Allowing Azure Container App to communicate with SQL Server and Blob storage through NSG
I have an app hosted in an ACA instance, I've attached an NSG to the Subnet that the ACA is hosted in and blocked all outbound comms.
As expected, this stops my app communicating with both my Azure SQL Server instance, and my Azure Blob Storage.
Is there anything I can add to the NSG, to allow my app to talk to these two azure services while still blocking all other outbound communications?
Is there anything I can add to the NSG, to allow my app to talk to these two azure services while still blocking all other outbound communications?
If you want to allow communication from container app to Azure SQL Server and Azure Blob Storage, you can create an NSG rule using Service tags
You need to create 3 NSG rules with the following Service tags to allow communication from Storage and Azure SQL Server.
"Storage" , "Sql" and "SqlManagement"
- NSG Rule: Storage
- NSG Rule: SQL
- NSG rule: SqlManagement
Once you create the 3 NSG rules, the container app will be able to connect to Storage and Azure SQL Server
Reference: Virtual network service tags