0

I am trying to access a blob trigger in Azure Functions using a managed identity but am encountering issues. I have followed the instructions in the documentation and blog posts, but the issue persists.

I have already:

  • Enabled managed identity for the Function App.
  • Assigned the required permissions to the managed identity on the Azure Blob Storage account.

Despite these steps, my function still cannot access the blob trigger.

Has anyone encountered this issue or can provide further guidance on resolving this?

Environment:

Azure Functions v4 Using managed identity for authentication Blob trigger binding in JavaScript (Node.js)

Additional Question:

Is it possible to use different storage accounts for: The Azure Functions runtime (i.e., internal function execution, logs, etc.) and the trigger (i.e., blob trigger in a different storage account)?

I want to set the blob trigger in a different storage account but am unsure if this is supported or how to configure it properly.

Any insights or suggestions would be appreciated!

Improve this question
2
  • Can you please share the code which you have tried? and recheck the path of the blob once. Commented Mar 6 at 3:36
  • For your additional question. It is in fact recommended that the storage which is used by your function is not shared with any other resource. So for POC or Dev it is fine, but otherwise, keep your Function storage and your blob trigger storage accounts separate. Commented Mar 6 at 4:24

1 Answer 1

Reset to default
0

Follow below steps to access Blob Trigger Using Managed Identity in Azure Functions.

  1. Enable Managed Identity in Azure Function App.
  2. Go to Storage Account=>Access Control assign below mentioned roles to Function App's managed identity.
Storage Account Contributor
Storage Blob Data Owner
Storage Queue Data Contributor

enter image description here

  1. Navigate to Function App=>Settings=>Environment Variables, delete AzureWebJobsStorage and add below app settings:
<ConnectionName>__accountName : <storageName>
<ConnectionName>__credential : managedidentity
<ConnectionName>__blobServiceUri : https://<storageName>.blob.core.windows.net/
<ConnectionName>__queueServiceUri : https://<storageName>.queue.core.windows.net/

enter image description here

  • Created a NodeJs V4 Blob trigger Azure function.

Code Snippet:

const { app } = require('@azure/functions');

app.storageBlob('storageBlobTrigger', {
    path: 'samples-workitems/{name}',
    connection: 'AzureWebJobsStorage',
    handler: (blob, context) => {
        context.log(`Storage blob function processed blob "${context.triggerMetadata.name}" with size ${blob.length} bytes`);
    }
});

Able to run the function in portal successfully:

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Hey!! Thanks for your response! I just needed a bit more clarification. I was able to make it work by simply passing <ConnectionName>__accountName: <storageName> and assigning the following roles to my function app's managed identity over the storage account: - Storage Table Data Contributor - Storage Queue Data Contributor - Storage Account Contributor - Storage Blob Data Contributor I noticed you didn't mention the Storage Table Data Contributor role. Should I try removing it? Any thoughts on my approach?
Yes, if you are not using Storage tables, you can remove it.
Great!, What about other variables?
You have to add those if the connection configuration will be used by a blob trigger.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.