A naukri.com initiative
Medium
2w
149
Image Credit: Medium
Application Network Security in Azure: Subnets, Endpoints, DNS, NSGs with Terraform Code
- The article discusses securing applications in Azure by segregating them into subnets for each service and implementing private endpoints for communication.
- Subnet delegation is essential for applying networking rules within subnets for Azure services like Azure Functions.
- Private endpoints are private IPs from virtual networks that facilitate secure communication between Azure services.
- Private endpoints cannot be added to subnets delegated to specific resources like Microsoft.Web/serverFarms; dedicated subnets are needed for private endpoints.
- Azure Private Link connects private endpoints to apps over the Azure backbone network.
- Azure Private DNS resolves domain names in virtual networks without custom DNS configurations.
- Network Security Groups (NSGs) manage networking traffic between Azure resources and enable filtering both inbound and outbound traffic.
- NSGs need to be explicitly applied to subnets hosting private endpoints, and separate rules are required for effective traffic control.
- External access to applications behind a subnet and private endpoint can still be possible due to public endpoints by default; Azure API Management (APIM) can help in exposing apps securely.
- APIM allows external access to applications by exposing a public IP for API calls with a key for connecting to the backend securely.
Read Full Article
9 Likes
For uninterrupted reading, download the app