Azure global application setting for web apps and function apps

Question

I would like to have something like a global application setting, which all my web apps and function apps can read. The reason I want this is that in case of a storage account failure (where I have 2 storage accounts), I can just change this one application setting, and all code in my Azure functions that restores/creates snapshots can point to a new storage account, while my web apps can correctly write new data to the new storage account as well.

If such a thing isn't possible, is it possible for a web app to access a function app's app settings, or vice versa?

Answer 1

Another pattern to consider is to use a token that provides clients with restricted direct access to a specific resource, in order to offload data transfer from the application. This is particularly useful in applications that use cloud-hosted storage systems or queues, and can minimize cost and maximize scalability and performance.

This way you don't have to give your application full control of the storage account with the key, you can restrict it only to the data/level it needs.

An Azure Function can serve as a broker to create SAS tokens. An Example can be found here.

Answer 2

One of the things you can try using is Key Vault (https://azure.microsoft.com/en-us/services/key-vault/) as it allows you to have a single point of retrieving access keys (which in your case is a connection string to storage account). And also take a look at the pattern described here https://learn.microsoft.com/en-us/azure/architecture/patterns/external-configuration-store