Securely access to the Azure Logic Apps using Private Link
Hello everyone, I hope you are doing well and you spent a good christmas even with the current situation and happy new year !
It’s been a while I didn’t write a post, It’s just because I had a lot of other things beside. I moved to a new position in Devoteam MCloud so I had to take my time to integrate, I should confess that a change has never been easy for me.
As the title mention, today’s post will be about allowing a private connection to the Azure Logic Apps using Azure Private Link. Is that possible ? Yes it is, using the new version of the Azure Logic Apps.
- Azure Logic Apps (V2)
Actually the new Logic App is deployed inside an App Service Plan (Yes, as well as a Web App), so we get benefit of all what the ASP (App Service Plan) offers such as the Slots, the networking possibilities and the security to match the enterprise needs.
More information are available on right on this link.
- Securely access to the Azure Logic Apps
Now let’s see how we can access to an Azure Logic App using a Private Endpoint.
Before we had to use an ISE (Isolated Service Environment) which is expensive :
Now, using the new Logic Apps, we may imagine such a scenario :
We may use a Private Endpoint to access privately and securely to the Logic App.
We just need :
- A logic App (The new version);
- A virtual Network;
- A Private Endpoint.
Let’s put all together; First we need the new Logic App. In the Azure Portal, Select :
The preview one, then create one :
Note : As the Web App, we need the premium one.
Once is done, we will create a Virtual Network :
Once is done, we should create a Private Endpoint and connect it to the Logic App. In the networking tab of the Logic App, select the Private Endpoint connections :
Then add a private endpoint :
Once is finished, you must see something like :
With the following DNS Configuration :
We see that our Logic App has a Private Endpoint with 10.0.0.4.
Let’s test it, first of all we need a workflow :
Let’s test it with a simple workflow :
It’s a simple one, we send a request then we receive 200 Response. Simple no ? Yes. Let’s try then to send a request from our Local Machine (which will pass through the internet).
Well, this was not the response that we wanted, let’s create a Virtual Machine inside the same VNet and try to send a request.
By sending the same request, we got the same response :
We just have to edit the host file because I didn’t set a DNS.
By sending the same request :
Well, I hope that this helps you to solve the security problem.
