Vin
Reputation: 31
Azure function integrating with Private endpoint gives error
I am trying to deploy azure function app and integrate it with private endpoint using Bicep template. The deployment is successful, however the function app link gives the below error.
Your connection isn't private.
I have included the DNS profile. In Virtual network I have also added the service endpoint(storage account) and integrated with the function app subnet.
Kindly assist.
Thank you.
Upvotes: 0
Views: 955
Answers (1)
Tarun Krishna
Reputation: 392
I have deployed a function app with v-net integration using Bicep template by following below steps
Open Visual Studio Code and New Folder and create a file in that folder and use the below Bicep template and save the File
Thanks @mcollier for Bicep template
@description('Location for all resources except Application Insights.')
param location string = resourceGroup().location
@description('The language worker runtime to load in the function app.')
@allowed([
'node'
'dotnet'
'java'
])
param runtime string = 'node'
@description('Storage Account type')
@allowed([
'Standard_LRS'
'Standard_GRS'
'Standard_RAGRS'
])
param storageAccountType string = 'Standard_LRS'
var resourceBaseName = uniqueString(resourceGroup().id)
var vnetAddressPrefix = '10.0.0.0/16'
var subnetAddressPrefix = '10.0.0.0/24'
var subnetName = 'default'
var functionWorkerRuntime = runtime
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-05-01' = {
name: 'vnet-${resourceBaseName}'
location: location
properties: {
addressSpace: {
addressPrefixes: [
vnetAddressPrefix
]
}
subnets: [
{
name: subnetName
properties: {
addressPrefix: subnetAddressPrefix
delegations: [
{
name: 'delegation'
properties: {
serviceName: 'Microsoft.Web/serverFarms'
}
}
]
}
}
]
}
resource integrationSubnet 'subnets' existing = {
name: subnetName
}
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
name: 'st${resourceBaseName}'
location: location
sku: {
name: storageAccountType
}
kind: 'StorageV2'
properties: {
minimumTlsVersion: 'TLS1_2'
allowBlobPublicAccess: false
supportsHttpsTrafficOnly: true
}
}
resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = {
name: 'log-${resourceBaseName}'
location: location
properties: {
sku: {
name: 'PerGB2018'
}
}
}
resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
name: 'ai-${resourceBaseName}'
location: location
kind: 'web'
properties: {
Application_Type: 'web'
WorkspaceResourceId: logAnalyticsWorkspace.id
}
}
resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
name: 'asp-${resourceBaseName}'
location: location
sku: {
name: 'EP1'
tier: 'ElasticPremium'
}
kind: 'elastic'
properties: {
maximumElasticWorkerCount: 20
}
}
resource function 'Microsoft.Web/sites@2022-03-01' = {
name: 'func-${resourceBaseName}'
location: location
kind: 'functionapp'
properties: {
serverFarmId: serverFarm.id
httpsOnly: true
virtualNetworkSubnetId: virtualNetwork::integrationSubnet.id // Specify a virtual network subnet resource ID to enable regional virtual network integration.
siteConfig: {
appSettings: [
{
name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
value: appInsights.properties.InstrumentationKey
}
{
name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
value: 'InstrumentationKey=${appInsights.properties.InstrumentationKey}'
}
{
name: 'AzureWebJobsStorage'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix= ${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}'
}
{
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value};'
}
{
name: 'FUNCTIONS_EXTENSION_VERSION'
value: '~3'
}
{
name: 'FUNCTIONS_WORKER_RUNTIME'
value: functionWorkerRuntime
}
{
name: 'WEBSITE_NODE_DEFAULT_VERSION'
value: '~12'
}
]
}
}
resource config 'config' = {
name: 'web'
properties: {
ftpsState: 'Disabled'
minTlsVersion: '1.2'
}
}
}
- After Saving the file follow below steps to deploy Bicep file to azure port as below Right click on
main.bicepfile and click on deploy Bicep file as below
- Select the deployment name as below
- Select the Subscription ID to which you want to deploy as below
- Select the resource group as below
- Select Parameter File as None (Because the Bicep does not contains a parameter file) as below
- Select the parameter location same as resource Group location as below
- Select Runtime as Node as below
- Select storageAccountType to standard_LRS as below
- Select No After this steps Bicep template will be deployed to the azure portal
- After a successful deployment Goto azure portal and open the Resource Group you will find as below
- Open function app and Goto Networking we will see the v-net integration is enabled as below
- Then Goto overview in function app click on URL you will get as below
Upvotes: -1
Related Questions
- How to access Azure Function with private endpoint with Azure Data Factory?
- How to work around issue with Private endpoint on a subnet with a delegation?
- Azure function returns 404
- System.Private.Uri: Value cannot be null error with Azure Function
- Azure Function Unable to get Azure Function URL
- Calling private functions from public azure functions?
- Unable to connect Azure Function with Azure SQL using private endpoint
- Azure Functions without public endpoint
- Internal server Error when running Azure Function in the Portal
- Getting Internal server Error when i run my Azure Function in the Portal