是否可以将 AZURE 应用服务定义为 VNET 的一部分?
Can an AZURE App Service be defined as part of a VNET?
在 AWS 中,我们可以在 VPC 中定义无服务器应用程序。不一定是这种情况,但显然被认为是一种很好的做法。
是否可以对 AZURE 应用服务执行相同的操作? IE。可以将 AZURE 应用服务定义为 VNET 的一部分吗?
有几个部分可以回答您的问题。开始了...
VNet 集成
是的,你可以Integrate your app with an Azure virtual network。
With Azure Virtual Network (VNets), you can place many of your Azure resources in a non-internet-routable network. The VNet Integration feature enables your apps to access resources in or through a VNet. VNet Integration doesn't enable your apps to be accessed privately.
Azure App Service has two variations:
- The multitenant systems that support the full range of pricing plans except Isolated.
- The App Service Environment, which deploys into your VNet and supports Isolated pricing plan apps.
如果您要限制对应用服务的访问,请参阅 is a good read. Especially the Access restrictions 章中链接的文章。
Access restrictions let you filter inbound requests. The filtering action takes place on the front-end roles that are upstream from the worker roles where your apps are running. Because the front-end roles are upstream from the workers, you can think of access restrictions as network-level protection for your apps.
基础架构即代码
您在评论中谈论的蓝图(或 'cloud template')感觉您需要基础架构即代码来为具有相同结构的客户提供 build/maintain 资源。虽然 Azure 有一项名为 Azure Blueprints 的服务,但我认为这对于您提供的要求来说太过分了。
Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they're building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery.
我认为您可以通过创建(可参数化的)Bicep 文件来实现您正在寻找的内容,使您能够根据需要以可重复的方式create/update 资源。
Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. We believe Bicep offers the best authoring experience for your infrastructure-as-code solutions in Azure.
在 AWS 中,我们可以在 VPC 中定义无服务器应用程序。不一定是这种情况,但显然被认为是一种很好的做法。
是否可以对 AZURE 应用服务执行相同的操作? IE。可以将 AZURE 应用服务定义为 VNET 的一部分吗?
有几个部分可以回答您的问题。开始了...
VNet 集成
是的,你可以Integrate your app with an Azure virtual network。
With Azure Virtual Network (VNets), you can place many of your Azure resources in a non-internet-routable network. The VNet Integration feature enables your apps to access resources in or through a VNet. VNet Integration doesn't enable your apps to be accessed privately.
Azure App Service has two variations:
- The multitenant systems that support the full range of pricing plans except Isolated.
- The App Service Environment, which deploys into your VNet and supports Isolated pricing plan apps.
如果您要限制对应用服务的访问,请参阅
Access restrictions let you filter inbound requests. The filtering action takes place on the front-end roles that are upstream from the worker roles where your apps are running. Because the front-end roles are upstream from the workers, you can think of access restrictions as network-level protection for your apps.
基础架构即代码
您在评论中谈论的蓝图(或 'cloud template')感觉您需要基础架构即代码来为具有相同结构的客户提供 build/maintain 资源。虽然 Azure 有一项名为 Azure Blueprints 的服务,但我认为这对于您提供的要求来说太过分了。
Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new environments with trust they're building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery.
我认为您可以通过创建(可参数化的)Bicep 文件来实现您正在寻找的内容,使您能够根据需要以可重复的方式create/update 资源。
Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. We believe Bicep offers the best authoring experience for your infrastructure-as-code solutions in Azure.