Share via

Azure function can't connect to storage account over vnet

Aleks G 6 Reputation points
2023-04-03T08:18:43.48+00:00

I have a function app running inside E1:1 app service (i.e. not consumption model). This app service is integrated into a vnet, with a subnet allocated to it. The storage account for this azure function has networking defined to only allow connections from specified IPs and virtual networks and has the vnet for this service plan included. This configuration has been in place for several months now, working perfectly fine.

Last Friday (31/03/2023), the function app started failing. It complains that it can't access files in the storage account. If I change storage account networking set up to allow access from all networks, then the function app works correctly. Yet, all networking was correct - and nothing changed in the configuration. Obviously, something changed on Azure side - but what?? And what do I do about it?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,679 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,944 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MuthuKumaranMurugaachari-MSFT 22,276 Reputation points
    2023-04-06T19:45:36.4066667+00:00

    Aleks G Thanks for posting your question in Microsoft Q&A. Based on the description, it seems the storage account is blocking the access from Function Apps. When you say, no change in configuration, you meant Function Apps Configuration? I am not aware of any changes on the Azure specifically and some change likely happened with the rules either on storage accounts or Function Apps. We can follow few troubleshoot steps to investigate the cause and mitigate it.

    1. Can you verify if WEBSITE_CONTENTOVERVNET application setting is set to 1 in your function app (as described in doc: https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentovervnet). If not, please add this setting.
    2. Have you enabled Diagnostic settings for Azure Storage account https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage?tabs=azure-portal#analyzing-logs? Any errors logged for IPs from that VNET?

    If you still observe the errors, I suggest you open a support ticket to our Azure Support team. They have best tools and resources to investigate the backend logs and find the cause. I hope this helps and let me know if any questions.

    0 comments