Home > Mobile >  Consumption plan Azure Function behind an APIM
Consumption plan Azure Function behind an APIM

Time:05-18

For network isolation purposes, I would like to expose an azure function ONLY through my APIM, and block any direct HTTP call.

It's running on a Consumption plan and therefore enter image description here

CodePudding user response:

There is a workaround to allow the Azure Function APIs access only from APIM Instance when using the Consumption Plan for Azure Functions and Basic SKU for APIM.

Solution Steps:

  1. As Application Gateway is already configured for public access, assigned public IP address is used to communicate API Management instance. Therefore, NAT Gateway for communication with API Management instance is optional (not required).
  2. Configure API Management instance to accept only traffic from Application Gateway instance. Along with source IP restriction, subscription key is also acceptable.
  3. Configure Function app to accept only traffic from API Management instance. Along with source IP restriction, API host key and authentication are also acceptable.

Refer to Accept only traffic from a front-end service (API Management, Functions) for the practical workaround.

  • Related