We are facing access issues with our current backend architecture. Indeed our API is hosted on Cloud functions for Firebase, and it accesses an SQL Database hosted on Azure. Azure refuses the connection because the IP that Cloud functions uses is not in its Allowed list. Since the IP changes on most invocations, it is difficult to allow all the possible IPs it uses.
I did some research and could not find an elegant solution to this problem, all I could find was a way to list all of Google's possible IPs and allow all of them which doesn't seem like a good option to me. It not only implies security flaws, but it is also a long process to appropriately list and convert all of Google IPs to ranges and add them to the Allow list, which is why I am asking this question and do not see it as a duplicate, in case a more elegant solution exists.
How could we authorise Cloud functions for Firebase to access our SQL Database hosted on Azure? Is there a way to make functions use a static IP that we could then add to the Allowed list? I lack knowledge in this department, so I was wondering if maybe it is possible to connect some kind of proxy to the functions to ensure they always call from a certain IP?
