I believe i'm trying to do simple pretty basic with Azure, yet so far I didn't found anything "safe".
Basically, I just want to have a Azure WebApp and a Azure SQL Server (no VMs) communicating to each other, the WebApp been public on internet, and the SQL Server been accessible ONLY by THAT specific webapp.
I found 3 ways to "secure" the communication to an Azure SQL Server:
- Allow Azure Services
- Whitelisting IP Addresses
- Accepting VNet connections
The issues i have with 1, is that anyone that have a azure subscription can reach my DB via multiple components...
With 2, is that the "most secure" is allowing the outbound IPs for the WebApp in the Datacenter, as far as i understand it, anyone could create a WebApp in the same datacenter I choose for my webapp and they will have a chance to be in the same "IP Groups", which means they could reach my DB...
And with 3, maybe it's just me, but went i did that, I could managed to found a way to communicate to my WebApp from Internet...
I believe it's a pretty basic requirement I have...
How do I do it?
Thanks in advances!