The previous post described how to deploy to an Azure Function if access is protected by an Application Gateway. Access to the function and to the management endpoint as well were protected. The Function was protected by the Function App firewall and only allowed data from the Application Gateway.
Now we want to use private endpoints only to access both function endpoints. We can not use the consumption plan like in the previous post, we need an app service plan, that supports private endpoints. Unfortunately, the feature overview in the portal only shows the vNet integration, but not the usability of private endpoints. The vNet integration affects outgoing traffic, but not reachability.
But the documentation lists the possible app service plans:
The private endpoint configuration can then be made in the network settings. The vNet integration remains disabled as it is not relevant for the private endpoint configuration.
The deployment then runs as described in the previous post and the Application Gateway configuration is the same. This means that the same options from the previous post are available:
- ❌ Deployment via Visual Studio
- ✅ Deployment via FTP
- ✅ Deployment via REST
- ✅ Access of SCM Portal/Kudu Portal
By using a better App Service Plan, the Kudu Portal has some more options (e.g. SSH):
Most functions work correctly with the described configuration behind the Application Gateway (e.g. SSH), but others do not work (e.g. Bash).
Schreibe einen Kommentar