Azure Function Flex Consumption Plan and Key Vault

When we use the Azure Functions Flex Consumption plan, the platform dynamically manages the underlying infrastructure. This means the outbound IP addresses are not static or predictable in the same way they are with dedicated plan like App Service Environment.

The Private IP Address (172.25.1.187) is an internal, virtual network address within the Azure infrastructure and not a public, internet-routable IP address. Key vault’s firewall is designed to filter based on public IP addresses or specific virtual network rules. It wouldn’t accept, non-routable IP address in its allow list.

The correct way to solve this is to use a Virtual Network (VNet) service Endpoint or an Azure Private Endpoint. This method allows your Azure Function to securely connect to the Key Vault over the Azure backbone network without using Public IP addresses.

The Solution

The correct way to solve this is to use a Virtual Network (VNet) Service Endpoint or an Azure Private Endpoint. This method allows your Azure Function to securely connect to the Key Vault over the Azure backbone network without using public IP addresses.

Here’s how you can implement this:

  1. Integrate Your Azure Function with a Virtual Network
    First, you need to integrate your Azure Function App with a virtual network. This feature allows your function to access resources within a VNet. Since your function app is on a Flex Consumption plan, you’ll need to use the Regional VNet Integration feature.
  2. Configure a VNet Service Endpoint for Key Vault
    Once your function app is integrated into a VNet, you can configure a VNet Service Endpoint on your Key Vault. This feature extends the VNet’s private address space and identity to the Azure Key Vault. When a resource (like your function app) in that VNet attempts to access the Key Vault, the traffic stays on the Azure backbone network instead of going over the public internet.

Steps to configure the VNet Service Endpoint:

  • Go to your Azure Key Vault.
  • Navigate to the Networking blade.
  • Under the Firewalls and virtual networks tab, select Allow public access from specific virtual networks and IP addresses.
  • Click + Add existing virtual networks.
  • Select the virtual network and the subnet that your Azure Function is integrated with.
  • Enable the Service endpoint for Microsoft.KeyVault on the subnet.

(Alternative) Use a Private Endpoint
A more secure and private alternative is to use an Azure Private Endpoint. This creates a private network interface for your Key Vault in your VNet, assigning it a private IP address from your VNet’s address space. This makes the Key Vault accessible only from within your VNet.

    Steps to configure the Private Endpoint:

    • Go to your Azure Key Vault.
    • Navigate to the Networking blade.
    • Select the Private endpoint connections tab.
    • Click + Private endpoint.
    • Follow the wizard to create the private endpoint, linking it to your VNet and a specific subnet.
    • Update your function app’s code or configuration to use the private endpoint DNS name for the Key Vault.

    Recommendation: The VNet Service Endpoint approach is generally simpler to implement and is the standard solution for this scenario. The Private Endpoint offers a higher level of network isolation and is often preferred for more sensitive applications.

    This approach resolves the issue by bypassing the public IP address limitation of the Key Vault firewall and establishing a secure, private connection between your Azure Function and the Key Vault.

    ZoomIt – Screen zoom and annotation

    ZoomIt is a screen zoom, annotation, and recording tool for technical presentations and demos. You can also use ZoomIt to snip screenshots to the clipboard or to a file. ZoomIt runs unobtrusively in the tray and activates with customizable hotkeys to zoom in on an area of the screen, move around while zoomed, and draw on the zoomed image. I wrote ZoomIt to fit my specific needs and use it in all my presentations.

    Using ZoomIt

    The first time you run ZoomIt it presents a configuration dialog that describes ZoomIt’s behavior, let’s you specify alternate hotkeys for zooming and for entering drawing mode without zooming, and customize the drawing pen color and size. I use the draw-without-zoom option to annotate the screen at its native resolution, for example. ZoomIt also includes a break timer feature that remains active even when you tab away from the timer window and allows you to return to the timer window by clicking on the ZoomIt tray icon.

    Shortcuts

    ZoomIt offers a number of shortcuts which can extend its usage greatly.

    FunctionShortcut
    Zoom ModeCtrl + 1
    Zoom InMouse Scroll Up or Up Arrow
    Zoom OutMouse Scroll Down or Down Arrow
    Start Drawing (While In Zoom Mode)Left-Click
    Stop Drawing (While In Zoom Mode)Right-Click
    Start Drawing (While Not In Zoom Mode)Ctrl + 2
    Increase/Decrease Line And Cursor Size (Drawing Mode)Ctrl + Mouse Scroll Up/Down or Arrow Keys
    Center The Cursor (Drawing Mode)Space Bar
    Whiteboard (Drawing Mode)W
    Blackboard (Drawing Mode)K
    Type in Text (Left Aligned)T
    Type in Text (Right Aligned)Shift + T
    Increase/Decrease Font Size (Typing Mode)Ctrl + Mouse Scroll Up/Down or Arrow Keys
    Red PenR
    Red Highlight PenShift + R
    Green PenG
    Green Highlight PenShift + G
    Blue PenB
    Blue Highlight PenShift + B
    Yellow PenY
    Yellow Highlight PenShift + Y
    Orange PenO
    Orange Highlight PenShift + O
    Pink PenP
    Pink Highlight PenShift + P
    Blur PenX
    Draw a Straight LineHold Shift
    Draw a RectangleHold Ctrl
    Draw an EllipseHold Tab
    Draw an ArrowHold Ctrl + Shift
    Erase Last DrawingCtrl + Z
    Erase All DrawingsE
    Copy Screenshot to ClipboardCtrl + C
    Crop Screenshot to ClipboardCtrl + Shift + C
    Save Screenshot as PNGCtrl + S
    Save Cropped Screenshot to a FileCtrl + Shift + S
    Copy a Region of The Screen To ClipboardCtrl + 6
    Save a Region of The Screen To a FileCtrl + Shift + 6
    Start/Stop Full Screen Recording Saved as MP4 (Windows 10 May 2019 Update And Higher)Ctrl + 5
    Crop Screen Recording Saved as MP4 (Windows 10 May 2019 Update And Higher)Ctrl + Shift + 5
    Screen Record Only The Window That The Mouse Cursor is Positioned Over Saved as MP4 (Windows 10 May 2019 Update And Higher)Ctrl + Alt + 5
    Show Countdown TimerCtrl + 3
    Increase/Decrease TimeCtrl + Mouse Scroll Up/Down or Arrow Keys
    Minimize Timer (Without Pausing It)Alt + Tab
    Show Timer When MinimizedLeft-Click On The ZoomIt Icon
    LiveZoom ModeCtrl + 4
    LiveDraw ModeCtrl + Shift + 4
    Start DemoTypeCtrl + 7
    Move back to the previous snippet (DemoType)Ctrl + Shift + 7
    Advance to the next snippet (DemoType User-driven Mode)Space Bar
    ExitEsc or Right-Click

    Download from here;

    Git Branching Strategies

    In essence, a Git branch is a movable pointer to a specific commit in the repository’s history. When you create a new branch, you’re creating a new line of development that diverges from the main line. This allows you to make changes without directly affecting the stable codebase.

    Let’s understand how this works. I assume you have Git installed and have basic working knowledge of Git.

    Read more on code site

    Natural Language AI-Powered Smart UI

    Looking for real-world AI examples is a challenge and part of this challenge comes from Generative AI (GenAI) news dominating the media. It feels like every AI demo involves chatting with GenAI to produce content. The obligatory chat completion demo has started to become the to-do list of AI demo apps, and, to make matters worse, it’s selling AI short. GenAIs rely on large language models (LLMs), which are the brain behind natural language processing tasks. In this article, I’ll explore the opportunities presented by LLMs using a real-world research-and-development experiment. This experiment is part of on-going research into AI-enabled user interface components (aka .NET Smart Components) by Progress Software and Microsoft.

    Read more on code site