question

AgiPasieka-6432 avatar image
0 Votes"
AgiPasieka-6432 asked CristianSPIRIDON72 answered

azure app service custom backup to storage account

Hello

I have setup custom backup of azure web app to storage account and it will only work when the public access is enabled for all networks. What I would like to achieve is to apply restriction to storage account and limit public access to only allow the vnet that I have integrated my web app to. So far I get 403 error as storage account refuses access to web app when I run custom backup. I have tried the following:

  • added subnet from vnet that my web app is integrated with, enabled the service endpoint for Microsoft.Storage

  • enabled system-assigned managed identity for the web app, granted this identity a Storage Blob Data Contributor permission to the storage account that will store the backups

Anyone have any idea what else I have to enable to achieve this?

Thanks in advance

Agi





azure-webappsazure-storage-accounts
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CristianSPIRIDON72 avatar image
1 Vote"
CristianSPIRIDON72 answered

Hi,

If you want to block public access to storage account you need to create a private endpoint for it - your first option. Did you follow all needed steps for this? (including private dns)

https://docs.microsoft.com/en-us/azure/storage/common/storage-private-endpoints

Hope this helps!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SnehaAgrawal-MSFT avatar image
1 Vote"
SnehaAgrawal-MSFT answered

Thanks for reaching here! Could you please confirm if your storage account is firewall enabled? as its mentioned in the document here,

"Using a firewall enabled storage account as the destination for your backups is not supported. If a backup is configured, you will encounter backup failures."
"Using a private endpoint enabled storage account for backup and restore is not supported."

Please let us know to help you better on this.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AgiPasieka-6432 avatar image
0 Votes"
AgiPasieka-6432 answered

Hi,

Thank you for your reply. I was trying to avoid using a private link as I did not want to generate additional cost. I wil leave the storage account with public access at the moment enabled.

Many thanks
Agi

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.