I have been using Azure iot-hub to receive data from a number of IoT devices, and have been successful using the default/built-in endpoint to read the data/do work on it. I recently wanted to start saving the data for possible analytics in the future so I created an azure storage account within the same resource group. I have gone through all the walkthroughs on how to set up the routes and have one functioning properly to send the data to the messages/events built-in endpoint (since it is disabled as the default when other routes are created). However, after I have created the route to my storage account, it doesn't send data to storage unless I switch the storage account to be open to all public networks.
When creating the storage account, there are 3 Networking options- "Public, all networks", "Public, selected networks", and "Private". The Public, all networks option isn't acceptable since I need the data to be private. The Private option isn't really ideal since none of the other azure resources I've created are currently using a virtual network, and it appears a vnet is required for use with the private option. So, I selected the "Public, selected networks" option. Currently, I don't have any outside IPs that I need to give access, but I just need iothub to be able to send data. There is an option to "Allow trusted Microsoft services access to this storage account" which I have had selected from the beginning. In my storage firewall/virtual network settings, when I switch my storage account to open to all networks it works fine, but when I have it set on selected networks with the trusted microsoft services option selected it doesn't work.
I guess my questions are: 1. Why doesn't azure consider my iothub a trusted service if it is within the same resource group? 2. Is there some way I could make my iothub a trusted service? 3. Is there something else I'm missing?
Any thoughts or advice are appreciated.
