Share via

How to add the app settings WEBSITE_CONTENTAZUREFILECONNECTIONSTRING in Azure function app

Rajoli Hari Krishna 516 Reputation points
2024-07-17T09:15:39.86+00:00

Both the Azure Function App and Storage account are in the Virtual Network.

For adding this app setting WEBSITE_CONTENTAZUREFILECONNECTIONSTRING to the Function App, I given the "Storage File Data SMB Share Contributor" to the Function App's System Assigned Managed Identity in the storage account level.

Still, it is showing the below error when I add the above setting in Azure Function App:

Error:

Failed to update app settings: 
Required parameter WEBSITE_CONTENTAZUREFILECONNECTIONSTRING is missing.: 
Creation of storage file share failed with: 
'The remote server returned an error: (403) Forbidden.'. Please check if the storage account is accessible.
Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,029 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,184 questions
0 comments
Accepted answer
  1. Deepanshukatara-6769 9,660 Reputation points
    2024-07-17T10:01:22.7266667+00:00

    Hi Rajoli ,

    Thanks for posting your question in Microsoft Q&A. If you disable public access in the storage account, only selected IP ranges based on firewall rules or private endpoints configured can access the storage account. This is why the deployment of Azure Function also failed with 403 error since it was not authorized to access the storage account

    When you create a new function app, you can secure a new storage account via private endpoint as described in doc: Restrict your storage account to a virtual network and Secure storage account linked to Function App with private endpoint (this feature is not supported in Consumption plans). However, if you want to link existing storage account, then this cannot be done via azure portal. Instead, you need to modify ARM template for just creating a new file share in the storage account (new file share creation still needed), do VNET integration, configure WEBSITE_CONTENTSHARE, WEBSITE_CONTENTOVERVNET etc. to point to the file share.

    Unfortunately, this is a current limitation . Check out similar discussion related to this issue and sharing it for reference.

    I hope this helps and let me know if you have any questions.

    If you found the answer to your question helpful, please take a moment to mark it as Yes for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.