Azure Functions Access to Restricted Storage Accounts

VladAdmin 146 Reputation points

With requirements for additional security, we have network restrictions on our Azure storage accounts. I removed restriction to one storage account and created Function App that works great. As soon as I change the storage account to Selected Networks, Function App gets an error System.Private.CoreLib: Access to the path 'C:\home\site\wwwroot\host.json' is denied.

If I add WEBSITE_RUN_FROM_PACKAGE =1 I get read only access to Function App.

How do get full access?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
3,005 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,819 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pierre-Luc Giguere 1,071 Reputation points

    Hi Vlad,

    Can we have a list of all of the Application Settings that you have for your Functions?

    There are several network options, they can all be found here:

    Without having access to the App Settings, I would say that you seem to be running into the same problem that these folks are:

    Let me know if that helped.

1 additional answer

Sort by: Most helpful
  1. Jason 1 Reputation point

    This is an old thread, but for posterity:

    I also have this issue. Through careful reading of the documentation I found that when the storage account and function are in the same region, the communication is through private IP channels, not the IP address listed in the function's outbound IP list.

    The answer I found here is to place them in different regions. I have recently tested this and it works. However, it leaves much to be desired...