Open in app

Sign in

Write

Sign in

Mastodon

Access to a Storage Account through the Private Link

Amine Charot
2 min readDec 17, 2019

--

Hey everyone, the last time I talked about how to automatically deploy an Azure Private Link with a given Azure Resource using ARM Templates. (Link : https://medium.com/@charotamine/automate-azure-private-link-using-arm-templates-7fe86efdee3b)

Now by putting in place the Azure Private Link, your old scripts used to deploy to a Storage Account (to Blob Service by example), may change. Why ?

Generally, the companies create Azure Private Link to pass through a private connectivity to reach the service in question. Before, to access to a Storage Account by example (in a company where the security matters), we had to set a proxy to go out through the internet to upload to Storage Account.

The utilization of the proxy should be taken into account in your deployment scripts but now using the Private Link, It is not important anymore. So, how to proceed ? Instead of using a proxy to reach the service through the internet, we will pass through the private network of the enterprise then a VPN or a private Express Route so we can reach the service.

Actually, there is two options to provide the authorization credentials so you can reach the Storage Account.

  • Using Azure Active Directory :

By giving the right RBAC rules, you can use AAD to communicate with the Storage Account. This method is the most used, but actually it won’t work if you want to privately reach the storage account. Why ? Because you need to communicate with a lot of routes that needs internet (so a proxy). Routes such as :

  • login.microsoftonline.com to get inside Azure

Hey, the purpose here is to pass through the private network …

Here it comes the second option :

  • Using the access key :

By using the script below that pass through a REST API call (So HTTPS so 443) you may reach the storage account privately :

Or alternatively, you can use just the Az Cli :

Behind, the AZ Cli uses the REST API and HTTPS to reach the Storage Account and here is a screen of the traffic :

If your DNS Registration is well done, it should work without any problem !

Enjoy your Private Link,

Bella ciao

Azure
Azure Private Link
Powershell
DevOps
Automation

--

--

Amine Charot
Amine Charot

Written by Amine Charot

396 Followers
11 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams