Azure Virtual Network | Azure Function | Azure Key Vault
- thierry sinassamy
Architectue : Overview
Azure Function & VNet Integration
It allows the function app to access resources in a VNet without exposing them to the internet. It’s useful for securing outbound traffic from the function app.
Outbound Traffic Control : By integrating the function app (FA) with a VNet, we can control the outbound traffic using a NET gateway. This ensures that all outbound traffic from FA uses specific static public IP addresses --> Control Azure Functions outbound IP with an Azure virtual network NAT gateway | Microsoft Learn
Security : VNet Integration helps in securing FA by allowing it to communicate with resources in VNet privately.
Subnet : We need to deploy a NAT Gateway in a subnet of a VNet. It will be associated with one or more subnets within the VNet to provide outbound connectivity for the resources in those subnets.
No inbound traffic from the internet can pass through a NAT gateway : Azure NAT Gateway frequently asked questions | Microsoft Learn
NSG : While it is not mandatory when deploying a NAT gateway in a subnet, it is highly recommended for enhancing security. Why use a NSG ?
Traffic Control - BSG allows to control inbound & outbound traffic to and from the subnet (by defining rues based on source and destination IP addresses, ports & protocols).
Enhanced security - only authorized traffic can access our resources. It’s an additional layer of security.
Monitoring & Logging - NSG logs can be used to audit and analyze traffic patterns.