You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/api-management/integrate-vnet-outbound.md
+15-3Lines changed: 15 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: dlepow
5
5
ms.author: danlep
6
6
ms.service: api-management
7
7
ms.topic: how-to
8
-
ms.date: 09/20/2023
8
+
ms.date: 11/20/2023
9
9
---
10
10
11
11
# Integrate an Azure API Management instance with a private VNet for outbound connections (preview)
@@ -25,14 +25,26 @@ When an API Management instance is integrated with a virtual network for outboun
25
25
- The network must be deployed in the same region and subscription as your API Management instance
26
26
- (Optional) For testing, a sample backend API hosted within a different subnet in the virtual network. For example, see [Tutorial: Establish Azure Functions private site access](../azure-functions/functions-create-private-site-access.md).
27
27
28
+
### Permissions
29
+
30
+
You must have at least the following role-based access control permissions on the subnet or at a higher level to configure virtual network integration:
31
+
32
+
| Action | Description |
33
+
|-|-|
34
+
| Microsoft.Network/virtualNetworks/read | Read the virtual network definition |
35
+
| Microsoft.Network/virtualNetworks/subnets/read | Read a virtual network subnet definition |
36
+
| Microsoft.Network/virtualNetworks/subnets/join/action | Joins a virtual network |
37
+
38
+
### Register Microsoft.Web resource provider
39
+
40
+
Ensure that the subscription with the virtual network is registered for the `Microsoft.Web` resource provider. You can explicitly register the provider [by following this documentation](../azure-resource-manager/management/resource-providers-and-types.md#register-resource-provider).
41
+
28
42
## Delegate the subnet
29
43
30
44
The subnet used for integration must be delegated to the **Microsoft.Web/serverFarms** service. In the subnet settings, in **Delegate subnet to a service**, select **Microsoft.Web/serverFarms**.
31
45
32
46
:::image type="content" source="media/integrate-vnet-outbound/delegate-subnet.png" alt-text="Screenshot of delegating the subnet to a service in the portal.":::
33
47
34
-
For details, see [Add or remove a subnet delegation](../virtual-network/manage-subnet-delegation.md).
35
-
36
48
## Enable VNet integration
37
49
38
50
This section will guide you through the process of enabling VNet integration for your Azure API Management instance.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments