Access database behind Azure firewall from Logic App in Consumption Plan

UMAIR AHMED 1 Reputation point
2020-01-14T01:26:50.703+00:00

Hi there,

I am designing a solution which would require to execute database query on a vendor database which is behind azure firewall. There would probably be IP white-listing enabled on the firewall.

The database would be in a different azure tenancy(Azure AD), owned by the vendor.

We currently have limited usage of Logic Apps, so Integration Service Environment(ISE) does not justify the cost.

Another solution would probably be using the Function app/Web app and use the App service hosting plan which has Virtual network support that channel the request to Azure Firewall from a specific range of IP addresses allocated to Virtual network. We also code for database query execution in function app/web app. It looks like a lengthy solution to me. I am also looking for validation from experts if that's even workable solution

If you can suggest a simpler approach that will get Great.

Thanks.

Regards,

Umair

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
333 questions
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
1,818 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. DashleenBhandari-MSFT 6 Reputation points
    2020-01-14T11:33:49.207+00:00

    Hello Umair,

    The simplest approach would be to allow Logic App IP address in database Firewall.

    The IP addresses that Azure Logic Apps uses for incoming and outgoing calls depend on the region where your logic app exists. All logic apps that are in the same region use the same IP address ranges.

    You can learn more about Firewall configuration Logic App here.

    No comments

  2. Ebby Peter 1 Reputation point
    2020-05-11T02:05:32.123+00:00

    One of the approaches is to whitelist Azure Logic Apps regional IPs, but this will expose the database to any logic apps in that region.

    The firewall config information can be found here

    No comments