Azure Functions 访问 Azure 存储帐户防火墙
[英]Azure Functions access to Azure Storage Account Firewall
问题描述
What am I trying to achieve
我想达到什么目的
Connect to an Azure BLOB storage account that sits behind a firewall through an Azure Function.通过 Azure 函数连接到位于防火墙后面的 Azure BLOB 存储帐户。
Steps Taken so Far迄今为止采取的步骤
- Azure Function developed and tested against public storage account which works as expected. Azure Function 针对按预期工作的公共存储帐户进行开发和测试。
- Following Azure Resource Explorer for my Azure Function I find out the outbound addresses(
"outboundIpAddresses"entry) and I add them in the firewall of the storage Account.按照Azure 资源浏览器为我的 Azure 功能找到出站地址( "outboundIpAddresses"条目)并将它们添加到存储帐户的防火墙中。
Issue问题
While trying to run the Azure Function against the storage account with the firewall I am getting a Status: 500 Internal Server Error - This request is not authorized to perform this operation.在尝试使用防火墙针对存储帐户运行 Azure 函数时,我收到Status: 500 Internal Server Error - This request is not authorized to perform this operation.
What am I missing here?我在这里缺少什么?
1 个解决方案
解决方案1
5 已采纳 2019-05-10 20:28:58
You won't be able to achieve what you want here currently.您目前无法在这里实现您想要的。 When you hit the storage account from your funciton, because they are in the same region as each other, all the traffic goes over the internal Azure network on internal IP's, not the public IPs listed in the web app, and so is not allowed over the firewall (I have had this confirmed by Azure support).当您从您的功能中访问存储帐户时,因为它们彼此位于同一区域,所有流量都通过内部 IP 上的内部 Azure 网络,而不是 Web 应用程序中列出的公共 IP,因此不允许通过防火墙(我已经通过 Azure 支持确认了这一点)。 Because you don't have access to the internal IPs of the function, and even if you did they can change, you can't whitelist them.因为您无权访问该函数的内部 IP,即使您更改了它们,也无法将它们列入白名单。
If your resources were in different regions, traffic would go over the external IPs and you would have more success.如果您的资源位于不同的区域,流量将通过外部 IP,您将获得更大的成功。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.