The issue
When you have a storage account in a vnet in Azure, it does not allow you to create a function app utilizing that storage account via Azure portal or via command line such as CLI that can be used to write IaC. But the error message is misleading and it does not help to understand the real issue. There is no real conflict here it is rather the accessibility to storage account is going to cause the error message.
How to resolve
To resolve the issue you can simply allow storage account to be used from all networks using the Azure CLI command as shown below or go to portal and set the fire wall settings in the storage account to allow all networks.
az storage account update -n 'storageaccountname' -g 'resourcegroupname' --default-action 'Allow'
Once the deployment completed you can apply the firewall rules back using below CLI command.
az storage account update -n 'storageaccountname' -g 'resourcegroupname' --default-action 'Deny'
Since we have not removed the association of storage account with the relevant vnet remains intact once we reapply the network restrictions to storage account.
Add the Azure function to vnet and to same subnet which is associated to the storage account. The function would be ready and would be able to access the storage account without any issues.
No comments:
Post a Comment