Azure for AWS professionals - Storage - Azure - 05 Configuring Firewall and vNet access on Storage accounts

Note that this post is a part of the series. You can view all posts in this series here: Azure for AWS professionals - Index

To secure access to your Microsoft Azure Storage accounts, you can configure a firewall on these. You can allow only particular IP addresses or an address range (specified in CIDR format). Also, instead of specifying IP addresses you can configure access to only specific virtual networks (vNets) in your environment and therefore restrict access to other vNets.

To access these settings, navigate to your storage account and under the settings, click on the "Firewall and virtual networks" option.

Here you have multiple options and ways to configure the firewall. Let's look at these in a systematic way:

1. First, you can either leave the access open to all networks or limit it to a specific virtual network. If you select the latter option, you should also select your virtual network for which you want to provide access. You do so by clicking on the "+Add existing virtual network" option. It will open up a new blade and here you can find your existing vNet and add the same.
2. Next, you configure the Firewall and add IP addresses or a range of IP addresses (in CIDR format) for which the access needs to be opened up
3. Finally, you have the exceptions. Unless the data is very critical and confidential, I recommend that you should always allow access to the Microsoft services by selecting the first checkbox. It should be automatically checked by default. You can also allow access to storage account logging and metrics from any network here.

Firewall and vNet access is generally overlooked option. But you should always configure this in your environment to secure access to your storage accounts.