Home > Back-end >  How to connect public-facing Azure Static Web App to a Function app that is secured with a private e
How to connect public-facing Azure Static Web App to a Function app that is secured with a private e

Time:12-17

I have an Azure static web app (SWA) that calls a "bring your own functions" API (required separation for an API accessing key vault). The Function app is via a private endpoint. I want the SWA to be public-facing, ideally with Enterprise-grade Edge. In order to let the SWA talk to the function app, I established the same private endpoint for the SWA, resulting in a 403 now from the public Internet. How can I allow the SWA to be public facing (and benefit from CDN / Enterprise-grade Edge) while allowing it to connect to the secured Function app? Thanks!

CodePudding user response:

I'm afraid you cannot achieve this requirement using Static Web App and a FunctionApp behind a private endpoint. The 'bring your own functions' feature requires the functions to not have IP restrictions. {1}
If securing your functions behind a private endpoint is a must, you may want to use App Service instead, this way you can use the feature 'VNet Integration. This feature allows you to route outbound traffic privately, using an IP from a subnet of your own VNet. {2}

Please, take a look at the documentation below:

{1} enter image description here

enter image description here

https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration

  • Related