How to connect Storage Account to Function App without enabling public access?

Aayush Suresh Jain 141 Reputation points
2022-05-24T10:27:31.763+00:00

I have an Azure Function which runs daily and stores data into the Azure Storage Account. Recently, I had to disable the public network access to the storage account and allow any selected virtual network and IP addresses. This caused the Function app not being able to run because it could not access the storage account. It works fine if I allow public access but when I restrict the access to only selected IP's, it stops working and I am unable to connect to the storage account. The error I am getting is This request is not authorized to perform this operation.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,306 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,719 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Luis Rodriguez 6,191 Reputation points Microsoft Employee
    2022-05-24T10:48:38.527+00:00

    Hello @Aayush Suresh Jain

    Welcome to Microsoft Q&A Platform,

    Have tried enabling private endpoint for the storage account?
    Please check the article below on how to do it, please pay special attention to the requirements:

    https://techcommunity.microsoft.com/t5/apps-on-azure-blog/secure-storage-account-linked-to-function-app-with-private/ba-p/2644772

    I hope this helps!

    ----------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments
  2. Cormac 11 Reputation points
    2022-05-24T10:56:25.26+00:00

    What plan is your function app?

    The premium plan and above will allow you integrate your Function App with a vnet, from there you can use a service or private endpoint to connect to your storage account with the firewall enabled.

    This should explain more: https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options?tabs=azure-cli

    1 person found this answer helpful.
    0 comments
  3. MughundhanRaveendran-MSFT 12,431 Reputation points
    2022-05-24T12:28:00.14+00:00

    Hi @Aayush Suresh Jain ,

    Similar issue was reported in the following discussion thread, it is for private link though. However, the concept of choosing the selected network in the storage account and integrating with Functions would be the same. The configuration of the function app is also mentioned. Please take a look and let me know the outcome.

    https://learn.microsoft.com/en-us/answers/questions/842550/function-app-to-write-data-to-storage-account-with.html?childToView=843339#answer-843339

    1 person found this answer helpful.
    0 comments
  4. Aayush Suresh Jain 141 Reputation points
    2022-05-24T15:26:43.547+00:00

    @Luis Rodriguez @Cormac @MughundhanRaveendran-MSFT Hello All, turns out I didn't enable the VNet Integration on My Function App in the networking tab. Turning that on worked for me. Thanks for your help , these articles were really helpful.

    1 person found this answer helpful.