0

I've configured the access to azure app configuration and vault in my project, it works locally, but when I publish the aws lambda to aws cloud it doesn't access azure key values anymore.

I have configured:

_configuration = new ConfigurationBuilder()
                            .SetBasePath(Directory.GetCurrentDirectory())
                            .AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
                            .AddJsonFile($"appsettings.{Svc.Name}.json", optional: false)
                            .AddEnvironmentVariables()
                            .AddAzureAppConfiguration(options =>
                            {
                                options
                                .Connect(tempConfig["AzureAppConfiguration:ConnectionString"])
                                .ConfigureRefresh(options =>
                                {
                                    options.Register("ConnectionString", false);
                                })
                                .ConfigureKeyVault(options =>
                                {
                                    options.SetCredential(new ClientSecretCredential(
                                        tempConfig["App:TenantId"],
                                        tempConfig["App:ClientId"],
                                        tempConfig["App:ClientSecret"]
                                        ));
                                });
                            })
                            .Build();

the values are on Json Files, lambda function is getting the right environment, my services configuration applies

serviceCollection.AddAzureAppConfiguration();

all works fine in local machine, but it triggers time out when tries to load Key values running on aws cloud.

Is there some permission/role/access I must grant in lambda's or azure's feature configuration?

Improve this question

1 Answer 1

Reset to default
0

Here are a few things I will look

  • Make sure tempConfig is resolved before the code you shared is reached.
  • You use the connection string to connect to Azure App Configuration. It should work from anywhere. Please make sure the networking of your lambda is not blocking any traffic to App Configuration IP addresses or its domain "azconfig.io".
  • Don't load secrets from Key Vault temporarily to isolate the issue, so you can tell whether it's a connection issue with App Configuration or Key Vault.

BTW, if the issue is with refreshing, please make sure you call TryRefreshAsync in your Lambda call.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'll try the tips you said, ty =)
Is there an approach to access AZ key vault from a GCP workload? Any samples for ref available to refer? Please advise.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.