This starter is now a reference source for deploying with Azure Developer CLI and being secure by default using Managed Identity and Networking (VNET etc)
Checklist
Trigger/Binding: http
Language: C# (.NET 8)
Basics:
[x] Readme to clone, restore, run, deploy]
[ ] Readme tagging metadata for sample browser
[ ] Single repo per app & language (not a mono-repo)
[x] Azure Developer CLI support (azure.yaml, /infra folder)
[x] HTTP file for testing
Networking:
[x] Function app: public inbound access (ok for HTTP)
[ ] Function app: VNET inbound access required (ok to be unchecked for HTTP)
[x] Function app: VNET outbound access (app subnet)
[x] Storage: public Network Access disabled **
[ ] Storage: Inbound access using VNET (storage subnet)
[x] Storage: Inbound access using Private Endpoints & VNET (privateEndpoints subnet)
Identity and Access:
[x] Function: identity applied [user defined identity]
[x] Function: http access secured (EZ auth | Function key | Master key)
[x] Storage: RBAC grant [user defined identity, data owner]
[x] Storage: access keys disabled
[ ] App Insights: public access disabled, uses identity
Does this introduce a breaking change?
[ ] Yes
[X] No
Pull Request Type
What kind of change does this Pull Request introduce?
[ ] Bugfix
[X] Feature
[ ] Code style update (formatting, local variables)
[ ] Refactoring (no functional changes, no api changes)
[ ] Documentation content changes
[ ] Other... Please describe:
How to Test
git clone [repo-address]
cd [repo-name]/starers/http/dotnet
func start
azd env new
azd up
What to Check
Verify that the following are valid
Builds and starts clean
Deploys with no errors after azd up
HTTP endpoints test ok with 200
Inspection of resources in portal looks ok, secure
Summary
This starter is now a reference source for deploying with Azure Developer CLI and being secure by default using Managed Identity and Networking (VNET etc)
Checklist
Trigger/Binding: http Language: C# (.NET 8)
Basics: [x] Readme to clone, restore, run, deploy] [ ] Readme tagging metadata for sample browser [ ] Single repo per app & language (not a mono-repo) [x] Azure Developer CLI support (azure.yaml, /infra folder) [x] HTTP file for testing
Networking: [x] Function app: public inbound access (ok for HTTP) [ ] Function app: VNET inbound access required (ok to be unchecked for HTTP) [x] Function app: VNET outbound access (
app
subnet) [x] Storage: public Network Access disabled ** [ ] Storage: Inbound access using VNET (storage
subnet) [x] Storage: Inbound access using Private Endpoints & VNET (privateEndpoints
subnet)Identity and Access: [x] Function: identity applied [
user defined identity
] [x] Function: http access secured (EZ auth | Function key | Master key) [x] Storage: RBAC grant [user defined identity
,data owner
] [x] Storage: access keys disabled [ ] App Insights: public access disabled, uses identityDoes this introduce a breaking change?
Pull Request Type
What kind of change does this Pull Request introduce?
How to Test
What to Check
Verify that the following are valid