scenarios for AzureKeyVault as servicetag in Inbound NSG Rule
I am new to Networking and have some questions regarding some of the service tags in Azure NSG.
If you see below, Azure has multiple options for service tags while defining inbound NSG rules. But I failed to understand the scenarios for AzureKeyVault, Storge, Cosmos DB etc. in which scenarios these services initiate the request? Why do we need these service tags in the inbound NSG.
But I failed to understand the scenarios for AzureKeyVault, Storage, Cosmos DB etc. in which scenarios these services initiate the request? Why do we need these service tags in the inbound NSG.
It's not so good understanding for service tags in the inbound NSG as outbound NSG. For example, If you want to deny all outbound internet traffic and allow only traffic to specific Azure services such as AzurekeyVault or AzureCosmosDB. You can do so using service tags as the destination in your NSG outbound rules.
Similarly, If you want to allow or deny traffic from Azure service in a virtual network, Ip address or Application security group. You can do so using service tags as the source in your NSG inbound rules. For example, you can set the service tag AppService and specific IP addresses(some specific VM IP address) as the destination, then you could restrict the AppService to access the resources in your VM like API or database.
For more details, you can view scenarios for securing your Azure service.
- python-ldap creating a group returns "already exists" (in an empty OU and non existent sAMAccountName)
- PowerApps: Access Azure Storage Account only accessible from selected vNet and IP address ranges
- If Azure Network Security Groups are stateless, are outbound DENYs overridden?
- How to configure NSG for WAF v2 Application Gateway subnet?
- Azure DevOps Service tags are not available in Network Security Group
- How to create Azure VM without NSG?
- Adding NSG rules to enable high availability on Azure PostgreSQL Flexible Server
- Can't connect to SQL Managed Instance from Azure Function App (Login timeout expired)
- AWS Security Group rules: How does ssh connection to EC2 still works when I have removed outbound rules
- Deployed Tomcat Webapp in EC2 can't talk to Postgres RDS instance
- Azure NSG not blocking traffic to subnetted ACI
- Add NSG to Application Gateway Subnet
- Getting list of NSG and corresponding Subnet or NIC
- Apply NSG/ASG by default on new subnets (Azure)
- Azure network security group Add source ip prefixes using variable
- How can I enable Diagnostics on a Network Security Group using ARM templates
- How to connect to the cosmos db from power bi desktop application through Azure virtual network
- PowerShell: How to add 1 user to multiple Active Directory Security Groups - Security tab of the security group with write permission
- How to restrict direct access from internet to Azure Public LoadBalancer backend pool VM with NSG
- How to block ports from public and allow ports within Vnet in Azure?
- NSG rules not replicated using Azure site recovery fail over
- Azure Event Hub - Virtual Net Integration - Restrict Reading
- Do NSGs apply to Servic Endpoints of the Subnet
- can not access Azure VM thru port 8888
- scenarios for AzureKeyVault as servicetag in Inbound NSG Rule
- Reason for choosing i and j for the matrix creation in Playfair Cipher
- Azure NSG rules for traffic from an Azure Cloud Service
- How to use multiple destination port in single NSG SecurityRule in ARM template
- Terraform Azure network security
- Limit SSH access by AWS security group