Azure webjob can't connect to Storage account

2
votes

In Azure I have a webjob running inside a webapp. In the same region and resource group I also have a storage account. Normally the webjob and the websites in the webapp can access the storage account.

For security reasons I tried enabling the firewall settings on the storage account so that only my azure resources can access the storage account. After doing so, the websites in the webapp can still access the storage account. The webjob however, fails to connect: Microsoft.WindowsAzure.Storage.StorageException: The remote server returned an error: (403) Forbidden.

Since the webjob is part of the Webapp I added the WebApp's outbound IP addresses to firewall exception list (There are 5 of them), but to no avail. Does a webjob have a different outbound IP address? Or am I forgetting something else here?

1
azureazure-storageazure-webjobs
Please start with this guidance to try to get a repro that doesn't involve WebJobs. To answer your question, Web Apps and WebJobs run from the same VMs, so there should be no difference in outgoing IPs.David Ebbo

1 Answers

0
votes

It does not work because the storage account and a webapp are hosted in the same region. See the docs:

IP network rules have no effect on requests originating from the same Azure region as the storage account. Use Virtual network rules to allow same-region requests.

Relevant SO posts: https://stackoverflow.com/a/59890919/1108916, https://stackoverflow.com/a/56084447/1108916