all Technical posts

Control Your Azure Functions Securely Through Azure API Management

In some scenarios, you need to start/stop your Azure resources based on external events. APIs are a good way to expose this "control plane" functionality, as it allows seamless integration within your enterprise. This blog showcases this by creating an API that allows to start/stop Azure Functions on demand. It's a good practice to expose your APIs through an API Gateway, that's why I let Azure API Management handle the job in an easy and secure manner.

  • In Azure API Management, you first have to create a new API.

  • Create a new operation, which I called in my example “Start Invoicing”

<inbound>
<base />
<set-backend-service base-url=”https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{functionAppName}” />
<rewrite-uri template=”/start?api-version=2016-08-01″ copy-unmatched-params=”false” />
<authentication-managed-identity resource=”https://management.azure.com/” ignore-error=”false” />
</inbound>

  • The authentication will only work if you enable Managed Service Identity on your API Management instance.

  • To ensure that your API Management instance has the rights to start/stop the Azure Function, you have to navigate to the Access control tab of the Function App.

  • Over here, you can give the Managed Service Identity of your API Management instance the required access rights to start/stop your Azure Function.

  • Try out the API operation…

  • …and see that your Azure Function started successfully!

This is just a simple example of how you can use Azure API Management’s Managed Service Identity to authenticate against the Azure Management API. This approach allows really nice scenarios. All of this is done in a secure manner, if you don’t forget to secure your API Management frontend.

Cheers,
Toon

 

Subscribe to our RSS feed

Let's talk, what's your first name?

Press Enter

Press Enter

Hi , what's on your mind?

Press Enter

Great! Leave your email and we'll be in touch
Submit
Thanks, we’ll be in touch soon!