Compartir a través de

Blob Storage

Sebastian Pacheco 451 Puntos de reputación
2024-05-25T16:59:31.8433333+00:00

hello everyone!!! ;)

I need to set up a storage account in Azure, but I have the question if it is advisable to activate public access so that a third party can connect to obtain information or it is better to leave it without public access and with a private connection point. If it is the second option, how could I deliver documents to the third party?

A pod of ours would connect to the blob storage and store documents and then rescue documents to show them... if this is the flow, should it be left without public access and our own system, through some API, communicate with the other company to pass information to it?

If I leave him public access and give him access only to the third party's IP, could he delete information? Or can you restrict what the third party can do when connecting to the storage account or blob? as well as create an IAM account (Managed identity - Storage Blob Data Reader)??

What would be the safest way for a third party to obtain documents stored in a blob storage?

Thanks!

Azure
Azure

Plataforma e infraestructura de informática en la nube para crear, implementar y administrar aplicaciones y servicios a través de una red mundial de centros de datos administrados por Microsoft.

0 comentarios

2 respuestas

Ordenar por: Muy útil
Muy útil Más reciente Más antiguo
  1. Carlos Solís Salazar 18,376 Puntos de reputación MVP
    2024-05-27T12:36:52.5466667+00:00

    Hola @Sebastian Pacheco Si lo que deseas es compartir archivos con un tercero a través de un Storage Account, te recomendaría confiar un servicio SFTP en tu Azure Blob Storage para que ese tercero pueda acceder a los archivos de forma segura.

    Espero que te sirva de ayuda.

    Recuerda aceptar la respuesta si te resulta útil.

    ¿Le ha resultado útil esta respuesta?

  2. Jared Foster Orduz 0 Puntos de reputación
    2024-05-25T18:03:07.2+00:00

    Hello Sebastian Pacheco!

    To securely set up a storage account in Azure for third-party access, I recommend using private access. Here’s a brief summary to address your concerns:

    Private Access:

    Setup:

    • Private Endpoint: Configure a private endpoint for your storage account within your virtual network to ensure it’s not publicly accessible.
      • Disable Public Access: Ensure the storage account is not publicly accessible.
    1. Access Management:
      • Managed Identity: Use a managed identity for your pod/application to securely access the storage account.
      • RBAC: Assign the third party the Storage Blob Data Reader role for read-only access, ensuring they cannot delete or modify data.
    2. Delivering Data to the Third Party:
      • Secure API: Create an API within your system that the third party can use to request documents. This API will authenticate and authorize the third party, retrieve documents from the storage account using the managed identity, and deliver them securely.

    This approach ensures your data is protected, and the third party has controlled, secure access without exposing your storage account to potential vulnerabilities.

    Best regards!

    ¿Le ha resultado útil esta respuesta?

Su respuesta

Las respuestas pueden ser marcadas como "Aceptadas" por el autor de la pregunta y "Recomendadas" por los moderadores, lo que ayuda a los usuarios a saber que la respuesta ha resuelto el problema del autor.