How to allow the app service web app to query external API?

Azure / appservice-landing-zone-accelerator

The Azure App Service landing zone accelerator is an open-source collection of architectural guidance and reference implementation to accelerate deployment of Azure App Service at scale.

https://build.microsoft.com/en-US/sessions/58f92fab-3298-444d-b215-6b93219cd5d7?source=sessions

MIT License

207 stars 109 forks source link

How to allow the app service web app to query external API? #163

Closed thomas-tran closed 1 year ago

thomas-tran commented 1 year ago

@thotheod In the multitenant use case, if my app deployed in the app service required to query external API service like payment gateway Stripe API. Should I configure to allow access the Stripe API Ip address from the App service access restriction in the app subnet within the Spoke Vnet or the Firewall in the Hub Vnet?

thotheod commented 1 year ago

@thomas-tran you need to configure the Firewall in the Hub Vnet. The App Service subnet has a route table that locks the egress traffic down, so all the outbound requests starting from the web app, go through the firewall. If there is an allow rule there, they can pass, otherwise they are blocked.