Azure Service Endpoints

October 14, 2021 1 minute read

Azure Service Endpoints

Puzzle

I had a vnet that looked like this:

vnet

The SMS Router needed to be able to call the CC Survey.

I wanted to set an access restriction on CC Survey so that it would only accept requests from Subnet-apps.

From the Azure Portal, I navigated to CC Survery\Networking\Inbound Traffic\Access Restriction

access-restriction

After adding the rule, I noticed that the “Endpoint status” column of the new row was listed as “Disabled” - what did this mean!?

Explanation

It was trying to tell me that the source subnet was not allowing traffic out. The reason was because I needed to create a “Service Endpoint” on the source subnet to all web traffic to be routed through vnet integration.

To enable this, from the Azure Portal I navigated to Virtual Network\Subnets\Subnet-Survey and selected “Microsoft.Web” from the “Services” drop-down under the “Service Endpoints” heading:

service-endpoints

A Great Video

There are lots of explanations of Service Endpoints on the web but I found this youtube to be the most useful - from 6mins 21 secs in particular.

A Better Name

Personally, I don’t find the name “Service Endpoints” conveys what they actually do. It had me thinking this was something to be configured on the target. In fact, it’s enabling a route out of the source subnet for a particular type of traffic - web in my case.

What’s Next

Now I need to plumb this rules back into my bicep templates - just wanted to get this written down first before I forget how it works!

Twitter Facebook LinkedIn

Rob Bowman

Azure Service Endpoints

Azure Service Endpoints

Puzzle

Explanation

A Great Video

A Better Name

What’s Next

Comments

You May Also Enjoy

Publish message to service bus using PowerShell

Log APIM Request to Blob

No-Code Reference Data Service with Cosmos and APIM

Migrating from Table Storage to Cosmos DB Table Api