How can we improve Azure Container Instances?

← Azure Container Instances

Add ACI containers to the list of allowed trusted Microsoft service.

When certain resources are deployed (Azure key Vault as an example), we often select the option to allow connections from private Endpoints or selected networks only. Along with the option to allow "Allow trusted Microsoft services to bypass this firewall?".

However, these trusted services do not include our deployed ACI containers.

Instead, we have to identify the IP address for the container and add it as an exception, this complicates deployment. A feature to be able to add our ACI containers to connect as an allowed resource would simplify deployment.

One other option for us could be to deploy ACI containers into our vNET. However, we use Managed Service Identities, which are not suported for ACI containers deployed into vNETs.

Allowing MSI for ACI in vNET would also be welcome.

4 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    We are using an ACI based sFTP service. This service uses File Shares from a Storage Account. If ACI was a Trusted Service (via an MSI) then the Storage Account could be restricted to Selected Networks thereby implementing whitelisting.

Azure Container Instances

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice