azureazure-logic-appsazure-storage-accountazure-file-share

Azure Logic connection with Azure file share while storage account is behind firewall


I have an Azure Storage account that has an Azure file share setup.

I want to create a logic app that, after it does its process, creates a file on the Azure file share.

The only connector that seems to be available for this is called 'Azure File Storage'. If I set the Storage account network settings to allow all, it works with no problem. If I set it to selected networks and Ips I get the following error: enter image description here

I have looked at ways around this, like using a system assigned identity and the correct role assignment with the following settings in Network for the storage account, and I still get the same error. enter image description here

So it appears the connector does not have the option to authenticate using system assigned identity like the other storage connectors.

I also have red that this connector can't connect if the logic app and storage account are in the same region. I tried this but still got the same error.

Has anyone else encountered this issue? Seems like Azure File Shares have been forgotten by Microsoft compared to all other storage account features. e.g. no triggers for Azure file shares.

Ideally, I want to lock the access down to IP's only as these shares contain sensitive data and just having a access key as the only protection seems bad.


Solution

  • In the case where you can't authenticate the connector using managed identity and you wish to access the storage account behind the firewall then you need to go for Access storage accounts in other regions wherein both storage account and logic app should be in different region.

    enter image description here

    enter image description here

    enter image description here