英文:
How to create azure standard logic app with vnet integration to enable access between storage accounts in different azure subscriptions?
问题
I have dev and prod azure subscriptions, where there are separate virtual networks like dev-virtual-nw and prod-virtual-nw. There are storage accounts under both subscriptions, which don't have access to each other as they both are in different virtual networks (also different subscriptions).
我有开发和生产的 Azure 订阅,其中有单独的虚拟网络,如 dev-virtual-nw 和 prod-virtual-nw。这两个订阅下都有存储帐户,它们无法相互访问,因为它们位于不同的虚拟网络中(也位于不同的订阅中)。
I am trying to create a logic app under dev subscription, need help in providing access to both the storage accounts (read access to prod storage account and write access to dev storage account) in logic app.
我正在尝试在开发订阅下创建逻辑应用,需要帮助在逻辑应用中提供对这两个存储帐户的访问权限(对生产存储帐户的读取访问权限和对开发存储帐户的写入访问权限)。
After some exploration, I get to know that I need to enable vnet integration in my standard logic app (consumption logic app won't support vnet integration) to provide access to these two storage accounts from logic app, but I am not sure how to do that. Can you help in implementing that?
经过一些探索,我了解到我需要在我的标准逻辑应用中启用 VNet 集成(消耗逻辑应用不支持 VNet 集成),以便从逻辑应用中提供对这两个存储帐户的访问权限,但我不确定如何实现。你可以帮忙实施吗?
英文:
I have dev and prod azure subscriptions, where there are separate virtual networks like dev-virtual-nw and prod-virtual-nw. There are storage accounts under both subscriptions, which don't have access to each other as they both are in different virtual networks(also different subscriptions).
I am trying to create a logic app under dev subscription, need help in providing access to both the storage accounts(read access to prod storage account and write access to dev storage account) in logic app.
After some exploration, I get to know that I need to enable vnet integration in my standard logic app (consumption logic app won't support vnet integration) to provide access to this two storage accounts from logic app, but I am not sure how to do that. Can you help in implementing that?
答案1
得分: 1
I tried to reproduce the same in my environment to enable vnet integration in my standard logic app check the below workarounds:
> After some exploration, I get to know that I need to enable vnet integration in my standard logic app (consumption logic app won't support vnet integration) to provide access to this two storage accounts from logic app, but I am not sure how to do that. Can you help in implementing that?
我尝试在我的环境中重现相同的情况,以启用标准逻辑应用中的虚拟网络集成,请查看下面的解决方案:
> 经过一些探索,我了解到我需要在标准逻辑应用中启用虚拟网络集成(消耗逻辑应用不支持虚拟网络集成)以从逻辑应用访问这两个存储帐户,但我不确定如何做到这一点。你能帮助我实施吗?
I have created a standard logic app with storage account like below:
我已经创建了一个带有存储帐户的标准逻辑应用,如下所示:
In your virtual network make sure to add vnet peering between the subscription like below:
在您的虚拟网络中,请确保在订阅之间添加虚拟网络对等连接,如下所示:
In your Storage account under networking -> Enable from selected virtual networks and add your peered virtual network with subnet like below and vice versa:
在您的存储帐户中,转到网络 -> 启用所选虚拟网络并添加您的对等虚拟网络和子网,如下所示,反之亦然:
Make sure to Enable the service endpoint it will allow the traffic from the subnet to storage account like below:
确保启用服务端点,它将允许来自子网的流量访问存储帐户,如下所示:
Now that access to the storage account has been restricted to certain subnets only, you may see access refused in the logic app. You need to add vnet integration to the logic app as shown below.
In logic app -> Under setting, Networking -> VNet integration -> Add
现在,对存储帐户的访问已被限制为仅限于某些子网,您可能会在逻辑应用中看到访问被拒绝的情况。您需要像下面所示添加虚拟网络集成到逻辑应用中。
在逻辑应用 -> 设置下,网络 -> VNet 集成 -> 添加
Then in logic app -> configuration -> Add application WEBSITE_VNET_ROUTE_ALL and WEBSITE_CONTENTOVERVNET like below:
然后在逻辑应用 -> 配置中 -> 添加应用程序**WEBSITE_VNET_ROUTE_ALL** 和 WEBSITE_CONTENTOVERVNET,如下所示:
Once VNet integration is enabled, you can access the storage accounts by using the connection string of the storage accounts in the logic app.
启用 VNet 集成后,您可以通过在逻辑应用中使用存储帐户的连接字符串来访问存储帐户。
Reference:
azure-docs/connectors-create-api-azureblobstorage.md at main · MicrosoftDocs/azure-docs · GitHub
英文:
I tried to reproduce the same in my environment to enable vnet integration in my standard logic app check the below workarounds:
> After some exploration, I get to know that I need to enable vnet integration in my standard logic app (consumption logic app won't support vnet integration) to provide access to this two storage accounts from logic app, but I am not sure how to do that. Can you help in implementing that?
I have created a standard logic app with storage account like below:
In your virtual network make sure to add vnet peering between the subscription like below:
In your Storage account under networking -> Enable from selected virtual networks and add your peered virtual network with subnet like below and vice versa:
Make sure to Enable the service endpoint it will allow the traffic from the subnet to storage account like below:
Now that access to the storage account has been restricted to certain subnets only, you may see access refused in the logic app. You need to add vnet integration to the logic app as shown below.
In logic app -> Under setting, Networking -> VNet integration -> Add
Then in logic app -> configuration -> Add application WEBSITE_VNET_ROUTE_ALL and WEBSITE_CONTENTOVERVNET like below:
Once VNet integration is enabled, you can access the storage accounts by using the connection string of the storage accounts in the logic app.
Reference:
azure-docs/connectors-create-api-azureblobstorage.md at main · MicrosoftDocs/azure-docs · GitHub
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论