We contemplate a solution where we seek to read and write files from a file share in one azure subscription (owned by one company) using a logic app/function app that runs in another azure subscription, owned by another company. The current guidance on using logic app (using connectors) for connecting to file shares (https://docs.microsoft.com/en-us/connectors/azurefile/) mentions the use of storage account keys.
We seek answers to the following questions:
- Can a logic app running in a different azure subscription use the file share connector to connect to a file share in another subscription?
- If yes to 1 above, is using storage account keys (belonging to a storage account in another azure subscription), the only way for the logic app to authenticate to the file share or can a SAS token be used instead? We are wary of sharing storage account keys outside of our company (hosting the file share), though the other company running the logic app is our customer only.
- If SAS token can be used, either via a logic app connector or a function app or any other script/programmatic way (running in a different azure subscription) to connect to a file share (or even BLOB) in our azure subscription, can someone lead us to any available documentation/code snippets/guidance by some expert?
Any assistance via a quick response is highly appreciated.
