Share via

Secure Communication Between 2 PaaS Services Using Private Endpoints

Almir Aljic 1 Reputation point
2022-10-13T14:11:32.237+00:00

Assume we have 2 PaaS Services (e.g. one App Service instance and one SQL DB instance).
How can we safely secure the connection between them such that ONLY that one instance of the App Service can communicate with the specific instance of SQL DB?

Idea:

  1. Create VNet.
  2. Integrate App Service & SQL DB in the VNet.
  3. Create one private endpoint (OR service endpoint) for the App Service.
  4. Restrict network access to SQL DB such that ONLY the private/service endpoint of App Service is whitelisted.

Are there any other, better or perhaps cheaper alternatives here?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,775 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,965 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Cristian SPIRIDON 4,486 Reputation points Volunteer Moderator
    2022-10-16T12:49:28.957+00:00

    Hi,

    There is another option to have a static outbound ip for your app service and then whilelist that ip in your SQL dB:

    https://learn.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips#get-a-static-outbound-ip

    Hope this helps!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.