I guess it doesn’t quite roll off the tongue like some other slogans do but gosh darn it — I love Azure Functions. I want to use Azure Functions. But Azure Functions need to be fun and easy again — and that starts with automation.

Coders gonna code, right? So why does the number one developer-oriented service rely on so much ClickOps?!? Developers don’t want ClickOps — we want some sweet, sweet, sweet CI/CD.

Have you ever found an Azure service resource in the Terraform provider documentation, only to discover it is fundamentally broken for a key use case? I found out the hard way with Azure Functions Flex Consumption.

On paper, Flex Consumption seemed like a cleaner, modern hosting option for new workloads. It looked promising in the documentation, promising scalable serverless compute while reducing overhead. Then I tried to provision it with a common, security-focused deployment scenario: Managed Identity (system-assigned or user-assigned). That’s where it fell apart.

While testing multiple Azure Functions hosting plans using Terraform, I immediately ran into subscription quota issues with classic Consumption and Premium plans.

With Flex Consumption, I was able to get deployments working only when using a Storage Account Connection String for the deployment.

Why is that a problem?

Using connection strings for deployments is now discouraged for production workloads due to security concerns. Managed Identity has become the recommended and secure standard for CI/CD pipelines and production-grade workflows. However, when testing Flex Consumption with system-assigned and user-assigned managed identities, it failed entirely, breaking the CI/CD workflows I needed to validate.

The broken quota management system for Azure Functions is a huge pain point for new potential customers. Azure services shouldn’t be hard to use. Our customers shouldn’t have to exert tremendous grit to be able to use them — if we put roadblocks in their paths, they’ll just give up and go use another cloud — in this case switching to Lambda. We should do better. We need to do better.

Right now it’s just plain difficult for a new customer to sign up for an Azure Pay-As-You-Go Account and start using Azure Functions. If you pick Consumption or Premium you’ll smash into a Quota error that is disguised as a cryptic Azure Portal Failure. If you pick Flex Consumption and try to follow Microsoft best-practices to use Managed Identity you’ll run into deployment failures — thus rendering the service wholly unusable.

Azure Functions should be easy.

Alt