question

YangChowmun-0538 avatar image
0 Votes"
YangChowmun-0538 asked MayankBargali-MSFT commented

azure function to be triggered by service bus which has a vnet configuration

Originally, I have a function app running on consumption plan which are trigger by service bus with standard plan and it is running fine.

Due to security reason, I have upgraded the service bus with premium plan and vnet integration. In the vnet part, I have enable this option 'Allow trusted Microsoft services to bypass this firewall?'. But my function was not able to trigger by this new service bus and I am getting this error like this

2021-08-02T03:42:12Z [Error] Message processing error (Action=Receive, ClientId=MessageReceiver1 XXXXXXX , EntityPath=XXXXXXXX, Endpoint=XXXXXXXX)

I have tried to create a premium service bus without vnet and the function can be triggered by this service bus.

Is there any setting is required for the consumption plan function app to be triggered by service bus with vnet intergration?

azure-functionsazure-service-bus
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered MayankBargali-MSFT commented

@YangChowmun-0538 Unfortunately, Azure Event Grid and APIM are the only Trusted Microsoft Service when you enable the "Allow trusted Microsoft services to bypass this firewall" at the premium service bus end. For other services you need to whitelist the IP or CIDR at service bus end.

You can find the function IP under the Properties of your function app. But as the IP can be changed the suggestion would be review the Azure IP ranges and service tag and update them as per your need.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MayankBargali-MSFT Thanks for your reply! Will have a look on your suggestion.

If I am going to use premium function app with vnet integration features, can I assume that the function app should be able to trigger by the vnet integrated service bus?

0 Votes 0 ·

@YangChowmun-0538 If you are using premium function app then you don't have to whitelist the IP address. Your function app and service bus resource should be on the same vnet. At the service bus (add existing/create new virtual network) end and function app (outbound traffic VNET Integration ON) end you need to you need to add them in the same virtual network. I have tested this and it works fine. For you reference adding the screenshoot.

Service Bus VNET Configuration:

119687-image.png


Function VNET Configuration:

!119648-image.png

119688-image.png

0 Votes 0 ·
image.png (32.0 KiB)
image.png (52.9 KiB)
image.png (24.7 KiB)