Connect an App Service to multiple Azure Storage Accounts in different regions

Guilherme Porto 0 Reputation points
2023-05-02T17:15:34.67+00:00

Hello,

We have an App Service connected to a Storage Account using a Microsoft.Storage Service Endpoint. The App Service, Storage Account and Virtual Network are in the same North Europe region.

Now we want to add a second Storage Account located in Australia East and connect the App Service to it as well.

We couldn't use the same Microsoft.Storage Service Endpoint to link the Virtual Network to the Storage Account located in Australia.

We enabled the AllowGlobalTagsForStorage feature on our subscription and tried adding the Virtual Network to the Storage Account located in Australia using the Microsoft.Storage.Global option, but received the following error:

Screenshot 2023-05-02 at 5.52.34 PM

Screenshot 2023-05-02 at 5.55.51 PM

What do we need to do to link both Storage Accounts to the same Virtual Network so the App Service can connect to both of them?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,173 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,463 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,784 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. VasimTamboli 4,915 Reputation points
    2023-05-02T18:19:37.24+00:00

    as per my limited understanding -

    To connect an App Service to multiple Azure Storage Accounts in different regions, you can follow these steps:

    Create a Virtual Network: If you haven't already, create a Virtual Network in Azure that spans both the North Europe and Australia East regions.

    Create a VNet-to-VNet connection: Create a VNet-to-VNet connection between the Virtual Networks in the North Europe and Australia East regions. This will allow traffic to flow between the two Virtual Networks.

    Create Service Endpoints: Create a Microsoft.Storage service endpoint for each Storage Account in the respective regions.

    Allow traffic through VNet-to-VNet connection: In the network security group (NSG) associated with the Virtual Network in the North Europe region, allow traffic from the VNet-to-VNet connection to the Microsoft.Storage service endpoint for the Storage Account in the Australia East region.

    Configure the App Service: In the App Service, add the connection string for the Storage Account in the Australia East region. The connection string should include the name of the Storage Account and the account key.

    Test the configuration: Test the configuration by accessing data in both Storage Accounts from the App Service.

    By following these steps, you should be able to connect your App Service to multiple Azure Storage Accounts in different regions. Note that the VNet-to-VNet connection and NSG configuration may vary depending on your specific network setup, but these steps should provide a general framework for connecting to multiple Storage Accounts.


  2. Guilherme Porto 0 Reputation points
    2023-05-04T16:59:05.26+00:00

    We were able to make it work using Private Endpoints to restrict access to the Storage Accounts, instead of Service Endpoints.

    You can have a Private Endpoint connecting the Virtual Network in North Europe to the Storage Account in Australia. The App Service is also integrated with the Virtual Network in North Europe.

    It is also possible to separate Virtual Networks for each region, each one linked to a Private Endpoint with it's respective Storage Account. In this case, because the App Service will be integrated with the Virtual Network in North Europe, you would have to create a Peering between the Virtual Networks.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.