Can I Access Azure Service Bus Relay Using RBAC?
Question
I know that I can access anything in Azure Service Bus using SAS token authentication, and it seems that accessing via RBAC is now becoming the preferred auth method for things like Event Hubs. What I cannot find in the various web articles or samples on GitHub is hard evidence that Azure Relay Hybrid Connections access can be granted via RBAC. For various reasons, RBAC is preferable IMHO, but if it's not supported then I will have to go the SAS route, which may result in some insurmountable issues for me. TIA.
1 answers
solution1
0 ACCPTED 2021-02-24 09:45:46
Well, as I know, Hybrid Connection does not support RBAC.
Essentially, we prefer to use RBAC because we can use Azure AD auth after granting the RBAC roles to Azure resources, it is a more secure way.
So in your scenario, if you want to avoid the security issue, the best option is to use Azure Keyvault , just store the SASKey as a secret in keyvault , then just the client which is added to the access policy (or has the Key Vault Administrator role if you select Azure role-based access control in Access policies blade of the keyvault) has the permission to access the secret.
Then in your code, you don't need to expose the SASKey , just use the SDK to get the secret first, then continue to use it depends on your requirement.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.