Share via

Automation Account communication with Storage Account through private endpoint

aubinaso takam 40 Reputation points
2023-11-08T16:09:25.4266667+00:00

Hello,

I'm trying to use Automation Account configure with private endpoint to access a Storage Account configure with private endpoint.

I have configured :

  • An automation Account and Runbook using private endpoint with the target sub-resource : DSCAndHybridWorker.
  • I disable public access in Automation Account
  • I create a Storage Account with private endpoint on blob. I configure Firewall to allow traffic from the subnet where the 2 resources are connected throw private endpoint.
  • I give access to my automation account so that runbook can read data in storage container.

I try first to test the Access i gave (by not configuring private endpoint) and all work as i wanted.

Now with private endpoint on those 2 resources. Nothing is working.

I think I missed something important when configuring private endpoint on those 2 resources to allow traffic between them through the virtual network.

Can I have some help.

Thank you,

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
550 questions
Accepted answer
  1. KapilAnanth-MSFT 49,616 Reputation points Microsoft Employee Moderator
    2023-11-09T04:47:23.31+00:00

    @aubinaso takam

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to configure private access between an Azure automation account and Storage Account.

    • Please note that Private EndPoint can only be used to provide inbound traffic (connect to) to a PaaS Service
    • It cannot provide outbound access from the PaaS Service.
    • Meaning, the PaaS service should rely on it's Public IP or list of outbound Public IPs (for some PaaS) to make external calls.

    Now, in your scenario, I see you would like to use your Automation account to connect to a Private IP (Private IP of the Storage Account Private EndPoint)

    • In this case, you must consider using Automation Hybrid Runbook Worker on a VM in the same VNET as the Private EndPoint
    • Then, this VM will be able to access the private IP of the torage Account's Private EndPoint

    More details can be found here.

    Thanks,

    Kapil

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.