I am relatively new to the Azure world, but have been ask investigate a way to create/deploy azure functions to private storage account which is not publicly accessible. Reason being that my company has a policy against the creation of public storage accounts.
So we using VS Code, I tried using vs code to connect to azure and create the function but the deployment failed to the above restriction. Same trying to use Azure portal to create a function.
I create a private storage account, but have not been able to find a way to use that storage account during the function creation process. Is there any way using either VS or azure portal?
I also looked into Terraform, but it seems terraform wants storage account for state, which also seem to be public.
Anyone used terraform to achieve the above?
Thanks for any help.
2
Answers
teps to Deploy Azure Function with a Private Endpoint for Storage Account
Create a Storage Account with Private Endpoint:
In the Azure portal, create a new storage account.
Under the "Networking" section, set the networking option to "Private endpoint."
Create a private endpoint for the storage account, which will provide a private IP address for accessing the storage account from within your virtual network.
If you use
private storage account which is not publicly accessible
you can not push files there. In this case, you need a build agent: Secure storage account linked to Function App with private endpoint, or try to add your IP to white-list. To create your infra, you may use these examples: