So I'm working on an application where a Blazor frontend calls a coreFx backend, which in turn handles data in a sql server.
I would like to securely connect the web app to the database.
So far I found two options that don't involve completely opening the DB server to azure services or the internet itself:
1) Add all the outgoing IP addresses from the web app to the server's firewall. Cumbersome, and seems a very not-straight-forward solution.
2) Make a V-NET. Put db in a subnet, web app in another subnet, make private endpoint on the db, have web app access private endpoint.
This seems like the "right" way to do it on a production level. But in dev, this would mean scaling the web app to S1, which is way overpowered for what it's used for and also too expensive. I was gonna go with B1/2 maximum.
Any better ideas?
Edit: The DB is a basic 5 DTU Database on an Azure SQL Server instance on database.windows.net