How to secure Function App, CosmosDB, Storage Account with API Management Consumption plan.

Andrei Matrosau 45 Reputation points
2023-09-01T08:12:54.1+00:00

In an Azure environment, I want to secure a Function App which communicate with CosmosDB, and a Storage Account using API Management in a Consumption plan. Could you please provide guidance on the steps involved in setting up this security configuration, including any best practices and considerations for each resource type?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,605 questions
{count} votes

Accepted answer
  1. JananiRamesh-MSFT 23,486 Reputation points
    2023-09-01T17:50:18.61+00:00

    Hi @Andrei Matrosau Thanks for reaching out. From the description I understand that you wanted to protect your function app which communicate with CosmosDB, and a Storage Account using API Management.

    So actual flow would be client --> APIM --> Function app --> CosmosDB --> Storage Account correct me if I am wrong here.

    for secure access, we suggest implementing Oauth/Client certificate/ IP whitelisting.

    below is a diagram that lists the all the methods we provide from APIM end.

    206943-image.png

    you can implement any of the above methods in conjunction with the subscription Key and the IP wihte-listing methods to improve the security and enforce more restrictions.

    Reference: https://learn.microsoft.com/en-us/azure/api-management/api-management-policies

    https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts

    Please let me know if you have any further queries.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful