Share via

Does the storage account have to be public access for CDN to work? Can it be changed to private?

Desmond Richard 6 Reputation points
2021-01-27T09:43:32.683+00:00

Good Day

We have setup a Standard Akamai CDN profile that is using a storage account to pull the media as its origin.

The storage account at this point is setup for all network access. Which security center is reporting that it is low security . I tried switching to a private network which then breaks the CDN.

Does the CDN profile require that the storage account is public available? If it does i can then create an exception in security center for this case.

Otherwise if it does not require the storage account to be public, how does one improve or change it to be private for the CDN profile?

Thank you.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,895 questions
Azure Content Delivery Network
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. suvasara-MSFT 10,026 Reputation points
    2021-01-27T10:57:01.94+00:00

    @DesmondKrummeck-3250, To protect the files in your storage account, you can set the access of your storage containers from public to private. However, if you do so, no one will be able to access your files. If you want to grant limited access to private storage containers, you can use the Shared Access Signature (SAS) feature of your Azure storage account.

    After you set up SAS on your storage account, you must use the SAS token with the CDN endpoint and origin server URLs to access the file. Here is a doc that helps in using Azure CDN with SAS.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.