Access Azure Blob using Logic App
Published Jun 09 2020 11:25 AM 8,617 Views
Microsoft
In this article Let's explore how to automate the process of accessing Blobs using Logic Apps.
The purpose of the blog is to demonstrate the challenges currently we face while accessing secured blobs and how to overcome them.
 
Azure Blob Storage offers three types of the storage services : blobs, block blobs, append blobs, and page blobs.
 
Please find the kind of Blobs listed over here
 
In today's topic, I will be giving you overall picture on the possible ways of accessing blob from Azure Logic Apps.
 
There are several ways to access blobs and few of them are:
  1. Using Azure Functions.
  2. Using REST APIs.
  3. Dot Net code/Other programming Language
  4. Logic Apps.
 
You can find more information on this this article
 
Let's begin with the number of possible ways we can connect with Azure Storage Blobs using Logic Apps under various security constraints.

This might give the clear picture on how to access Azure blob from Logic Apps under various constraints.
 

Source - Logic Apps

Connector Type

Is Blob behind Firewall?

Destination-Storage Blob

Region

Comments

ISE

ISE-Blob Connector

Yes

Blob

Same

    • Possible with Private Endpoint .
    • Possible with Whitelisting ISE-Vnet.

ISE

ISE- Blob Connector

Yes

Blob

cross

    • Not possible with Private IP since whitelisting of Vnet would not happen for different region.
    • But we can connect to Blob using public endpoint if we force traffic through the public IP of the ISE. Also storage should be resolvable to public IP. Additionally, we have to whitelist public IP of ISE on Storage.

ISE

Built-in HTTP

Yes

Blob

same

    • Possible with Private Endpoint.
    • Possible with Managed Identity.
    • Possible with whitelisting  ISE-Vnet.

ISE

Built-in HTTP

Yes

Blob

cross

    • Possible with Managed Identity.
    • But we can connect to Blob using public endpoint if we force traffic through the public IP of the ISE. Also storage should be resolvable to public IP. Additionally, we have to whitelist public IP of ISE on Storage.

ISE

Azure Blob Connector

Yes

Blob

Same

    • Possible with Managed Identity.

ISE

Azure Blob Connector

Yes

Blob

cross

    • Yes with whitelisting ISE-Virtual Network.
    • Yes with Managed Identity.

 

 

 

 

 

 

Logic App Standard

Built-in Blob Connector

Yes

Blob

Same

    • Possible with Private endpoint ,whitelisting Vnet and Logic App VNET Integration .

Logic App Standard

Built-in Blob Connector

Yes

Blob

Cross

    • Not possible with Private IP since whitelisting of Vnet would not happen for different region.
    • But we can connect to Blob using public endpoint if we force traffic through the public IP of the Standard Logic App. Also storage should be resolvable to public IP. Additionally, we have to whitelist public IP of Standard Logic App on Storage.

Logic App Standard

Built-in Http

Yes

Blob

Same

    • Possible with Private endpoint ,whitelisting Vnet and Logic App VNET Integration .

Logic App Standard

Built-in Http

Yes

Blob

Cross

    • Not possible with Private IP since whitelisting of Vnet would not happen for different region.
    • But we can connect to Blob using public endpoint if we force traffic through the public IP of the Standard Logic App. Also storage should be resolvable to public IP. Additionally, we have to whitelist public IP of Standard Logic App on Storage.

Logic App Standard

Azure Blob Connector

Yes

Blob

Same

    • Not possible, We will not be able to connect even with IP whitelisting.
    • Not possible even with Managed identity with your Logic App standard  currently.

Logic App Standard

Azure Blob Connector

Yes

Blob

Cross

Logic App Standard

Any

No

Blob

Same/different

    • Should not have any problem if there is no Firewall.

 

 

 

 

 

 

Logic App Consumption

Any

No

Blob

Same/different

    • Should not have any problem if there is no Firewall.

Logic App Consumption

Azure Blob Connector

Yes

Blob

cross

 

Logic App Consumption

Azure Blob Connector

Yes

Blob

same

      • Possible with managed Identity.

 

Logic App Consumption

Http Connector

Yes

Blob

cross

      • Can be accessed through Managed Identity with "Blob Contributor rights". If not with Managed Identity it can also be accessed by whitelisting the Runtime IPs of  Logic Apps.

 

Logic App Consumption

Http Connector

Yes

Blob

same

      • Only through Managed Identity with "Blob Contributor rights" for Particular Logic App

You can find more information on Accessing Azure blob using Managed Identity. Refer : Link2

 
Disclaimer : This article holds valid at the time of writing.
2 Comments
Co-Authors
Version history
Last update:
‎Mar 03 2022 07:50 AM
Updated by: