Is there anyway where we can skip adding the outbound IPs of consumption logic apps to keyvault firewall to get secret from keyvault?
For the logic apps to get a secret from keyvault, we need to whitelist logic apps outbound IPs in keyvault firewall, and apparently they are not static, and there will be updates to the IPs which needs to be tracked and updated manually, which might be an issue if the update is not noticed which causes the logic apps to fail. So tried to go with the approach of service tag, apparently we can only add an IP address in the exceptions and not a service tag. Is there any way we can overcome this issue?
Note: Issue is with consumption logic apps, already tried creating an inbound rule in NSG with service tag LogicApps as source and destination as AzureKeyVault Service tag.
Tried with connectors got an issue
Is there anyway where we can skip adding the outbound IPs of consumption logic apps to keyvault firewall to get secret from keyvault?
For the logic apps to get a secret from keyvault, we need to whitelist logic apps outbound IPs in keyvault firewall, and apparently they are not static, and there will be updates to the IPs which needs to be tracked and updated manually, which might be an issue if the update is not noticed which causes the logic apps to fail. So tried to go with the approach of service tag, apparently we can only add an IP address in the exceptions and not a service tag. Is there any way we can overcome this issue?
Note: Issue is with consumption logic apps, already tried creating an inbound rule in NSG with service tag LogicApps as source and destination as AzureKeyVault Service tag.
Tried with connectors got an issue
Can we add Service Tags to Keyvault firewall?
For the logic apps to get a secret from keyvault, we need to whitelist logic apps outbound IPs in keyvault firewall, and apparently they are not static, and there will be updates to the IPs which needs to be tracked and updated manually, which might be an issue if the update is not noticed which causes the logic apps to fail. So tried to go with the approach of service tag, apparently we can only add an IP address in the exceptions and not a service tag. Is there any way we can overcome this issue?
Note: Issue is with consumption logic apps, already tried creating an inbound rule in NSG with service tag LogicApps as source and destination as AzureKeyVault Service tag.