Azure Question posted in
The official documentation to get you started can be found here.

How to get or find the single public IP in an Azure app service

Our application is hosted on Azure app service (say Server A).

I see 7 Outbound IP Addresses. And there are 30 Additional Outbound IP Addresses.

There is no App Gateway or API Gateway configured.

This application needs to communicate with an external server who wants to whitelist one IP of Server A.

So, is it possible to have a single public IP for server A without subscribing to any additional services.

Tags:

2

Answers


  1. 0

    Please note that outbound IPs might change.

    Also:

    Regardless of the number of scaled-out instances, each app has a set number of outbound IP addresses at any given time. Any outbound connection from the App Service app, such as to a back-end database, uses one of the outbound IP addresses as the origin IP address. The IP address to use is selected randomly at runtime, so your back-end service must open its firewall to all the outbound IP addresses for your app.

    Considering the above, I think your best option is to get a static outbound IP:

    You can control the IP address of outbound traffic from your app by using virtual network integration together with a virtual network NAT gateway to direct traffic through a static public IP address.

    See also Azure NAT Gateway integration.

    Login or Signup to reply.
  2. 0

    The best solution is to use a NAT gateway. NAT works as a single point for all your outbound (internet) connectivity within a virtual network. Also, NAT protects you from the Port Exhaustion issue, which could be the case when you rely on an embedded App Service outbound setup.

    Below is the bicep script to set up NAT + Public IP Address.

    resource publicip 'Microsoft.Network/publicIPAddresses@2023-05-01' = {
  name: 'natip-my'
  location: location
  sku: {
    name: 'Standard'
  }
  properties: {
    publicIPAddressVersion: 'IPv4'
    publicIPAllocationMethod: 'Static'
    idleTimeoutInMinutes: 4
  }
}

resource natgateway 'Microsoft.Network/natGateways@2023-05-01' = {
  name: 'nat-my'
  location: location
  sku: {
    name: 'Standard'
  }
  properties: {
    idleTimeoutInMinutes: 4
    publicIpAddresses: [
      {
        id: publicip.id
      }
    ]
  }
}

    And then, you link the NAT with a VNet resource.

    resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-05-01' = {
  name: 'vnet-my'
  location: location
  properties: {       
    subnets:[
      {
        name: 'apps'
        properties: {
          
          //...

          natGateway: {
            id: natgateway.id
          }
          
          //...
        }
      }
    ]
  }

    You don’t need AppGateway/Frontdoor solutions for your task, as their target are inbound requests.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search