stackoom
  简体   繁体   中英

Outbound IP address Azure API Management

 原文  2021-11-02 08:03:16       azure/ azure-functions/ azure-api-management/ azure-virtual-network

Question

Scenario: I have Pay-As-You-Go instance of Azure API Management created. In that, as APIs, I have imported Azure Functions App. Azure Functions app is on Consumption Plan as well. These azure functions are calling some external APIs and getting data. I return data as is from these functions.

Issue: To get data from external APIs, I need to get my IP address whitelisted. My calling pattern is APIM => Azure Function => External API. I am hitting APIM endpoint from my UI to get data. I have not exposed azure functions endpoint to UI. Issue is what IP should be whitelisted to get the data ?

Options Tried:

  1. I got the APIM virtual address(public) whitelisted, but that didn't work.
  2. I added logs to my each function to log outbound IP address (using ipconfig.me). This is giving me different IP address then that of APIM public IP.

My confusion is, if I have imported these functions to APIM, then my outbound IP address should be of APIM and not of functions, right ? or my understanding is wrong here ?

It will be really helpful if someone can help with this scenario. We need to get our IP whitelisted so that we can get data. For that changes to infra can be done, even if we need to switch to premium plans.

1 answers

solution1
 0  2021-11-02 09:15:24

In your case APIM works as a gateway to your system, so you would use outbound IP address for APIM for IP restrictions configured on Azure Functions level. This would secure access to Functions and limit it to only APIM.

As you need to secure External API, which is accessed via Azure Functions, you need to check outbound IP for your App Service Plan(whether it's Consumption or not). The scenario you were trying would work only if outbound traffic is sent via some kind of gateway (see - https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-nat-gateway )

Without a gateway, outbound IP can be checked with the following commands:

az functionapp show --resource-group <GROUP_NAME> --name <APP_NAME> --query outboundIpAddresses --output tsv
az functionapp show --resource-group <GROUP_NAME> --name <APP_NAME> --query possibleOutboundIpAddresses --output tsv

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Static IP address in Azure API management Service Azure Service Fabric outbound IP address Azure Api Management Gateway Consumption Tier - How to Find IP Address Is the outbound IP address (public VIP) of Azure App Service Environment static? how to get hold of the azure kubernetes cluster outbound ip address Does Azure EventGrid have defined outbound IP address Rename Query Parameter in Outbound Request in Azure API Management Outbound TLS ciphers supported by Azure API Management Proxy Azure application resolves to a completely different IP address than range listed in Outbound IP addresses Is any way to ensure any azure service plan have an unique static outbound IP address in one azure subscription?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM