Is security an issue when configuring & deploying an Azure Cosmos Change Feed Function App?

Siegfried Heintze 1,861 Reputation points
2023-03-17T19:10:07.49+00:00

When I am creating a Cosmos Change Feed Function do I care about

  1. Publicly visibility
  2. Authorization Level (Function, Anonymous, Admin)

Thanks

Siegfried

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,235 questions
Azure Cosmos DB
Azure Cosmos DB
An Azure NoSQL database service for app development.
1,440 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ryan Hill 25,486 Reputation points Microsoft Employee
    2023-03-23T23:44:43.8+00:00

    Hi @Siegfried Heintze ,

    Public availability and authorization is still relevant, but you are correct. When you bind your function to a Cosmos change feed trigger, your app doesn't have a URL endpoint and only will be invoked by how the trigger binding is configured. You can confirm this by going into the portal, clicking the function in the function app, and you will notice Get Function URL is greyed out.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Ryan Hill 25,486 Reputation points Microsoft Employee
    2023-03-17T22:22:18.6866667+00:00

    Hi @Siegfried Heintze

    That's complete inherit to you and what you want out of your application, but I would advise reviewing Securing Azure Functions and determine which actions are best suited for your function app. If your function app isn't meant for public access, then I would at least look at Function level authorization wherein your endpoint can only be invoked when the URI has the supplied code/key.