Service Tag for APIM Consumption tier

Pitawat Nantamanop 71 Reputation points
2021-04-20T11:18:26.347+00:00

Hi,

I am trying to allow only inbound traffic to App Gateway from APIM only and deny all traffic if it comes from other sources.

89469-appgw.png

I setup NSG and associate it to subnet that App Gateway is in. My inbound rule is

89518-nsg-rule.png

This did not work. APIM could not connect to App Gateway.

I then looked at https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags and found an interesting piece of text at API Management row: "Management traffic for Azure API Management-dedicated deployments"

Does this mean APIM Consumption tier does not have its Service Tag? Is it only for developer, basic, premium, etc tiers? If so, how could I restrict inbound traffic to be only from APIM Consumption tier?

Thank you.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,746 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,137 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
956 questions
0 comments
Accepted answer
  1. suvasara-MSFT 10,001 Reputation points
    2021-04-20T16:12:18.073+00:00

    @Pitawat Nantamanop , In the Developer, Basic, Standard, and Premium tiers of API Management, the public IP addresses (VIP) are static for the lifetime of a service, so the service tag is available for those tiers. Whereas, Consumption tier service, it doesn't have a dedicated IP address. Consumption tier service runs on a shared infrastructure and without a deterministic IP address.

    Solution: For traffic restriction purposes, you can use the range of IP addresses of Azure data centers. Refer to the Azure Functions documentation article for precise steps.

    Also, you can provide your feedback and upvote the similar ask here in this feedback section for its future availability.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest