获取错误403：在Azure中创建函数应用时禁止

of1yzvn4 于 2023-06-24 发布在其他

关注(0)|答案(1)|浏览(89)

在Azure中创建一个功能应用程序时，我需要代码和相关文件存储在存储帐户中，但存储帐户的网络设置应设置为“从选定的Vnets和IP的启用”，我得到了错误
403：通过ARM模板创建函数应用时，尝试将文件上传到Azure文件共享时被禁止。
如何解决这一问题？
当我在存储帐户网络设置中尝试“从所有网络启用”时，我能够部署，但我需要从“从选定的虚拟网络和IP地址启用”进行部署。

Azure

来源：https://stackoverflow.com/questions/76390494/getting-error-403forbidden-while-creating-a-function-app-in-azure

1条答案

按热度按时间

ulmd4ohb1#

我需要从“从选定的虚拟网络和IP地址启用”进行部署。

我已经创建了一个存储帐户，Vnet和启用访问通过添加IP地址到存储帐户，我能够成功地实现上述要求。

下面是我的模板。

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storageAccountName": {
      "type": "string",
      "metadata": {
        "description": "Name of the storage account."
      }
    },
    "storageAccountSku": {
      "type": "string",
      "defaultValue": "Standard_LRS",
      "allowedValues": [
        "Standard_LRS",
        "Standard_GRS",
        "Standard_ZRS",
        "Premium_LRS"
      ],
      "metadata": {
        "description": "Storage account SKU."
      }
    },
    "virtualNetworkResourceGroup": {
      "type": "string",
      "metadata": {
        "description": "Resource group containing the virtual network."
      }
    },
    "virtualNetworkName": {
      "type": "string",
      "metadata": {
        "description": "Name of the virtual network."
      }
    },
    "subnetName": {
      "type": "string",
      "metadata": {
        "description": "Name of the subnet within the virtual network."
      }
    }
  },
  "variables": {
    "networkRuleSet": {
      "defaultAction": "Deny",
      "virtualNetworkRules": [
        {
          "subnetId": "[resourceId(parameters('virtualNetworkResourceGroup'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName'))]",
          "action": "Allow"
        }
      ],
      "ipRules": [],
      "bypass": "AzureServices"
    }
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2019-06-01",
      "name": "[parameters('storageAccountName')]",
      "location": "[resourceGroup().location]",
      "sku": {
        "name": "[parameters('storageAccountSku')]"
      },
      "kind": "StorageV2",
      "properties": {
        "networkAcls": {
          "defaultAction": "[variables('networkRuleSet').defaultAction]",
          "virtualNetworkRules": "[variables('networkRuleSet').virtualNetworkRules]",
          "ipRules": "[variables('networkRuleSet').ipRules]",
          "bypass": "[variables('networkRuleSet').bypass]"
        }
      }
    }
  ],
  "outputs": {
    "storageAccountConnectionString": {
      "type": "string",
      "value": "[concat('DefaultEndpointsProtocol=https;AccountName=', parameters('storageAccountName'), ';AccountKey=', listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')),'2019-06-01').keys[0].value, ';EndpointSuffix=', environment().suffixes.storageEndpoint)]"
    }
  }
}

我可以在我的环境中部署上面的模板。