Can an AZURE App Service be defined as part of a VNET?
Question
In AWS we can define a Serverless App within a VPC. Need not be the case but is considered obviously a good practise.
Can the same be done for an AZURE App Service? Ie can an AZURE App Service be defined as part of a .NET?
1 answers
solution1
1 ACCPTED 2021-08-18 14:56:05
There are a couple of segments to answer your question. Here goes...
VNet integration
Yes, you can Integrate your app with an Azure virtual.network .
With Azure Virtual Network (VNets), you can place many of your Azure resources in a non-inte.net-routable.network. The VNet Integration feature enables your apps to access resources in or through a VNet. VNet Integration doesn't enable your apps to be accessed privately.
Azure App Service has two variations:
- The multitenant systems that support the full range of pricing plans except Isolated.
- The App Service Environment, which deploys into your VNet and supports Isolated pricing plan apps.
If you're looking for restricting access to the App Services, the article linked in silent's comment is a good read. Especially the Access restrictions chapter.
Access restrictions let you filter inbound requests. The filtering action takes place on the front-end roles that are upstream from the worker roles where your apps are running. Because the front-end roles are upstream from the workers, you can think of access restrictions as.network-level protection for your apps.
Infrastructure as Code
The blueprint (or 'cloud template') you're talking about in the comments feels like you need Infrastructure as Code to build/maintain resources for customers that all have the same structure. And while Azure has a service that's called Azure Blueprints , I think that would be overkill for the requirements you're giving.
Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they're building within organizational compliance with a set of built-in components, such as.networking, to speed up development and delivery.
I think you could implement what you're looking for by creating a (parameterizable) Bicep file to enable you to create/update the resources in a repeatable way as needed.
Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. We believe Bicep offers the best authoring experience for your infrastructure-as-code solutions in Azure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.