Function app hosted by Azure Functions in a Flex Consumption plan
This sample Bicep file or Azure Resource Manager (ARM) template create a serverless function app in the Flex Consumption plan, which is the preferred dynamic hosting plan. When your app runs in the Flex Consumption plan, instances of the Functions host are dynamically added and removed based on the configured per instance concurrency and the number of incoming events. This app securely connects to other Azure services by using Microsoft Entra ID with user-assigned managed identities.
The deployment is composed of these primary Azure resources:
| Identifier | Resource | Description |
|---|---|---|
Microsoft.Web/serverfarms |
Flex Consumption plan | A specific type of App Service plan that enables your functions to scale dynamically (even to zero instances and under high loads), connect to virtual networks, use managed identity connections, and reduce cold-starts. The Flex Consumption plan currently runs only on Linux. |
Microsoft.Web/sites |
Function app instance | Provides the Functions hosting and runtime support for your functions code project. By default, this template hosts a .NET (C#) isolated process app. You can use the functionAppRuntime and functionAppRuntimeVersion parameters to choose a different language for your app. |
Microsoft.Storage/storageAccounts |
Default Azure Storage account | Each function app deployment requires a storage account that's used by the Functions runtime. This template disables key-based access to storage account resources. You can use the storageAccountAllowSharedKeyAccess variable to toggle shared key access to access storage account resources during testing and development. To enhance security, you should disable shared key access in production. The function app connects to storage with user-assigned managed identities that are granted role-based access to a limited number of resources. The connection is defined by the AzureWebJobsStorage_* setting structure. |
Microsoft.Insights/components |
Application Insights instance | Application Insights helps you monitor your function app performance and behaviors. It requires an associated Log Analytics (Microsoft.OperationalInsights/workspaces) resource. |
Microsoft.ManagedIdentity/userAssignedIdentities |
User-assiged managed identity | Connections to both Azure Storage and Application Insights are secured by using Microsoft Entra ID with a user-assigned managed identity. The identity is assigned the required roles in the remote services by using Microsoft.Authorization/roleAssignments resource definitions. |
Tags: Microsoft.Storage/storageAccounts, microsoft.insights/components, Microsoft.Web/serverfarms, Microsoft.Web/sites, Microsoft.ManagedIdentity/userAssignedIdentities,Microsoft.OperationalInsights/workspaces