Reputation: 675
Unable to restrict calls to Azure function app
I have setup Azure function app behind APIM (internal Vnet). I want to setup this in such a way that only calls from APIM will be picked by Functionapp and nothing else.
For the Function app its under premium plan automatically generates public Url that could be called from internet. As per the MS documentation, when I integrate with VNet, inbound policies in NSG for that functionapp subnet dont apply. All it does, allow Functionapp to talk to resources inside VNet. So, the alternative is to use the IP whitelisting through which I could control who are allowed to call the Functionapp.
Problem is my APIM is internal, which means there is no Public IP assigned to it. So, in my scenario is there a way in which I could restrict incoming calls into Functionapp only from APIM (internal)?
Similar issue with Azure App services (Webapi or Webapp).
Upvotes: 0
Views: 547
Answers (1)
Reputation: 16108
You can use the Access Restriction feature (IP white listing) for this. Instead of putting in a fixed (public) IP range, you can also select "VNET". This enables you to select a certain VNET and subnet (using service endpoints) to restrict the traffic to come only from a certain VNET that you control.
Upvotes: 1
Related Questions
- Azure APIM Fails to Create API from Function App
- How to restrict access for publish Azure Functions to API Management?
- Cannot see Azure Function app in API Management service
- Azure API Management with Function App - not showing all functions
- MSI Authorization error when trying to send request via Azure Function
- Azure Functions, Deployment Slots and API Management: Function key issue
- Whitelist group for Azure Function Apps
- Some Azure Functions in a Function App do not running
- 403 Forbidden when hitting Azure API Management with Azure Function Backend
- Azure API Management with Function App