![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 7.000000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,457 questions
Your conclusion is correct. APIM cannot access any resource within the VNET.
You have the option to work around this though. Let the external callers connect to APIM first. Then let APIM connect to the AKS API's via the application gateway. You can restrict the application gateway to only accept calls from APIM. So, the flow would look like this:
external caller --> API Management --> Application Gateway --> AKS
We have set this up for one of our customers. In our situation, we were not using AKS, but Azure Functions.
This setup provides you with a secure access to your AKS environement, without the costs of APIM premium.
