Configuring the firewall of an Azure storage account used as the backend of an Azure Function (circular reference error)

I have run into a frustrating and perhaps unavoidable circular reference error with the azurerm Terraform provider when trying to enable and configure the firewall of a storage account that is used by an Azure Function as its back-end. The Function is in eastus and the storage account is in centralus (IP firewall rules can’t be used to restrict access to clients in the same Azure region as the storage account).

I am using the azurerm_function_app possible_outbound_ip_addresses attribute to supply the Azure storage account with the list of IP’s it should permit so that the Function App can talk to it.

However, I get the circular reference because the Azure Function has to be fully created before it knows its outbound IP’s, BUT the storage account has to be fully configured BEFORE the Azure Function is created (or so it seems).

Has anyone run into this while trying to configure the firewall of a storage account used by an Azure Function?