Azure WebApp to WebApp call - Can we make it private?

Question

We are deploying kind of micros services developed in .Net core and will be deployed in Azure WebApp

There will be numerous communications between these WebApps.

Now as WebApp is internet facing, all calls between them will go through internet which will have impact on performance.

Apart from ASE (App Service Enviornment), is there any way we can achieve this?

Answer 1

Yes you can do that with Access Restriction:

az webapp config access-restriction add --resource-group ResourceGroup --name AppName \
   --rule-name 'IP example rule' --action Allow --ip-address 122.133.144.0/24 --priority 100

https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing-access-restriction-rules-in-the-portal

ps. AKS would probably be a better option for microservices ;)

Answer 2

There are two ways to have communication over private IP between two web app.

1. Configure regional VNET integration on either or both web app.

2. Think of having Azure Application gateway before web app one and configure access restriction to allow access to only application gateway subnet. https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#set-a-service-endpoint-based-rule

Some other use cases

1. Use Service fabric if you don't want to expose web application to internet.
2. You can also think of putting both application as backend to API management. https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet?tabs=stv2#routing whenever you have application gateway enabled that time app gateway act as interceptor and forwards the traffic hence both of your web app can communicate over a private IP.