How to secure Function App, CosmosDB, Storage Account with API Management Consumption plan.

Andrei Matrosau 20 Reputation points

In an Azure environment, I want to secure a Function App which communicate with CosmosDB, and a Storage Account using API Management in a Consumption plan. Could you please provide guidance on the steps involved in setting up this security configuration, including any best practices and considerations for each resource type?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
3,433 questions
{count} votes

Accepted answer
  1. JananiRamesh-MSFT 11,271 Reputation points

    Hi @Andrei Matrosau Thanks for reaching out. From the description I understand that you wanted to protect your function app which communicate with CosmosDB, and a Storage Account using API Management.

    So actual flow would be client --> APIM --> Function app --> CosmosDB --> Storage Account correct me if I am wrong here.

    for secure access, we suggest implementing Oauth/Client certificate/ IP whitelisting.

    below is a diagram that lists the all the methods we provide from APIM end.


    you can implement any of the above methods in conjunction with the subscription Key and the IP wihte-listing methods to improve the security and enforce more restrictions.


    Please let me know if you have any further queries.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful