Share via

In a consumption only environment, is a Container App's outbound IP static?

Mike Davlantes 0 Reputation points
2024-12-30T18:40:00.79+00:00

We have a basic container app in a consumption only environment that needs a static IP for egress. The docs say "outbound IPs may change over time."

But later it states that if you bring your own vNet in a consumption only environment, Azure will automatically create a resource group that "contains public IP addresses used specifically for outbound connectivity from your environment and a load balancer."

Given that we are being charged for a standard static public IP for egress, can we rely on this IP for whitelisting purposes?

Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
490 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 9,535 Reputation points
    2024-12-30T18:45:49.2533333+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    In a consumption-only environment for Azure Container Apps, the outbound IP is not guaranteed to be static. While Azure does create a resource group with public IP addresses for outbound connectivity, these IPs are not guaranteed to remain constant over time

    To achieve a static outbound IP for your Container App, you have a few options:

    • Workload Profiles: Upgrade to a Workload Profile environment, which supports the use of NAT Gateway for static outbound IP
    • NAT Gateway: In a Workload Profile environment, you can configure a NAT Gateway with a static public IP for outbound traffic
    • Azure Firewall: For more advanced scenarios, you could use Azure Firewall to control egress traffic with a static IP

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.