Securing Azure API and Multiple Azure Services with VNet

Question

Securing Azure API and Multiple Azure Services with VNet

hampton123 1,175

How can I secure my Azure API and its multiple Azure services by using VNet? Currently, my API allows users to upload and download files in containers within an Azure Storage account. The Azure services I am using include APIM (with an Azure Function as the API), 2 separate Azure Functions (one for developing SAS tokens and another for uploading files), and an Azure Storage account. Even though the system works, security is a concern since most of the Azure services I use are public. I am considering using VNet to restrict traffic within my API from accessing these Azure services, but I am unsure how to implement it. Can anyone provide guidance on how I can achieve this?

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Accepted answer

1 additional answer

Your answer

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

Boris Von Dahle 3,221

Hello,

There is a high view to implement VNet integration to restrict traffic in your case :

Create the virtual Network
Create a NSG to define the rules to restrict traffic as you need
Asssociate the NSG to the subnet
Implement VNet integration or private endpoint features on API, Function and Storage Services on

More info on how to ingrate Azure Services with VNet :

https://learn.microsoft.com/en-us/azure/virtual-network/vnet-integration-for-azure-services

You can also consider implement Azure Policy to further enhance security.

If this answer helped, please mark it as accepted for other users with similar question to be able to find this topic.

Regards

hampton123 1,175 Reputation points

2023-06-09T12:55:46.4366667+00:00

Thank you for your response! Would the API still be accessible publicly while also restricting outside access to my other Azure services (Functions, Storage Account)?
Boris Von Dahle 3,221 Reputation points

2023-06-09T17:43:04.1033333+00:00

Yes, in that case, you just have to let the API public and integrate your other services into vnet with private endpoint.

Pleaser remember that publicly facing APIs should be properly secured :

https://learn.microsoft.com/en-us/security/zero-trust/develop/protect-api
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 2

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Share via

Securing Azure API and Multiple Azure Services with VNet

1 additional answer

Your answer