Reputation: 763
Using Event Hubs binding for Azure Functions with managed identities?
I'm trying to find information on how to set up the connection strings in a Function App binding so that the app uses managed identities to access Event Hubs and other resources. I'm able to use managed identities in other applications by getting an access token as described in the documentation.
How does this work in Function Apps that take a configuration variable name for connections settings on resource bindings?
Is this documented somewhere?
Upvotes: 3
Views: 4901
Answers (3)
Reputation: 11098
I tested it today to connect to Service Bus queue. The connection string is:
Endpoint=sb://<service-bus-resource>.servicebus.windows.net;Authentication=ManagedIdentity;
I found it on this blog:
https://blog.darkloop.com/post/using-service-app-managed-identity-with-azure-functions-service-bus-bindings. I didn't need to do anything special as my project is using Microsoft.Azure.ServiceBus 4.1.1.
But please look at comments in this blog post - some say it will not work with consumption plan. Another potential issue is mentioned here: https://feedback.azure.com/forums/355860-azure-functions/suggestions/37907848-support-for-azure-managed-service-identities-in-ev
Please note that the behavior captured in the post by Arturo was considered unintentional from the SDK team and removed in a later version update. We are working with them to make this formally supported, but right now the instructions in that post may no longer work.
So I'm not sure if one should use it or not.
Upvotes: 3
Reputation: 4020
full support for managed identities is now in beta https://devblogs.microsoft.com/azure-sdk/introducing-the-new-azure-function-extension-libraries-beta/ leveraging Azure.Identity library
Upvotes: 0
Reputation: 17800
The short answer should be we can't use Managed identities access token in Function bindings.
Connection requires the connection string to the event hub's namespace for event hub bindings, the token got using Managed identities is invalid. In Azure Function, we use the access token in same the way you have done in other applications, here's the tutorial.
Upvotes: 1
Related Questions
- Authorize Azure Function Event Grid Trigger through Azure AD B2C
- How to bind Event hub in Azure Functions using Key Vault secret for connection string?
- Azure Function Trigger from Event Hub in another account
- Event Hub Pointer w/ Azure Functions
- Azure Function with Event Hub out binding does not work
- Azure Function EventHubTrigger Attribute not finding event hub name
- Azure Function EventHubTriggerAttribute not using event hub name from local.settings.json
- Azure Functions Event Hub trigger bindings
- Events dropped when integrating Azure Functions with Azure Event Hubs
- Integrate Azure Functions with Event Hub