I have a query. I have configured a Storage Account with a Pvt Link in my subscription.
If you have a Storage Account configured with Pvt Link, i believe you don't need to configure Firewall access in that case? Is that correct? Right now based on my ARM Template below, i have the setting in my storage account as shown in the screenshot. Do i need to ensure that "Allow Access From" is set to "Selected Networks" ?
!["resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-01-01",
"name" : "[variables('blobstorageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "StorageV2",
"properties": {
"minimumTlsVersion" : "TLS1_2",
"allowBlobPublicAccess" : false
}
},
{
"type" : "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
"apiVersion": "2018-09-01",
"name" : "[concat(variables('blobPrivateDNSZoneName'), '/link_to_', toLower(parameters('vnetName')))]",
"location" : "global",
"dependsOn" : [
"[variables('blobPrivateDnsZoneId')]"
],
"properties" : {
"registrationEnabled" : false,
"virtualNetwork" : {
"id" : "[variables('vnetId')]"
}
}
},
{
"type" : "Microsoft.Network/privateEndpoints",
"apiVersion" : "2020-04-01",
"name" : "[variables('blobStorageAccountPrivateEndpointName')]",
"location" : "[resourceGroup().location]",
"dependsOn" : [
"[variables('blobStorageAccountId')]"
],
"properties" : {
"privateLinkServiceConnections" : [
{
"name" : "parameters('blobStorageAccountPrivateEndpointName')",
"properties" : {
"privateLinkServiceId" : "[variables('blobStorageAccountId')]",
"groupIds" : ["blob"]
}
}
],
"subnet" :{
"id" : "[variables('subnetId')]"
},
"customDnsConfigs" : [
{
"fqdn" : "[concat(variables('blobStorageAccountName'),variables('blobPublicDNSZoneForwarder'))]"
}
]
}
},
{
"type" : "Microsoft.Network/privateDnsZones",
"apiVersion" : "2018-09-01",
"name" : "[variables('blobPrivateDNSZoneName')]",
"location" : "global",
"properties" : {
"maxNumberOfRecordSets" : 25000,
"maxNumberOfVirtualNetworkLinks" : 1000,
"maxNumberOfVirtualNetworkLinksWithRegistration" : 100
}
},
{
"type" : "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion" : "2020-03-01",
"name" : "[variables('blobPrivateDnsZoneGroup')]",
"location" : "[resourceGroup().location]",
"dependsOn" : [
"[variables('blobPrivateDnsZoneId')]",
"[variables('blobStorageAccountPrivateEndpointId')]"
],
"properties" : {
"privateDnsZoneConfigs" :[
{
"name" : "dnsConfig",
"properties" : {
"privateDnsZoneId" : "[variables('blobPrivateDnsZoneId')]"
}
}
]
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "2021-01-01",
"name" :"[tolower(concat(variables('blobstorageaccountname'), '/default'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('blobstorageAccountName'))]"
],
"properties": {
"isVersioningEnabled" : true,
"deleteRetentionPolicy" : {
"enabled" : true,
"days" : 30
},
"changeFeed" : {
"enabled" : true
},
"containerDeleteRetentionPolicy" :{
"enabled" : true,
"days" : 30
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2021-01-01",
"name": "[concat(variables('blobstorageAccountName'), '/default/', parameters('containerPrefix'), copyIndex())]",
"copy": {
"name": "containercopy",
"count": 2
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('blobstorageAccountName'))]"
]
}
],][1]
Appreciate a quick reply