Your on-premises network contains an e-commerce web app that was developed in Angular and Node.js, utilizing a MongoDB database. You plan to migrate this web app to Azure. The solution architecture team has proposed architecture for an Azure landing zone. You need to provide recommendations to secure the connection between the web app and the database while adhering to the Zero Trust model. The proposed solution suggests implementing Azure Front Door with Azure Web Application Firewall (WAF). Does this meet the goal?

Note: When considering how to safely deploy internal business applications to Azure App Services, it is essential to limit public internet access while ensuring accessibility from within the on-premises corporate network and authorized VPN clients from outside the network. For these scenarios, Azure Private Links can be utilized, facilitating private and secure access to Azure PaaS services through Azure Private Endpoints. This setup can work in conjunction with Site-to-Site VPN, Point-to-Site VPN, or Express Route.

Azure Private Endpoint is a read-only network interface service linked with Azure PaaS Services. It facilitates the integration of deployed sites into your virtual network, restricting access at the network level by using one of the private IP addresses from your Azure VNet and associating it with the Azure App Services. These services include Azure Storage, Azure Cosmos DB, SQL, App Services Web App, custom/partner-owned services, Azure Backups, Event Grids, Azure Service Bus, or Azure Automations.