Hello Prince Agrawal,
Greetings! Welcome to Microsoft Q&A Platform.
To achieve secure access to your Azure PaaS applications through the Azure portal, you can leverage private endpoints.
To connect Azure storage via Private Endpoint, please refer
- https://learn.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal?source=recommendations&tabs=dynamic-ip, https://learn.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-storage-portal?tabs=dynamic-ip
- https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
If you are using Managed Identity there are 2 ways to do the same. You select either one to connect to Azure storage
- System Assigned
- User Assigned
To configure System Assigned you can leverage the following steps. Since there was no preference for programming Language shared, using Python.
- Grant the Managed Identity Access to the Storage Account: In your storage account, select Access Control (IAM). Click Add and select add role assignment. Search for storage blob data Owner (necessary permission as required) , select it, and click Next.
- On the Members’ tab, under Assign access to, choose Managed Identity. Select Member a blade will open in Azure Portal on your right side.
- On that blade select the correct subscription, Resource and from the Button Select and Click Next
- On Review+Sign at the buttom Review + Assign
6 Use the following snippet in Azure Appservice and deploy
PythonCopy
from
To configure User Assigned you can leverage the following steps.
Please Refer https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview
- Create a Managed Identity. Please Refer https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-manage-user-assigned-managed-identities?pivots=identity-mi-methods-azp.
- Assign the correct Role to the user-assigned Identity (created in step 1) in the Storage Account (Refer to the screenshot).
- Assign the User Identity to the Resource where the application will be deployed, for exampleAzure App service please refer https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp#add-a-user-assigned-identity
- Please repeat the step 3 if you are deploying the code in multiple resources.
- Log into the Dev computer's Visual Studio with the user credentials who have relevant access to the Azure storage used in Step 2.
- Copy the Client ID for the Managed Identity created in Step 1.
7) Leverage the following demo code from your dev computer and deploy the same code in the resource configured in Step 4, which will list the containers.
PythonCopy
from
Hope this answer helps.Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.