Add ACI containers to the list of allowed trusted Microsoft service.
When certain resources are deployed (Azure key Vault as an example), we often select the option to allow connections from private Endpoints or selected networks only. Along with the option to allow "Allow trusted Microsoft services to bypass this firewall?".
However, these trusted services do not include our deployed ACI containers.
Instead, we have to identify the IP address for the container and add it as an exception, this complicates deployment. A feature to be able to add our ACI containers to connect as an allowed resource would simplify deployment.
One other option for us could be to deploy ACI containers into our vNET. However, we use Managed Service Identities, which are not suported for ACI containers deployed into vNETs.
Allowing MSI for ACI in vNET would also be welcome.

1 comment
-
Anonymous commented
We are using an ACI based sFTP service. This service uses File Shares from a Storage Account. If ACI was a Trusted Service (via an MSI) then the Storage Account could be restricted to Selected Networks thereby implementing whitelisting.