Reputation: 123
Azure function can not access key vault within VNET- Public network access is disabled
I have a function app that is integrated with a Vnet (with a single subnet). I also have two service endpoints in the same subnet for a storage account and key vault.
The storage account is accessed with a key and works on the vnet without issue.
The key vault has an access policy specified to give the function app managed identity access to list and get secrets. When I fetch a secret from the vault, I get the following message:
"Public network access is disabled and request is not from a trusted service nor via an approved private link."
Function app -> Vnet -> service endpoints (Storage / Vault)
|-> Uses Storage Key - OK
|-> Uses Vault and managed identity -> "Public network access is disabled ..."
Function app is in the Vnet. Do I need additional routing?
Please advice as I am stumped. Thanks
Upvotes: 0
Views: 1692
Answers (1)
Reputation: 123
I recreated the vault with the exact same settings and it worked as expected. Very weird. Something must have broken in the Vault configuration with regards to the Firewall routing.
Upvotes: 0
Related Questions
- Key Vault Reference in Azure Function not resolved
- Function app can't read key vault secrets - bad request
- Cannot access Azure Key Vault from on-premises private IP network via VPN. IP private address range is forbidden
- How to use Azure Key Vault from Azure Functions (v2)
- Access Denied when accessing Azure Key vault from Azure Functions
- Access KeyVault from Azure Container Instance deployed in VNET
- Azure DevOps Build Pipeline can't get secrets from Key Vault when secured with vnet and firewall
- Access Azure Key Vault secret in Azure Function
- Unable to Access Azure Key Vault from Function - Returns Forbidden
- Unable to access Key-Vault using Azure Portal