Is there any way that I can configure an azure Logic App to only allow Azure IP addresses? My Logic App is called by a few different services, Event Grid and Runbooks.
Asked
Active
Viewed 806 times
1 Answers
3
There are various ways to secure a Logic App.
Secure access to your logic apps
There are many tools available to help you secure your logic app.
- Securing access to trigger a logic app (HTTP Request Trigger)
- Securing access to manage, edit, or read a logic app
- Securing access to contents of inputs and outputs for a run
- Securing parameters or inputs within actions in a workflow
- Securing access to services that receive requests from a workflow
Specifically I think you want to look at Restrict incoming IP addresses.
In addition to the Shared Access Signature, you may wish to restrict calling a logic app only from specific clients. For example, if you manage your endpoint through Azure API Management, you can restrict the logic app to only accept the request when the request comes from the API Management instance IP address.
This setting can be configured within the logic app settings:
- In the Azure portal, open the logic app you want to add IP address restrictions
- Click the Access control configuration menu item under Settings
- Specify the list of IP address ranges to be accepted by the trigger
I suppose the difficulty you might have is knowing which IPs to restrict, but you might be able to achieve a similiar affect using a different mechanism.
James Wood
- 17,286
- 4
- 46
- 89