You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-functions/configure-networking-how-to.md
+17-6Lines changed: 17 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,15 +37,19 @@ Use Bicep or Azure Resource Manager (ARM) [quickstart templates](https://github.
37
37
38
38
When you have an existing function app, you can't directly secure the storage account currently being used by the app. You must instead swap-out the existing storage account for a new, secured storage account.
39
39
40
+
### 1. Enable virtual network integration
41
+
40
42
As a prerequisite, you need to enable virtual network integration for your function app.
41
43
42
44
1. Choose a function app with a storage account that doesn't have service endpoints or private endpoints enabled.
43
45
44
46
1.[Enable virtual network integration](./functions-networking-options.md#enable-virtual-network-integration) for your function app.
45
47
48
+
### 2. Create a secured storage account
49
+
46
50
Set up a secured storage account for your function app:
47
51
48
-
1. Create or configure a second storage account. This is going to be the secured storage account that your function app will use instead.
52
+
1.[Create a second storage account](../storage/common/storage-account-create.md). This is going to be the secured storage account that your function app will use instead. You can also use an existing storage account not already being used by Functions.
49
53
50
54
1.[Create a file share](../storage/files/storage-how-to-create-file-share.md#create-a-file-share) in the new storage account.
51
55
@@ -59,21 +63,28 @@ Set up a secured storage account for your function app:
59
63
60
64
1. Copy the connection string for this storage account. You need this string for later.
61
65
62
-
Now you're ready to configure your function app to communicate with your secured storage account:
66
+
Now you're ready to configure your function app to communicate with the newly secured storage account.
67
+
68
+
### 3. Enable content share routing
69
+
70
+
You should now restrict traffic to the file share used by Functions to use only the virtual network.
63
71
64
72
1.[Enable content share routing](../app-service/configure-vnet-integration-routing.md#content-share) to have your function app communicate with your storage account through its virtual network.
65
73
66
-
* Navigate to the **Networking** tab of your function app. Under **Outbound traffic configuration**, select the subnet associated with your virtual network integration.
74
+
1. Navigate to the **Networking** tab of your function app. Under **Outbound traffic configuration**, select the subnet associated with your virtual network integration.
67
75
68
76
* In the new page, check the box for **Content storage** under **Configuration routing**.
69
77
78
+
### 4. Update application settings
79
+
80
+
Finally, you need to update your application settings to point at the new secure storage account.
81
+
70
82
1. Update the **Application Settings** under the **Configuration** tab of your function app to the following:
71
83
72
84
| Setting name | Value | Comment |
73
85
|----|----|----|
74
-
|`AzureWebJobsStorage`| Storage connection string | This is the connection string for a secured storage account. |
75
-
|`WEBSITE_CONTENTAZUREFILECONNECTIONSTRING`| Storage connection string | This is the connection string for a secured storage account. This setting is required for Consumption and Premium plan apps on both Windows and Linux. It's not required for Dedicated plan apps, which aren't dynamically scaled by Functions. |
76
-
|`WEBSITE_CONTENTSHARE`| File share | The name of the file share created in the secured storage account where the project deployment files reside. This setting is required for Consumption and Premium plan apps on both Windows and Linux. It's not required for Dedicated plan apps, which aren't dynamically scaled by Functions. |
86
+
|`AzureWebJobsStorage`<br>`WEBSITE_CONTENTAZUREFILECONNECTIONSTRING`| Storage connection string | This is the connection string for the new secured storage account, which you saved earlier. |
87
+
|`WEBSITE_CONTENTSHARE`| File share | The name of the file share created in the secured storage account where the project deployment files reside. |
77
88
78
89
1. Select **Save** to save the application settings. Changing app settings causes the app to restart.
0 commit comments