One of our secure setups is running Azure resources in a private network, and we have a site-to-site VPN between on-premises and the Azure private cloud network. We are planning to run CloudQuery on one of the systems from the on-premises network to discover all the Azure devices on this private network. However, we have to use the API interface of the Azure management.azure.com portal, which goes over a public network.
Is there any way to discover these Azure resources securely via the site-to-site VPN itself, instead of using the public management API?
Hi! I’m not sure I understood the full scenario, but let’s say you run the Azure CLI and you want to perform actions on the private cloud from the on-premises - how do you do that today? CloudQuery plugin uses the official Azure SDK, so everything that should be possible with Azure CLI should be possible with the CloudQuery Azure Plugin.
Thanks for the response. The scenario is if I am having a system on my on-premise network with CloudQuery source/plugin installed. I want my Azure resources (VMs, etc.) which are installed on Azure private network and discovery to be made remotely. Currently, CloudQuery uses the management.azure.com API interface, but this is via a public API instance. Can I access this more securely?
Not a full-blown solution, but we support proxy configuration, so you can put CloudQuery behind a proxy. You can find more information in the documentation: Proxy Configuration.