2

I have a timer function APP deployed to Azure. I know that this has approx four or so possible outbound IP's.

I can get those IP's whitelisted but the issue is if I ever blow the resource group away the outbound IP's will change. I want to try and implement a more permanent solution. I know I can create an App Service Environment (ASE) but the price of that isn't justifiable

I then thought I could possibly add the function app to a private VNET so the IP's could remain the same but I don't know if I can add a function app to a VNET. I know an app service can be added to a VNET but a function app?

Or are there any other suggestions?

halfer
  • 19,824
  • 17
  • 99
  • 186
David
  • 1,203
  • 6
  • 25
  • 48

1 Answers1

4

You should take a look at the Azure API management - it gives you a single public IP address for your API, which may be based on Azure Functions. Reference here https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-ip-addresses

Simon
  • 368
  • 1
  • 4
  • 9
  • I believe you can only import HTTP trigger functions into APIM, this is a timer function – David Jun 29 '20 at 11:07
  • So the easiest but not elegant method would be to set up an HTTP trigger function which acts as a proxy - you run your timer function in a separate Azure Function instance, and call the API HTTP function which then relays the data to the target using API IP address. – Simon Jun 29 '20 at 19:23
  • Yeah as you say not elegant but would work. Will mark this as the answer as useful info pertaining to APIM that you have shared – David Jul 01 '20 at 08:39
  • Actually I just tested an app service hosted in APIM by logging the request header that came through in my backend. It appears the IP that came through is the IP of the app service and not the IP of APIM – David Jul 02 '20 at 23:41