Can Azure Functions be deployed to a Vnet?

Asked 14/2, 2020 at 13:12 Answered 15/2, 2020 at 3:24

Solved azure azure-functions vnet app-service-environment

Can Azure Functions be deployed inside a VNet?

If I created an App Service environment in a VNet and then picked that App Service Plan when creating the Function, Would that mean that the Azure Function is deployed inside the VNet and have the same restrictions etc. as defined by the VNet?

Truckload answered 14/2, 2020 at 13:12 Comment(0)

Yes, you can host an Azure function on Azure App Service Environment which provides a fully isolated and dedicated environment for securely running App Service apps or your functions. You will have fine-grained control over inbound and outbound application network traffic. So it could be restricted by network security groups.

ASEs are isolated to running only a single customer's applications and are always deployed into a virtual network. Customers have fine-grained control over inbound and outbound application network traffic. Applications can establish high-speed secure connections over VPNs to on-premises corporate resources.

VNet Integration with Azure function is a feature to use Azure Functions to connect to resources in an Azure virtual network. VNet Integration is only for making outbound calls from your app into your VNet.

In this case, you just need to deploy your Azure function in a VNet with ASE instead of VNet integration. Read Services that can be deployed into a virtual network

Offcolor answered 15/2, 2020 at 3:24 Comment(2)

New to Azure functions, but continuing from this, can we then go on to use that same function (within an Azure VNET) to connect to a VPN Gateway (to another on-prem network)? – Dagnah 17/11, 2021 at 16:19

Is VNet integration for Azure Functions safe and secure? If the Funciton App was compromised, could an attacker reach into the VNet and affect Resource there? – Colner 12/10, 2022 at 16:40

Yes it can be deployed inside a VNet. I would recommend you to go through the documentation integrate Functions with an Azure virtual network

An Azure Function can be deployed on an App Service Environment. The App Service Environment is deployed on your own VNET which can have access to on-prem resources via ExpressRoute.

Hettie answered 14/2, 2020 at 13:14 Comment(4)

I actually have looked at that link, however the way i understand it in that example is that the Azure Function is sitting outside the VNet and accessing resources inside it. It is also available on public IP Addresses. I want the Azure Function to be inside the VNet and be restricted by the VNet configuration. – Truckload 14/2, 2020 at 13:33

An Azure Function can be deployed on an App Service Environment. The App Service Environment is deployed on your own VNET which can have access to on-prem resources via ExpressRoute. – Hettie 14/2, 2020 at 13:42

learn.microsoft.com/en-us/azure/app-service/… – Hettie 14/2, 2020 at 13:43

Today you can add a Private Endpoint to the Function App, this disables all Public Access – Armrest 21/7, 2022 at 13:51

Recommended topics

Hot tags