You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-functions/functions-infrastructure-as-code.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1670,7 +1670,7 @@ You can create your function app in a deployment where one or more of the resour
1670
1670
When creating a deployment that uses a secured storage account, you must both explicitly set the `WEBSITE_CONTENTSHARE` setting and create the file share resource named in this setting. Make sure you create a `Microsoft.Storage/storageAccounts/fileServices/shares` resource using the value of `WEBSITE_CONTENTSHARE`, as shown in this example ([ARM template](https://github.com/Azure-Samples/function-app-arm-templates/blob/main/function-app-private-endpoints-storage-private-endpoints/azuredeploy.json#L467)|[Bicep file](https://github.com/Azure-Samples/function-app-arm-templates/blob/main/function-app-private-endpoints-storage-private-endpoints/main.bicep#L351)). You'll also need to set the site property `vnetContentShareEnabled` to true.
1671
1671
1672
1672
> [!NOTE]
1673
-
> The absence of the above settings will cause the PreFlight validation to throw an error with the message, "Could not access storage account using provided connection string".
1673
+
> The absence of these settings now cause an error during deployment validation with the message: "Could not access storage account using provided connection string".
1674
1674
1675
1675
These projects provide both Bicep and ARM template examples of how to deploy your function apps in a virtual network, including with network access restrictions:
Copy file name to clipboardExpand all lines: articles/azure-functions/storage-considerations.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,17 +34,19 @@ You must strongly consider the following facts regarding the storage accounts us
34
34
35
35
## Storage account requirements
36
36
37
-
Storage accounts created as part of the function app create flow in the Azure portal are guaranteed to work with the new function app. If you choose an existing one, portal will filter out certain unsupported storage accounts. The following restrictions apply to storage accounts used by your function app, so you must make sure an existing storage account meets these requirements:
37
+
Storage accounts created as part of the function app create flow in the Azure portal are guaranteed to work with the new function app. When you choose to use an existing storage account, the list provided doesn't include certain unsupported storage accounts. The following restrictions apply to storage accounts used by your function app, so you must make sure an existing storage account meets these requirements:
38
38
39
39
+ The account type must support Blob, Queue, and Table storage. Some storage accounts don't support queues and tables. These accounts include blob-only storage accounts and Azure Premium Storage. To learn more about storage account types, see [Storage account overview](../storage/common/storage-account-overview.md).
40
40
41
-
+ Storage accounts already secured by using firewalls or virtual private networks can't be used in the portal creation flow. Currently, Portal does not filter out these accounts. If you'd like to use a secured storage account, you'll find guidance in [How to use a secured storage account with Azure Functions](configure-networking-how-to.md).
41
+
+ You can't use a storage account already secured by using a firewall or a virtual private network when you create your function app in the Azure portal. However, the portal doesn't currently filter out these secured storage accounts. To learn how to use a secured storage account with your function app, see [How to use a secured storage account with Azure Functions](configure-networking-how-to.md).
42
+
43
+
+ You can't use secured storage accounts with function apps hosted in the [Consumption plan](consumption-plan.md).
42
44
43
45
+ When creating your function app in the portal, you're only allowed to choose an existing storage account in the same region as the function app you're creating. This is a performance optimization and not a strict limitation. To learn more, see [Storage account location](#storage-account-location).
44
46
45
47
+ When creating your function app on a plan with [availability zone support](../reliability/reliability-functions.md#availability-zone-support) enabled, only [zone-redundant storage accounts](../storage/common/storage-redundancy.md#zone-redundant-storage) are supported.
46
48
47
-
Although ARM deployments support the use of secured storage accounts in non-Consumption plans, certain networking configurations must be set. These are detailed in [Secured deployments](functions-infrastructure-as-code.md#secured-deployments). Forgetting to do so will result in the PreFlight validation failing.
49
+
You can create function apps in an Elastic Premium or Dedicated (App Service) plan using deployment automation. However, you must include specific networking configurations in your ARM template or Bicep file. When you don't include these settings and resources, your automated deployment fails in validation. For more information, see [Secured deployments](functions-infrastructure-as-code.md#secured-deployments).
0 commit comments