One of the major limitations with multi-tenant logic app was its inability to integrate with private resources (that are behind a firewall and/or deny public connections). Integration service environment (ISE) was one solution to achieve this task. But there is certain limitations in using ISE and that's a different topic for discussion.
Let's see how to integrate single tenant logic app with private resources.
Add an action and search for SQL. We can see two connector options. Built-in and Azure.
Private connection is possible only using the built-in actions. If we use Azure action, we will have to whitelist the connector outbound IP ranges (public) in the destination system firewall.
At the moment, we have only one built-in action for SQL that is 'Execute SQL query'. More built-in actions are expected to be added in the future.
If the SQL server is currently not behind a firewall and 'Allow Azure services and resources to access this server' flag is set to Yes we can test the logic app and make sure it is working fine.
Let's use the HTTP URL that is generated when the workflow is saved in an API testing tool (like Postman) to trigger the logic app. I tested and got the response with the SQL query results.
If the SQL server is already behind a firewall and (or) if it denies public connections, workflow would not be able to connect at the moment. We need to create a private endpoint for the Azure SQL server that we need to connect from logic app workflow.
We get below error in workflow (without a private endpoint).
Private endpoint enables connectivity between the consumers from the same VNet, regionally peered VNets, globally peered VNets and on premises using VPN or Express Route and services powered by Private Link.
Reference: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
Select the resource.
Next step, choose a virtual network and subnet for the private endpoint. We need to integrate the private endpoint with a private DNS zone.
Test the logic app again. Now we are able to integrate a logic app with a private SQL server using private endpoint. Please let me know your questions or thoughts via comments below.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.