Azure function in VNET still needs Function access keys?

1
votes

Suppose I have an Azure function on Consumption plan hosted in VNET, if my function calls are restricted to the App Service Instance in the VNET, do I still need to ensure my function is only accessible with Function/Admin keys?

My view is that, if the endpoints are secured in VNET, then I do not need to implement access keys right?

1
azureazure-functionsazure-function-appvnet
Are you designing and operating with an assume breach mindset? If yes, ANY call within your VNET should be authenticated as it may come from a bad actor. If you think you run in a trusted environment you're all set, authenticate nothing, trust everything.evilSnobu

1 Answers

0
votes

I doubt we will be able to answer this question, it depends on your workload and security requirements.

One factor (network firewall) might be enough for your use case, others may want/need a second factor (authorization key).