Azure Functions access to Azure Storage Account Fi

2020-04-14 08:42发布

问题:

What am I trying to achieve

Connect to an Azure BLOB storage account that sits behind a firewall through an Azure Function.

Steps Taken so Far

  1. Azure Function developed and tested against public storage account which works as expected.
  2. Following Azure Resource Explorer for my Azure Function I find out the outbound addresses("outboundIpAddresses" entry) and I add them in the firewall of the storage Account.

Issue

While trying to run the Azure Function against the storage account with the firewall I am getting a Status: 500 Internal Server Error - This request is not authorized to perform this operation.

What am I missing here?

回答1:

You won't be able to achieve what you want here currently. When you hit the storage account from your funciton, because they are in the same region as each other, all the traffic goes over the internal Azure network on internal IP's, not the public IPs listed in the web app, and so is not allowed over the firewall (I have had this confirmed by Azure support). Because you don't have access to the internal IPs of the function, and even if you did they can change, you can't whitelist them.

If your resources were in different regions, traffic would go over the external IPs and you would have more success.