i have an app service in Azure , at the moment there are about 20 outbound ip addresses and client have to whitelist all these ip addresses. I want to make the app have a static ip address so i configured a public ip in azure and associated it to the app.
But when i create the new publicip address can i use one of the existing outbound ip addresses as the public ip address instead of making the customers have to whitelist another ip ?
or does azure automatically assign you a new one ?
i was expecting to be able to set an existing outbound ip as a public ip
2
Answers
Welcome Kristen 👋.
Public IP addresses are only for inbound connections to a Azure resources, so they wouldn’t help you in your quest to restrict the IP address used by outbound connections from an App Service.
Outbound connections will always originate from a range of source IPs. As your App Service scales out to multiple instances then different instances will issue outbound requests from different source IP addresses.
By default, Azure App Services allocates outbound IP addresses dynamically. This means the IP address your app uses to connect to external services can change over time.
You can view the current outbound IPs in the Azure portal or through Azure CLI.
You can however integrate your app with a Vnet and configure a NAT Gateway to have a single fixed outbound IP. This is one of the common uses of NAT Gateways.
Azure firewall also provides SNAT capability, which can be used to associate a static outbound IP with your applications.
https://learn.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips#find-outbound-ips