Protecting outbound traffic by using Application Security Groups (ASG) with Private Endpoints.
Important
The documentation defines the following:
This setting only applies to private endpoints in the subnet and affects all private endpoints in the subnet. For other resources in the subnet, access is controlled based on security rules in the network security group.
Note
Network Security Group rules using application security groups may only be applied when the ASGs are associated with network interfaces on the same virtual network.
Create the .auto.tfvars file and add your public IP:
allowed_public_ip_address = "you IP"Create the resources:
terraform init
terraform apply -auto-approveLog into the virtual machine and enable the Azure CLI with the System-Assigned identity:
az login --identityAttempt to connect to the storages. Storage 001 should work, and storage 002 should fail:
# This should work
az storage blob list --auth-mode login --account-name <storage001> --container data
# This should fail
az storage blob list --auth-mode login --account-name <storage002> --container dataAdditionally, test the connectivity to the SQL Database via Private Link.