In a function app, usually we use appsetting AzureWebJobsStorage to connect to storage. This blog shows you how to configure a function app using Azure Active Directory identities instead of secrets ...
Updated Jul 08, 2024
Version 3.0
Blog Post
2 MIN READ
Use managed identity instead of AzureWebJobsStorage to connect a function app to a storage account
v-vikashooda
Microsoft
MicrosoftReferring to AnushaGarg comment, my function app is running fine with the System Managed Identity. Just follow these straightforward steps:
- Set the system identity to "ON" for "myfunctionapp."
- Go to the IAM settings of "MyStorageAccount" and assign the Storage Blob Data Contributor role to "myfunctionapp."
- Rename the key from AzureWebjobStorage to AzureWebJobStorage__blobURI and set the value to "https://MyStorageAccount.blob.core.windows.net/." Microsoft Azure Functions Reference
- Disable "Allow storage account key access."
Now, the only issue I have is with the deployment and Kudu trace logs. CI/CD is throwing the following exception:
2024-07-09T11:01:26.7757326Z ##[error]Failed to deploy web package to App Service.
2024-07-09T11:01:26.7767967Z ##[warning]Can't find loc string for key: KuduStackTraceURL
2024-07-09T11:01:26.7770291Z ##[error]KuduStackTraceURL https://***:***@myFunctionApp.scm.azurewebsites.net/api/vfs/LogFiles/kudu/trace
2024-07-09T11:01:26.7773117Z ##[error]Error: Error: Failed to deploy web package to App Service. Internal Server Error (CODE: 500)
Can anyone provide a solution for this? We are not allowed to enable the "Allow storage account key access." However, when we enable account key access, the CI/CD deployment for the function app succeeds.