In today’s rapidly evolving digital landscape, ensuring security and seamless networking is more important than ever for any cloud-based application. In Azure Functions, we offer advanced identity and networking features to protect your applications. In this blog post, we’ll delve into the key concepts related to security and networking in Azure Functions and provide next steps so you can get started today.
The Azure Functions team recently released new getting started quick starts and samples leveraging the Azure Developer CLI!
These samples are secure & scalable and
- demonstrate best practices in creating secure apps
- use identity for all connections to dependencies like Azure Storage
- include VNet integration for outbound communications
- build on the powerful Flex Consumption plan
- show how to leverage the Azure Developer CLI for seamless deployment
We invite you to try them out today and incorporate the sample code in your existing function apps to harden your security posture. Check out this deep dive where we go into detail regarding our recommended best practices when it comes to identity and networking and share interactive demos that walk you through how you can get started today.
The following are some highlights of the talk. Here’s what you should know about identity and networking!
Identity
- Managed identity is a crucial aspect of securing your Azure Functions without the need to manage credentials manually. It simplifies the authentication process for Azure services by managing identities in Azure Entra (also known as Azure Active Directory).
- Identity can be used to authenticate to any service that supports Entra authentication, eliminating the need for hard-coded credentials in your code. Using managed identities, you can securely access Azure services like Azure SQL Database, Azure Storage, Azure Service Bus, Azure Open AI, and even Azure KeyVault without embedding secrets in your application code. This approach enhances security by reducing the risk of credential exposure and simplifies the management of credentials.
- There are two types of managed identities: system-assigned and user-assigned. System-assigned managed identities are created and managed by Azure, and they are tied to the lifecycle of the Azure resource, such as an Azure Function. User-assigned managed identities are created as standalone Azure resources, they can be assigned to multiple Azure resources and can have more durable lifecycles.
- It's also important to consider login identity for your own interactive users. Entra provides a robust identity platform that supports various authentication methods, including multi-factor authentication (MFA), single sign-on (SSO), and conditional access policies. By leveraging Entra, you can ensure that your users have a secure and seamless login experience while accessing your applications.
Networking
- Azure Functions leverages Azure Virtual Network to provide a secure network fabric, ensuring an isolation boundary for your applications. This isolation helps protect your functions from unauthorized access and potential threats.
- Network security groups (NSGs) can be used to control inbound and outbound traffic, adding an extra layer of security.
- By using private endpoints, you can ensure that your Azure Functions communicate with designated resources over a private IP address, avoiding exposure to the public internet. This setup enhances security by restricting access to your functions.
- Azure Functions can be integrated with a virtual network, allowing your functions to access resources within the network securely. This integration is crucial for scenarios where your functions need to interact with databases or other services that have restricted access to calls originating from a virtual network.
- Service endpoints allow your functions to connect to Azure services over the Azure backbone network, providing a secure and high-performance connection. This setup reduces latency and enhances the overall performance of your applications.
So, what are you waiting for? Create your secured Azure Function today and let us know what you think!
Docs:
Keep in touch: