Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to allow azure function to access database hosted on Azure VM? #2472

Closed
karandesai28 opened this issue Feb 28, 2018 · 1 comment
Closed

How to allow azure function to access database hosted on Azure VM? #2472

karandesai28 opened this issue Feb 28, 2018 · 1 comment

Comments

@karandesai28
Copy link

Background
We have our production database deployed on Azure VM and it is configured to be accessible to only authorized (or whitelisted) IPs. We are using Azure Function app (Timer triggered) that attempts to access that database to perform several iterative tasks at specific scheduled time. In app settings of the function app, we have added connection string of the database.

Now whenever the function app runs, it throws following error: "MySql.Data: Authentication to host 'xxx' for user 'xxx using method 'mysql_native_password' failed with message:
Client with IP address 'x.x.x.x' is not allowed to connect to this MySQL server. MySql.Data: Client with IP address 'x.x.x.x' is not allowed to connect to this MySQL server." .

When we white-list the IP mentioned in error message, the function runs successfully. But since the azure function has no determined work-station or PC of same IP that handles the execution, whenever the function runs from new IP, it throws the error back. Therefore, we require a mechanism by which we can white-list all IPs of PCs that will be running our function app OR some better mechanism to authenticate and allow azure function to access our database hosted on Azure VM.

What we tried?

  • We white-listed the Virtual IP address of the function app. But it doesn't work every time.
  • We tried to white-list the IP ranges obtained from Microsoft Datacenter of the region in which our function app is deployed. But this method also didn't work.

Query
Therefore we are in a fix here. To make our azure function able to access the database instance, we'd have to make the database deployed on VM unrestricted (This is leading to DOS like attacks already).

Therefore, is there any way by which one azure resource (say Function App) can access the database hosted on Azure VM with proper authorization methods? If not, then what best can be done to make our function app able to access our IP restricted DB on Azure VM?
@mathewc
Copy link
Member

mathewc commented Mar 28, 2018
edited

If you're using App Service plan (not Dynamic) you might consider using Hybrid Connections. This and what you've already attempted are your main options here.

@mathewc mathewc closed this as completed Mar 28, 2018
@Azure Azure locked as resolved and limited conversation to collaborators Jan 1, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mathewc @karandesai28