We can connect to resources (ex. Azure Storage) in Azure Virtual Network by using private endpoints.
| Info |
|---|
We need to create function app in a Premium Plan to get the networking capabilities. |
Configuration during the creation
Enable public access is set to OFF : Deny public network access will block all incoming traffic except that comes from private endpoints.
Enable network injection is set to ON : The ability to configure your application with VNet integration at creation appears in the portal window after this option is switched to On.
Virtual Network is set to CREATE NEW : Select the Create New field. In the pop-out screen, provide a name for your virtual network and select Ok. Options to restrict inbound and outbound access to your function app on create are displayed. You must explicitly enable VNet integration in the Outbound access portion of the window to restrict outbound access.
etc … Use private endpoints to integrate Azure Functions with a virtual network | Microsoft Learn
Create a Azure service (Service Bus) - that is used to test the functionality of your function app's network capabilities
Lock down the Service Bus we just created
...
Create a queue in Service Bus
...
Get a Service Bus connection string
...
Configure Function app settings
...
Finalize the configuration with the runtime
...
| Info |
|---|
The contributor role is not enough to manage the runtime scale monitoring in the Function runtime settings. |