You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These 3 files are updated to reflect the Networking option in portal during function app creation that went live a few months ago, along with cross referencing of the articles for better discoverability.
Co-Authored-By: cachai <[email protected]>
Co-Authored-By: Gayathri Sridharan <[email protected]>
Copy file name to clipboardExpand all lines: articles/azure-functions/configure-networking-how-to.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
title: How to configure Azure Functions with a virtual network
3
3
description: Article that shows you how to perform certain virtual networking tasks for Azure Functions.
4
4
ms.topic: conceptual
5
-
ms.date: 03/04/2022
5
+
ms.date: 03/24/2023
6
6
ms.custom: template-how-to
7
7
---
8
8
@@ -12,26 +12,28 @@ This article shows you how to perform tasks related to configuring your function
12
12
13
13
## Restrict your storage account to a virtual network
14
14
15
-
When you create a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. You can replace this storage account with one that is secured with service endpoints or private endpoints. When configuring your storage account with private endpoints, public access to your storage account is not automatically disabled. In order to disable public access to your storage account, configure your storage firewall to allow access from only selected networks.
15
+
When you create a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. During creation, you can secure the storage account using the Azure Portal (refer Option 1 below) or ARM template (refer Option 2 below). If the storage account was not secured during creation, you can also replace this storage account with one that is secured with service endpoints or private endpoints by updating the settings manually (refer Option 3 below). Due to current design, its not possible to directly secure the same storage account thats used by an already created function app.
16
16
17
+
-**Option 1:** To create a new function app using a new storage account that's locked behind a virtual network, via the Azure portal, you can follow the tutorial [Use private endpoints to integrate Azure Functions with a virtual network](https://learn.microsoft.com/azure/azure-functions/functions-create-vnet)
17
18
19
+
-**Option 2:**To create a new function app using a new storage account that's locked behind a virtual network, via an ARM template, you can use this [Quickstart template](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/function-app-storage-private-endpoints)
20
+
21
+
-**Option 3:**To secure an already existing function app to a secure storage account that's locked behind a virtual network, follow the instructions below.
18
22
19
23
> [!NOTE]
20
24
> This feature currently works for all Windows and Linux virtual network-supported SKUs in the Dedicated (App Service) plan and for Windows Elastic Premium plans. Consumption tier isn't supported.
21
25
22
-
To set up a function with a storage account restricted to a private network:
23
-
24
-
1. Create a function with a storage account that does not have service endpoints enabled.
26
+
1. Create or Use a function app with a storage account that does not have service endpoints or private endpoints enabled.
25
27
26
28
1. Configure the function to connect to your virtual network.
27
29
28
-
1. Create or configure a different storage account. This will be the storage account we secure with service endpoints and connect our function.
30
+
1. Create or configure a different storage account. This will be the storage account we secure with private endpoints or service endpoints and connect our function.
29
31
30
32
1.[Create a file share](../storage/files/storage-how-to-create-file-share.md#create-a-file-share) in the secured storage account.
31
33
32
34
1. Enable service endpoints or private endpoint for the storage account.
33
35
* If using private endpoint connections, the storage account will need a private endpoint for the `file` and `blob` sub-resources. If using certain capabilities like Durable Functions, you will also need `queue` and `table` accessible through a private endpoint connection.
34
-
* If using service endpoints, enable the subnet dedicated to your function apps for storage accounts.
36
+
* If using service endpoints, enable the subnet dedicated to your function apps for storage accounts on the firewall.
35
37
36
38
1. Copy the file and blob content from the function app storage account to the secured storage account and file share.
0 commit comments