Hi @juni dev ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Q1: Where can I find the list of IPs used by Azure Front Door to reach my storage account?
- The AzureFrontDoor.Backend service tag offers a detailed list of IP addresses used by Azure Front Door to access your storage account. This service tag encompasses all the IP addresses Azure Front Door uses to connect to your origins, such as Azure Storage accounts. By incorporating this service tag into your network security group rules, you can effectively control Azure Front Door's access to your storage account.
For your reference: https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#what-are-the-network-service-tags-that-front-door-supports-
Q2: Will it use specific IPs of our FD instance/setup or IPs used by globally?
- Azure Front Door operates on a globally shared IP address space rather than using specific IPs for individual instances. As a result, the IP addresses associated with Azure Front Door are shared among all users and are subject to change. For stable configuration, it is recommended to utilize the AzureFrontDoor.Backend service tag instead of hard-coding certain IP addresses.
For your reference: https://learn.microsoft.com/en-us/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium#ip-address-filtering
3.Managing a large number of IP addresses is not advisable as mentioned, especially since they frequently change. Therefore, it's recommended to use a different approach for this purpose.: https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-enable-private-link-storage-account
Kindly let us know if the above helps or you need further assistance on this issue.
If the answer is helpful, please click "Accept Answer" and "Upvote it.