I have over 150 Azure storage accounts currently open to the internet. Recently, I changed the setting to allow access only from selected networks, but now my SQL database cannot access the storage accounts to write data. I know I can use private endpoints and VNet integration for private connectivity, but managing 150+ private endpoints would be too expensive. Are there any other workarounds or options I could consider to resolve this issue?
3 Answers
Are you having trouble connecting Azure SQL to the storage accounts? Try enabling traffic from Trusted Azure services; that might help you regain connectivity.
Have you thought about using a single storage account with multiple containers instead of having all those separate storage accounts? It might simplify your setup a lot.
Different ownerships or networking requirements can complicate that, though. Data separation matters too.
Consider using service endpoints if you're running everything within Azure. Just select the VNet and subnet in the firewall settings, and it should enable the service endpoint for communication.
I've tried that already. The database isn't currently associated with any VNet. Should I add it to a VNet and then adjust the selected networks setting?