功能应用程序部署失败-远程服务器返回错误:(403)禁止 [英] Function App Deployment Failed - The remote server returned an error: (403) Forbidden

问题描述

部署到具有Microsoft.EventHub，Microsoft.KeyVault，Microsoft.Storage和Microsoft.Web服务端点的子网上的现有存储帐户上.

Deploying to an existing storage account on a subnet with service endpoints for Microsoft.EventHub, Microsoft.KeyVault, Microsoft.Storage and Microsoft.Web.

存储帐户位于所选的vnet上:

Storage account is on a selected vnet:

推荐答案

您似乎想限制从虚拟网络中的功能应用程序访问存储帐户.如果是这样，则需要在子网中启用存储帐户端点，并使功能应用程序与该子网集成.您的功能应用程序应托管在支持虚拟网络的应用程序服务计划上.有关更多详细信息，您可以查看将您的应用程序与Azure虚拟网络集成.

It looks like you want to restrict access to your storage account from your function app in a virtual network. If so, you need to enable the storage account endpoint in a subnet and enable your function app to integrate with that subnet. Your function app should host on an app service plan which supports virtual network. For more details, you could see the Integrate your app with an Azure Virtual Network.

此外，您可以参考此 ARM模板完成大部分工作.在这种情况下，您将部署 regional-vnet-integration 和与应用程序服务位于同一区域的存储帐户.

Moreover, you could refer to this ARM template to finish most of the work. In this case, you will deploy a regional-vnet-integration and a storage account in the same region as the app service.

如果仅启用到该子网的存储帐户服务终结点，但又不想将功能应用程序与此子网集成，则需要允许可能的出站

If you just enable the storage account service endpoint to this subnet but do not want to integrate your function app with this subnet, you need to allow possible outbound IPs of your function app in the firewall of the storage account. Also, the function app and storage account should be in a different region in this scenario.

如有任何疑问，请随时告诉我.

Feel free to let me know if you have any question.

这篇关于功能应用程序部署失败-远程服务器返回错误:(403)禁止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！