Azure Lab 01: Hide Your Public Connection From PaaS To Storage Account
Using PaaS resources in Azure brings convenience to developers such as saving times, concentrating on coding, and etc. However, there is a paradox which convenience and secure might never on the same direction.
Your customers might challenging you by exposing the inter-connection among resources under public networks. For example, You builded a Function App for tracking customers’ information and storing them in to a Blob container (from a Storage Account). Meanwhile, connections invoked by that function uses public domain name to the container, which means those requests might have a great opportunity routing outside.
For security purpose such as ISO/IEC 27001, you may want your resources to co-op privately, however, detail network settings among PaaS services are extreamly hard to find (at least for me, a pure newbie). So this article is my research for connecting PaaS devices such as Azure Function App to a Blob container under private network (and cross region).
Here is the outline, I will inreoduce 2 methods: Service Endpoints and Private Endpoints, help you to protect your connection.
Outline
- Service Endpoints
- Private Endpoints
- Additional Information
- Conclusion
- References