Azure Function App using system assigned managed identity
As per Microsoft recommendation we need to disable the access key on storage account and connect it using identity. But after switching to use the managed identity, our functions stopped working. Please help check what's the problem.
After disabling the access keys on storage account, we have done the operations as below:
- enabled the system managed identity on our function app.
- grant "Storage Account Contributor" and "Storage Blob Data Owner" roles to the identity
- removed the environment variable "AzureWebJobsStorage", "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING" and the "WEBSITE_CONTENTSHARE".
- added "AzureWebJobsStorage__accountName"
Our function app is using the basic consumption plan, windows hosted. Here's some screenshots for details
- function app essential:
- function app environment variables
- Role assignment
Our functions are solely scheduled by timer and only call our backend APIs; we don't have logic access to other Azure resources, including storage accounts. I would like to know what steps I can take to make it operational again. Thank you in advance.