I want to consume cosmos db over private link from my web app. I'm able to make this work with azure sql, cosmos however is a different story.
The two resources, app service and cosmos db, are in the same resource group in same azure region and they are connected to the same vnet.
I have created two sub nets in the vnet . The first is used by an app service hosting my web app. I have integrated the app service to the network through vnet-integration.
The second is used for a "private endpoint" for my "cosmos db" instance.
When connect with the help of the cosmos db client library for c # from the "app service" I get an error message saying that traffic from the internet is not allowed to this instance blocked.
When I run nslookup from the "kudo console" on the app service
<mycosmosdbinstance>.documents.azure.com
Resloves to a public ip, indicating that traffic is routed over the internet. I have followed the steps in this guide closely
https://erwinstaal.nl/posts/securing-your-azure-db-connection-using-azure-private-link/
Setting the application settings WEBSITE_VNET_ROUTE_ALL and WEBSITE_DNS_SERVER the route traffic over the vnet and resolve host names using azure dns. Has anyone been able to pull this off?
If traffic is still being routed over public internet it may be because
publicNetworkAccess
is not been set to disabled when you created the Cosmos account.I would follow along with the steps here below. These work when followed.
Configure Azure Private Link for an Azure Cosmos account