I am using an Azure API management service to serve as a small API accessing a table storage in my storage account. I am using the table storage REST API (eg: https://docs.microsoft.com/en-us/rest/api/storageservices/query-entities)
I had no problems accessing the tablestorage using sharedkey-lite authorization, running a little script in policies, but due to business needs I needed to restrict access to the storage account.
Because of monetary considerations I cannot put the apim inside the vnet (nor external or internal) so I need to find another way to access the storage account.
I have tried adding the apim public ip to the firewall exceptions, but that still returned 403 forbidden.
I have added a managed identity allowing read access to the entire storage account and using the policy expression:
<authentication-managed-identity resource="https://storage.azure.com/"/>
But after digging more into the docs it seems that table storage is not supported by MSI only blob and queue (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/services-support-managed-identities#azure-storage-blobs-and-queues)
Does anyone has an idea how to access the table storage REST API? I cannot wrap my head around why IP whitelisting does not work.
