azurefunctionazure-storageprivate

Is there a way to deploy a azure function directly to a storage account with private endpoint


I am relatively new to the Azure world, but have been ask investigate a way to create/deploy azure functions to private storage account which is not publicly accessible. Reason being that my company has a policy against the creation of public storage accounts.

So we using VS Code, I tried using vs code to connect to azure and create the function but the deployment failed to the above restriction. Same trying to use Azure portal to create a function.

I create a private storage account, but have not been able to find a way to use that storage account during the function creation process. Is there any way using either VS or azure portal?

I also looked into Terraform, but it seems terraform wants storage account for state, which also seem to be public. Anyone used terraform to achieve the above?

Thanks for any help.


Solution

  • If you use private storage account which is not publicly accessible you can not push files there. In this case, you need a build agent: Secure storage account linked to Function App with private endpoint, or try to add your IP to white-list. To create your infra, you may use these examples:

    1. Bicep: Create Function App and private endpoint-secured Storage
    2. Terraform: Function App with Private HTTP Endpoint