Fail to create Function App, due to storage account has disabled public access

Tam Duc Ha Vo 20 Reputation points

Hi, I have created a storage account that has disabled public access. Then I'm trying to create an Azure Function that uses the storage account. Whenever I try to create the function in Azure Portal, I get this error message when Azure is trying to deploy the function:
Creation of storage file share failed with: 'The remote server returned an error: (403) Forbidden.'. Please check if the storage account is accessible**

Any idea why?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
3,685 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,293 questions
0 comments No comments
{count} votes

Accepted answer
  1. MuthuKumaranMurugaachari-MSFT 18,331 Reputation points

    Tam Duc Ha Vo Thanks for posting your question in Microsoft Q&A. If you disable public access in the storage account, only selected IP ranges based on firewall rules or private endpoints configured can access the storage account. This is why the deployment of Azure Function also failed with 403 error since it was not authorized to access the storage account.

    When you create a new function app, you can secure a new storage account via private endpoint as described in doc: Restrict your storage account to a virtual network and Secure storage account linked to Function App with private endpoint (this feature is not supported in Consumption plans). However, if you want to link existing storage account, then this cannot be done via azure portal. Instead, you need to modify ARM template for just creating a new file share in the storage account (new file share creation still needed), do VNET integration, configure WEBSITE_CONTENTSHARE, WEBSITE_CONTENTOVERVNET etc. to point to the file share.

    Unfortunately, this is a current limitation and there is a feature request: Deploy function app and storage account with network restrictions posted in our feedback forum and suggest you sharing the feedback in the link. I will also share your feedback internally with our product team. Check out similar discussion related to this issue and sharing it for reference.

    I hope this helps and let me know if you have any questions.

    If you found the answer to your question helpful, please take a moment to mark it as Yes for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

    0 comments No comments

0 additional answers

Sort by: Most helpful