Function and private storage account networking
I have made my storage account private and only allow access from selected virtual networks or IP addresses.
Since then I cant run my function and it fails with the error 500 internal server error which is not very imformative. Tried to look into Diagnostic Console for more infromative error and I found this:
[Error] System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Not really helpfull.
Im sure its related to netowkring issue. So I would like to configure Vnet on my function app. Things I tried:
- I tried
Outbound traffic configuration
- Then I tried to choose the virtual network and subnebt where My Private Endpoints of Storage account reside but I have this issue.
- To fix the above issues I tried to make the delegation
But I get the error saying: Failed to save subnet ERROR: Delegations of subnet "mysubnet name" cannot be chnaged from [] to [Microsoft.Web/serverFarms] because it is being used by the resource pe-kv-nll-dev-we-01.nic.888888889-80c0.......
Then I also tried to add the service endpoint that you see above Microsfot.Web but did not work either.
Any ideas how can I do so? Im new to function apps, maybe I should add the IP address of Storage account to my function app under the Outbound addresses? if so how can I do so?
To resolve your networking issue in the Azure Function App, create the Virtual network with minimum two subnets where One is for inbound and the other is for outbound configuration:
Open your Storage Account > Networking >
- Select the Option
Enabled from selected virtual networks and IP addresseswithsubnet 1, add your device internet IP, function app inbound IP, checkmark the exceptions section.
- In the Function App, Select Networking > Select Outbound VNet Integration to Subnet2, Checkmark the
Outbound internet traffic,Content Storagefields in the configuration as shown in the above screenshot. - After you do, you’ll get the delegation registered in the subnet2 like below screenshot:
- In the Function App > Networking > Inbound traffic configuration > Configure the
Public Network Accessfield like below:
- Configure the Service Endpoints of Subnet1:
In Simple terms,
- Make the one subnet for outbound connectivity and another subnet for inbound traffic to function app, storage account, etc in the Virtual Network.
- Subnet1 should has the service endpoints whatever the services are using it and Subnet2 should act as a dedicated outbound to the server farms.
- Configure the
WEBSITE_VNET_ROUTE_ALLapp setting to1in the environment variables for the function app.
Result:
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs