Search code examples
azure-table-storagevnetazure-ai-search

Connect private Azure Table Storage Account with AI search

I have a Azure AI search instance and an Azure Table Storage Account. Both are in the Germany West Central region. Both services have a private endpoint and are connected to the same vnet and also to the same subnet.

I added the Azure Table Storage Account as a data source using the API and also created a simple test index. Now I'm trying to create an indexer but it just wont work. The error message:

Error with data source: Credentials provided in the connection string are invalid or have expired.\r\nFor more information on troubleshooting connection issues to Azure Storage accounts, please see https://go.microsoft.com/fwlink/?linkid=2049388 Please adjust your data source definition in order to proceed.

I tried re-entering the connection string and also tried to use the managed identity instead. But keep getting this error. Only when I make the storage account public everything seems to work fine, but this is not what we want.

I also added private dns zones

privatelink.table.core.windows.net privatelink.search.windows.net

I can see in both dns zones that the A record is automatically added. Both zones are connected to the VNET.

In the storage account I also tried to set public network access to "Enabled from selected vnets and ip adresses" and add the vnet subnets (all of em) and the resource instance. Also checked the Allow Azure services on the trusted services list to access this storage account. All had no effect.

Can anyone please help me why this isnt working?

Solution

  • You don't need private endpoint connection in both service area.

    private endpoint connection handles only in-bound connections not outbound so you no need that in you ai search.

    Next, in Ai search you raise the access from Share private access like below.

    enter image description here

    You will get below options, fill them accordingly.

    enter image description here

    Select subscription, resource type as storage accounts and you storage account name.

    Make sure you give Target sub-resource as table since you are accessing it.

    After clicking on create you will get request in your storage account private endpoint connection.

    enter image description here

    Here, you approve the request.

    Now you try creating data source and index them.