In this article, you use local command-line tools to create a function that responds to HTTP requests. After verifying your code locally, you deploy it to a serverless Flex Consumption hosting plan in Azure Functions.
Completing this quickstart incurs a small cost of a few USD cents or less in your Azure account.
Prerequisites
- An Azure account with an active subscription. Create an account for free.
- Java 17 Developer Kit
- If you use another supported version of Java, you must update the project's pom.xml file.
- The
JAVA_HOMEenvironment variable must be set to the install ___location of the correct version of the Java Development Kit (JDK).
- Apache Maven 3.8.x
- The
jqcommand line JSON processor, used to parse JSON output, and is also available in Azure Cloud Shell.
Install the Azure Functions Core Tools
The recommended way to install Core Tools depends on the operating system of your local development computer.
The following steps use a Windows installer (MSI) to install Core Tools v4.x. For more information about other package-based installers, see the Core Tools readme.
Download and run the Core Tools installer, based on your version of Windows:
- v4.x - Windows 64-bit (Recommended. Visual Studio Code debugging requires 64-bit.)
- v4.x - Windows 32-bit
If you previously used Windows installer (MSI) to install Core Tools on Windows, you should uninstall the old version from Add Remove Programs before installing the latest version.
Create and activate a virtual environment
In a suitable folder, run the following commands to create and activate a virtual environment named .venv. Make sure to use one of the Python versions supported by Azure Functions.
python -m venv .venv
source .venv/bin/activate
If Python didn't install the venv package on your Linux distribution, run the following command:
sudo apt-get install python3-venv
You run all subsequent commands in this activated virtual environment.
Create a local code project and function
In Azure Functions, your code project is an app that contains one or more individual functions that each responds to a specific trigger. All functions in a project share the same configurations and are deployed as a unit to Azure. In this section, you create a code project that contains a single function.
In a terminal or command prompt, run this
func initcommand to create a function app project in the current folder:func init --worker-runtime dotnet-isolated
In a terminal or command prompt, run this
func initcommand to create a function app project in the current folder:func init --worker-runtime node --language javascript
In a terminal or command prompt, run this
func initcommand to create a function app project in the current folder:func init --worker-runtime powershell
In a terminal or command prompt, run this
func initcommand to create a function app project in the current folder:func init --worker-runtime python
In a terminal or command prompt, run this
func initcommand to create a function app project in the current folder:func init --worker-runtime node --language typescript
In an empty folder, run this
mvncommand to generate the code project from an Azure Functions Maven archetype:mvn archetype:generate -DarchetypeGroupId=com.microsoft.azure -DarchetypeArtifactId=azure-functions-archetype -DjavaVersion=17Important
- Use
-DjavaVersion=11if you want your functions to run on Java 11. To learn more, see Java versions. - The
JAVA_HOMEenvironment variable must be set to the install ___location of the correct version of the JDK to complete this article.
- Use
Maven asks you for values needed to finish generating the project on deployment.
Provide the following values when prompted:Prompt Value Description groupId com.fabrikamA value that uniquely identifies your project across all projects, following the package naming rules for Java. artifactId fabrikam-functionsA value that is the name of the jar, without a version number. version 1.0-SNAPSHOTChoose the default value. package com.fabrikamA value that is the Java package for the generated function code. Use the default. Type
Yor press Enter to confirm.Maven creates the project files in a new folder with a name of artifactId, which in this example is
fabrikam-functions.Navigate into the project folder:
cd fabrikam-functionsYou can review the template-generated code for your new HTTP trigger function in Function.java in the \src\main\java\com\fabrikam project directory.
Use this
func newcommand to add a function to your project:func new --name HttpExample --template "HTTP trigger" --authlevel "anonymous"A new code file is added to your project. In this case, the
--nameargument is the unique name of your function (HttpExample) and the--templateargument specifies an HTTP trigger.
The project root folder contains various files for the project, including configurations files named local.settings.json and host.json. Because local.settings.json can contain secrets downloaded from Azure, the file is excluded from source control by default in the .gitignore file.
Run the function locally
Verify your new function by running the project locally and calling the function endpoint.
Use this command to start the local Azure Functions runtime host in the root of the project folder:
func startfunc startnpm install npm startmvn clean package mvn azure-functions:runToward the end of the output, the following lines should appear:
... Now listening on: http://0.0.0.0:7071 Application started. Press Ctrl+C to shut down. Http Functions: HttpExample: [GET,POST] http://localhost:7071/api/HttpExample ...Note
If the HttpExample endpoint doesn't appear as expected, you likely started the host from outside the root folder of the project. In that case, use Ctrl+C to stop the host, navigate to the project's root folder, and run the previous command again.
Copy the URL of your
HttpExamplefunction from this output to a browser and browse to the function URL and you should receive success response with a "hello world" message.When you're done, use Ctrl+C and choose
yto stop the functions host.
Create supporting Azure resources for your function
Before you can deploy your function code to Azure, you need to create these resources:
- A resource group, which is a logical container for related resources.
- A default Storage account, which is used by the Functions host to maintain state and other information about your functions.
- A user-assigned managed identity, which the Functions host uses to connect to the default storage account.
- A function app, which provides the environment for executing your function code. A function app maps to your local function project and lets you group functions as a logical unit for easier management, deployment, and sharing of resources.
Use the Azure CLI commands in these steps to create the required resources.
If you haven't done so already, sign in to Azure:
az loginThe
az logincommand signs you into your Azure account. Skip this step when running in Azure Cloud Shell.If you haven't already done so, use this
az extension addcommand to install the Application Insights extension:az extension add --name application-insightsUse this az group create command to create a resource group named
AzureFunctionsQuickstart-rgin your chosen region:az group create --name "AzureFunctionsQuickstart-rg" --___location "<REGION>"In this example, replace
<REGION>with a region near you that supports the Flex Consumption plan. Use the az functionapp list-flexconsumption-locations command to view the list of currently supported regions.Use this az storage account create command to create a general-purpose storage account in your resource group and region:
az storage account create --name <STORAGE_NAME> --___location "<REGION>" --resource-group "AzureFunctionsQuickstart-rg" \ --sku "Standard_LRS" --allow-blob-public-access false --allow-shared-key-access falseIn this example, replace
<STORAGE_NAME>with a name that is appropriate to you and unique in Azure Storage. Names must contain three to 24 characters numbers and lowercase letters only.Standard_LRSspecifies a general-purpose account, which is supported by Functions. This new account can only be accessed by using Microsoft Entra-authenticated identities that have been granted permissions to specific resources.Use this script to create a user-assigned managed identity, parse the returned JSON properties of the object using
jq, and grantStorage Blob Data Ownerpermissions in the default storage account:output=$(az identity create --name "func-host-storage-user" --resource-group "AzureFunctionsQuickstart-rg" --___location <REGION> \ --query "{userId:id, principalId: principalId, clientId: clientId}" -o json) userId=$(echo $output | jq -r '.userId') principalId=$(echo $output | jq -r '.principalId') clientId=$(echo $output | jq -r '.clientId') storageId=$(az storage account show --resource-group "AzureFunctionsQuickstart-rg" --name <STORAGE_NAME> --query 'id' -o tsv) az role assignment create --assignee-object-id $principalId --assignee-principal-type ServicePrincipal \ --role "Storage Blob Data Owner" --scope $storageIdIf you don't have the
jqutility in your local Bash shell, it's available in Azure Cloud Shell. In this example, replace<STORAGE_NAME>and<REGION>with your default storage account name and region, respectively.The az identity create command creates an identity named
func-host-storage-user. The returnedprincipalIdis used to assign permissions to this new identity in the default storage account by using theaz role assignment createcommand. Theaz storage account showcommand is used to obtain the storage account ID.Use this az functionapp create command to create the function app in Azure:
az functionapp create --resource-group "AzureFunctionsQuickstart-rg" --name <APP_NAME> --flexconsumption-___location <REGION> \ --runtime dotnet-isolated --runtime-version <LANGUAGE_VERSION> --storage-account <STORAGE_NAME> \ --deployment-storage-auth-type UserAssignedIdentity --deployment-storage-auth-value "func-host-storage-user"az functionapp create --resource-group "AzureFunctionsQuickstart-rg" --name <APP_NAME> --flexconsumption-___location <REGION> \ --runtime java --runtime-version <LANGUAGE_VERSION> --storage-account <STORAGE_NAME> \ --deployment-storage-auth-type UserAssignedIdentity --deployment-storage-auth-value "func-host-storage-user"az functionapp create --resource-group "AzureFunctionsQuickstart-rg" --name <APP_NAME> --flexconsumption-___location <REGION> \ --runtime node --runtime-version <LANGUAGE_VERSION> --storage-account <STORAGE_NAME> \ --deployment-storage-auth-type UserAssignedIdentity --deployment-storage-auth-value "func-host-storage-user"az functionapp create --resource-group "AzureFunctionsQuickstart-rg" --name <APP_NAME> --flexconsumption-___location <REGION> \ --runtime python --runtime-version <LANGUAGE_VERSION> --storage-account <STORAGE_NAME> \ --deployment-storage-auth-type UserAssignedIdentity --deployment-storage-auth-value "func-host-storage-user"az functionapp create --resource-group "AzureFunctionsQuickstart-rg" --name <APP_NAME> --flexconsumption-___location <REGION> \ --runtime python --runtime-version <LANGUAGE_VERSION> --storage-account <STORAGE_NAME> \ --deployment-storage-auth-type UserAssignedIdentity --deployment-storage-auth-value "func-host-storage-user"In this example, replace these placeholders with the appropriate values:
<APP_NAME>: a globally unique name appropriate to you. The<APP_NAME>is also the default DNS ___domain for the function app.<STORAGE_NAME>: the name of the account you used in the previous step.<REGION>: your current region.<LANGUAGE_VERSION>: use the same supported language stack version you verified locally.
This command creates a function app running in your specified language runtime on Linux in the Flex Consumption Plan, which is free for the amount of usage you incur here. The command also creates an associated Azure Application Insights instance in the same resource group, with which you can use to monitor your function app executions and view logs. For more information, see Monitor Azure Functions. The instance incurs no costs until you activate it.
Use this script to add your user-assigned managed identity to the Monitoring Metrics Publisher role in your Application Insights instance:
appInsights=$(az monitor app-insights component show --resource-group "AzureFunctionsQuickstart-rg" \ --app <APP_NAME> --query "id" --output tsv) principalId=$(az identity show --name "func-host-storage-user" --resource-group "AzureFunctionsQuickstart-rg" \ --query principalId -o tsv) az role assignment create --role "Monitoring Metrics Publisher" --assignee $principalId --scope $appInsightsIn this example, replace
<APP_NAME>with the name of your function app. The az role assignment create command adds your user to the role. The resource ID of your Application Insights instance and the principal ID of your user are obtained by using the az monitor app-insights component show andaz identity showcommands, respectively.
Update application settings
To enable the Functions host to connect to the default storage account using shared secrets, you must replace the AzureWebJobsStorage connection string setting with several settings that are prefixed with AzureWebJobsStorage__. These settings define a complex setting that your app uses to connect to storage and Application Insights with a user-assigned managed identity.
Use this script to get the client ID of the user-assigned managed identity and uses it to define managed identity connections to both storage and Application Insights:
clientId=$(az identity show --name func-host-storage-user \ --resource-group AzureFunctionsQuickstart-rg --query 'clientId' -o tsv) az functionapp config appsettings set --name <APP_NAME> --resource-group "AzureFunctionsQuickstart-rg" \ --settings AzureWebJobsStorage__accountName=<STORAGE_NAME> \ AzureWebJobsStorage__credential=managedidentity AzureWebJobsStorage__clientId=$clientId \ APPLICATIONINSIGHTS_AUTHENTICATION_STRING="ClientId=$clientId;Authorization=AAD"In this script, replace
<APP_NAME>and<STORAGE_NAME>with the names of your function app and storage account, respectively.Run the az functionapp config appsettings delete command to remove the existing
AzureWebJobsStorageconnection string setting, which contains a shared secret key:az functionapp config appsettings delete --name <APP_NAME> --resource-group "AzureFunctionsQuickstart-rg" --setting-names AzureWebJobsStorageIn this example, replace
<APP_NAME>with the names of your function app.
At this point, the Functions host is able to connect to the storage account securely using managed identities instead of shared secrets. You can now deploy your project code to the Azure resources.
Deploy the function project to Azure
After you've successfully created your function app in Azure, you're now ready to deploy your local functions project by using the func azure functionapp publish command.
In your root project folder, run this func azure functionapp publish command:
func azure functionapp publish <APP_NAME>
In this example, replace <APP_NAME> with the name of your app. A successful deployment shows results similar to the following output (truncated for simplicity):
...
Getting site publishing info...
Creating archive for current directory...
Performing remote build for functions project.
...
Deployment successful.
Remote build succeeded!
Syncing triggers...
Functions in msdocs-azurefunctions-qs:
HttpExample - [httpTrigger]
Invoke url: https://msdocs-azurefunctions-qs.azurewebsites.net/api/httpexample
Update the pom.xml file
After you successfully created your function app in Azure, you must update the pom.xml file so that Maven can deploy to your new app. Otherwise, it creates new set of Azure resources during deployment.
In Azure Cloud Shell, use this
az functionapp showcommand to get the deployment container URL and ID of the new user-assigned managed identity:az functionapp show --name <APP_NAME> --resource-group AzureFunctionsQuickstart-rg \ --query "{userAssignedIdentityResourceId: properties.functionAppConfig.deployment.storage.authentication.userAssignedIdentityResourceId, \ containerUrl: properties.functionAppConfig.deployment.storage.value}"In this example, replace
<APP_NAME>with the names of your function app.In the project root directory, open the pom.xml file in a text editor, locate the
propertieselement, and make updates to these specific property values:Property name Value java.versionUse the same supported language stack version you verified locally, such as 17.azure.functions.maven.plugin.version1.37.1azure.functions.java.library.version3.1.0functionAppNameThe name of your function app in Azure. Find the
configurationsection of theazure-functions-maven-pluginand replace it with this XML fragment:<configuration> <appName>${functionAppName}</appName> <resourceGroup>AzureFunctionsQuickstart-rg</resourceGroup> <pricingTier>Flex Consumption</pricingTier> <region>....</region> <runtime> <os>linux</os> <javaVersion>${java.version}</javaVersion> </runtime> <deploymentStorageAccount>...</deploymentStorageAccount> <deploymentStorageResourceGroup>AzureFunctionsQuickstart-rg</deploymentStorageResourceGroup> <deploymentStorageContainer>...</deploymentStorageContainer> <storageAuthenticationMethod>UserAssignedIdentity</storageAuthenticationMethod> <userAssignedIdentityResourceId>...</userAssignedIdentityResourceId> <appSettings> <property> <name>FUNCTIONS_EXTENSION_VERSION</name> <value>~4</value> </property> </appSettings> </configuration>In the new
configurationelement, make these specific replacements of the ellipses (...) values:Configuration Value regionThe region code of your existing function app, such as eastus.deploymentStorageAccountThe name of your storage account. deploymentStorageContainerThe name of the deployment share, which comes after the \in thecontainerUrlvalue you obtained.userAssignedIdentityResourceIdThe fully qualified resource ID of your managed identity, which you obtained. Save your changes to the pom.xml file.
You can now use Maven to deploy your code project to your existing app.
Deploy the function project to Azure
From the command prompt, run this command:
mvn clean package azure-functions:deployAfter your deployment succeeds, use this
az functionapp function showto get the URL of the remoteHttpExamplefunction endpoint:az functionapp function show --name <APP_NAME> --resource-group "AzureFunctionsQuickstart-rg" \ --function-name HttpExample --query invokeUrlTemplate -o tsvIn this example, replace
<APP_NAME>with the names of your function app.Copy the returned endpoint URL, which you next use to invoke the function endpoint.
Invoke the function on Azure
Because your function uses an HTTP trigger and supports GET requests, you invoke it by making an HTTP request to its URL. It's easiest to do execute a GET request in a browser.
Copy the complete Invoke URL shown in the output of the publish command into a browser address bar.
Paste the URL you copied into a browser address bar.
The endpoint URL should look something like this example:
https://contoso-app.azurewebsites.net/api/httpexample
When you navigate to this URL, the browser should display similar output as when you ran the function locally.
Clean up resources
If you continue to the next step and add an Azure Storage queue output binding, keep all your resources in place as you'll build on what you've already done.
Otherwise, use the following command to delete the resource group and all its contained resources to avoid incurring further costs.
az group delete --name AzureFunctionsQuickstart-rg