Web Service connected to Postgres Flex—Vnet integration or private endpoint or both?

Question

I've spent days reading and researching and I'm still confused. Let's assume the following: say that

• I have a Web App and a Postgres Flex Service
• I have a Vnet and a few Subnets
• I need the Web App to have 2-way communication with Postgres
• Both services should not be accessible to the public internet
• All communication between both services should remain in the Vnet.

Deploying Azure services into my vnet with virtual network integration seems like the best choice for this scenario, but the documentation has conflicting information. Is the above scenario possible using virtual network integration only, or do I also have to use private endpoints?

Answer 1

Hi -
Based on the requirements stated then deploying flexible-server into the VNET as "private access" would be correct. There is no public endpoint in this configuration.
REF https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking-private#private-access-vnet-integration

In the case of the App Service Web App then you need to associate it with a VNET which gives you outbound private network access (required for the flexible-server when VNET integrated/private)
https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration

In order to prevent public access to the web app you can deploy a private endpoint for clients to utilise. Doing this enables you private access and allows the public endpoint to be disabled https://learn.microsoft.com/en-us/azure/app-service/overview-private-endpoint

App Service is also available as single-tenant service that can be added to your VNET (conceptually similar to flexible server) and that's through an ASEv3https://learn.microsoft.com/en-us/azure/app-service/environment/overview

However unless you need the single-tenancy, or the larger choice of plan scale sizes available in ASEv3 Iv2 plans (cores/memory) then regular app service plan that supports private endpoints would be fine.