I have over 150 storage accounts that currently allow internet access, but I'm switching to a more secure setup by using selected networks. However, since making this change, my Azure SQL Database can no longer write data to these storage accounts. While private endpoints and VNet integration are options for private connectivity, having that many endpoints would be too expensive. Are there any other solutions or workarounds I can consider?
3 Answers
Have you thought about using service endpoints? If your SQL Database is hosted on an Azure VNet, just select the appropriate subnet and add a service endpoint, which might help facilitate the communication with the storage accounts without the need for private endpoints.
The main problem seems to be the connectivity from Azure SQL to your storage accounts. Have you tried enabling the option to allow traffic from Trusted Azure Services? It might help.
You might want to consider why you have so many storage accounts. It could be more efficient to consolidate some of them into a single account with multiple containers instead. This could simplify management and potentially save costs.
That's a good point, but there could be reasons for keeping them separate, like ownership issues or specific data governance regulations.
Yes, I've checked that option. However, my DB isn't associated with a VNet yet. Do I need to integrate it into a VNet and then add that VNet in the selected networks option?