sir
Love watching your channel and I must say Aman, that you create very different, to the point and practical educative videos. I have implemented many things in my setup following your ideas and suggestions. One thing that I am still wondering to figure it out is that how to create our storage account within our own private VNET/Subnet (in azure)? Not sure if it is possible to do so as my understanding is that storage account is a public service (though you can disabled the access and allow access via few VENT or IP using firewall. My question is that is it possible to configure a storage account as Private storage account within our own VNAT. I will explore your service endpoint and Private endpoints video for making a secure tunnel b/w my VNET and public service (storage). Any suggestion or pointer to this will highly be appreciated. Good luck and keep doing great job. I love your ascent 🙂.
Thanks Aman. So does enabling service endpoints add a route to the route table of that subnet? just like with AWS, a prefix-list route gets added to the subnet if an ec2 instance in that subnet needs to reach out to S3 over a gateway endpoint?
Even though I have given my client ip ,I'm unable to open containers is there any vpn should be turnedoff
I have question, If I would have storage account and it has configured with virtual network along with firewall, also I have configured cdn endpoint with storage account. Would i be able to connect the storage account from cdn ?
Please upload all AZ-104 content
By Enabling services endpoint would my CDN will access all files, blobs from over the public network ?
Hello Sir, u r videos are very informative. I want you to cover the options /settings [Like Geo-replication, Cors, etc all ]available for the storage account from life side of blade .Please consider my request and make a video.
HELP