This repo shows how to set up a private endpoint for Azure Storage and check it using Azure Bastion.
Azure Bastion is useful in PCI-DSS scenarios when you do not want your developer's machines to become a 'connected system.'
- Clone/Fork this repo
- Create an RG in Azure and note down the name
- Create a GitHub secret holding an Azure Service Principal following this guide: https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md giving it access to the RG in step 2. Give it the name AZURE_CREDENTIALS.
- Create a GitHub secret called PASSWORD with your password to connect to the VM. The username is us_a_22.
- Once the GitHub Action is done, then locate the 'bastianVm' and connect to it using the bastian:
- If you then open Powershell and type
> nslookup {storage}.blob.core.windows.net
Then you should see an IP address in the subnet range.