How Can Secure the Storage Account with Private Endpoint (Azure Private Link)
Azure Private Endpoint (Azure Private LInk) – Preview Availability is a network interface that connects you privately and securely to a service powered by Azure Private Link. Private Endpoint uses a private IP address from your VNet, effectively bringing the service into your VNet. The service could be an Azure service such as Azure Storage, SQL, etc.
Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer/partner services over a Private Endpoint in your virtual network. Traffic between your virtual network and the service traverses over the Microsoft backbone network, eliminating exposure from the public Internet. You can also create your own Private Link Service in your virtual network (VNet) and deliver it privately to your customers. The setup and consumption experience using Azure Private Link is consistent across Azure PaaS, customer-owned, and shared partner services.
Access to a private link resource using approval workflow
You can connect to a private link resource using the following connection approval methods:
- Automatically approved when you own or have permission on the specific private link resource. The permission required is based on the private link resource type in the following format: Microsoft.<Provider>/<resource_type>/privateEndpointConnectionApproval/action
- Manual request when you don’t have the permission required and would like to request access. An approval workflow will be initiated. The private endpoint and subsequent private endpoint connection will be created in a “Pending” state. The private link resource owner is responsible to approve the connection. After it’s approved, the private endpoint is enabled to send traffic normally, as shown in the following approval workflow diagram.
Configure the Steps
This Example I am selecting an existing storage account creating a private endpoint – Enter the Name and Region. Click – Next
The Resource Selection – Connection method – can open all Azure Resources in my Directory or Selected Resource ID only. Then Resource Type Currently Only Available (Storage/Network/SQL). Resource Select from the list and Target source. Click Next
Configuration Tab – Select VNET and Subnet also you can Create Private DNS integration or No Click Next
Add TAGS.
Validate Passed Click Create.