Share via

How to secure Function App, CosmosDB, Storage Account with API Management Consumption plan.

Andrei Matrosau 45 Reputation points
2023-09-01T08:12:54.1+00:00

In an Azure environment, I want to secure a Function App which communicate with CosmosDB, and a Storage Account using API Management in a Consumption plan. Could you please provide guidance on the steps involved in setting up this security configuration, including any best practices and considerations for each resource type?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,081 questions
Accepted answer
  1. JananiRamesh-MSFT 27,831 Reputation points
    2023-09-01T17:50:18.61+00:00

    Hi @Andrei Matrosau Thanks for reaching out. From the description I understand that you wanted to protect your function app which communicate with CosmosDB, and a Storage Account using API Management.

    So actual flow would be client --> APIM --> Function app --> CosmosDB --> Storage Account correct me if I am wrong here.

    for secure access, we suggest implementing Oauth/Client certificate/ IP whitelisting.

    below is a diagram that lists the all the methods we provide from APIM end.

    206943-image.png

    you can implement any of the above methods in conjunction with the subscription Key and the IP wihte-listing methods to improve the security and enforce more restrictions.

    Reference: https://learn.microsoft.com/en-us/azure/api-management/api-management-policies

    https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts

    Please let me know if you have any further queries.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.