-1

I'm using serverless framework to deploy Azure functions. All basics are pretty straight forward, but now I have a function which needs to connect to a private on-prem environment. I was thinking to create a VNET with a VPN connection to on-prem, but how can I deploy my function inside this VNET? Is this possible using the serverless framework? Or is there a better solution to connect an Azure function to a VPN?

DenCowboy
  • 13,884
  • 38
  • 114
  • 210
  • Could you please refer this [MS DOC](https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options?tabs=azure-cli) – AjayKumarGhose Jun 08 '22 at 07:54
  • That does not mention anything about the serverless framework? – DenCowboy Jun 08 '22 at 08:35
  • AFAIK, we can use the same MS DOC for enable vnet integration on azure function for serverless framework as well.! – AjayKumarGhose Jun 08 '22 at 09:13
  • Hi @DenCowboy, did the suggested solution work for you? Do let me know if it solved your problem else share more details so I can troubleshoot or else do accept it for helping other community members. – Kartik Bhiwapurkar Jul 25 '22 at 04:29

1 Answers1

0

• As you are deploying Azure function applications using the serverless framework, they should be configured in a ‘.yml’ file or through the ‘--config’ option during deployment. If you are adept at configuring the deployment options through ‘.yml’ file for serverless, you can consider deploying the Azure functions along with the required service endpoints. Thus, even on enabling the service endpoints, the traffic traverses through the Microsoft backbone network only allowing access to the PaaS resources, i.e., Azure functions, logic apps, etc. and that too from its virtual network only. But still the PaaS service endpoint can be accessed from a public IP address. So, when you select ‘allow for a particular VNET’ in the "access restriction" policy, then your app will be accessed by only resources that are deployed in that VNET.

But unfortunately, the above stated operating principle of service endpoints doesn’t extend to on-premises environment even in the presence of connectivity with Azure VPN. Thus, by deploying Private Link along with the above, you can instead access the PaaS resources via a private IP address of your VNET which can be accessed from on-premises environment also via Azure VPN gateway.

• Also, please note that you can connect to a VNET isolated Azure functions through service endpoints using a P2S VPN if Azure function’s additional outbound IPs are custom advertised to the VPN gateway.

Please refer to the below question and answer blog discussion for more details on your query: -

https://learn.microsoft.com/en-us/answers/questions/134305/p2s-connectivity-to-vnet-isolated-serverless-azfun.html

To configure and advertise the custom routes for P2S VPN clients for connecting to Azure functions, kindly refer to the below documentation link: -

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes#to-advertise-custom-routes

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9