DEV Community

Andrei Kniazev
Andrei Kniazev

Posted on

Azure Web Apps with One Static IP Address via Bicep

#azure #bicep #devops #iac

If you need to have multiple Azure Web Apps with one static IP for outbound calls you need:

1 - Create a Virtual Network
2 - Create NAT Gateway
3 - Create Public IP
5 - Create SubNets for each App
6 - Attach SubNets to VN
7 - Use NAT In SubNets
8 - Enable vnetRouteAllEnabled for each App

We will use bicep for all of it.

Apps

Notice: Apps should be S1 or higher to allow subnets - https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration#pricing-details

In you apps you need to enable vnetRouteAllEnabledin siteConfig. Example bicep:

First you need to creat two apps. Example bicep file for app-one:

param location string = resourceGroup().location resource hostingPlan 'Microsoft.Web/serverfarms@2020-12-01' = { name: 'hostingPlan' location: location kind: 'windows' sku: { name: 'S1' capacity: 1 } } resource appService 'Microsoft.Web/sites@2021-03-01' = { name: 'app-one' location: location identity: { type: 'SystemAssigned' } properties: { serverFarmId: hostingPlan.id httpsOnly: true siteConfig: { vnetRouteAllEnabled: true } } }
Enter fullscreen mode Exit fullscreen mode

Network Part

This bicep will create VN, NAT Gateway, Public IP and SubNet for each Web App.

param location string = resourceGroup().location var appOne = 'app-one' var appTwo = 'app-two' resource publicIp 'Microsoft.Network/publicIPAddresses@2021-05-01' = { name: 'public-ip-name' location: location sku: { name: 'Standard' } properties: { publicIPAddressVersion: 'IPv4' publicIPAllocationMethod: 'Static' idleTimeoutInMinutes: 4 } } resource natgateway 'Microsoft.Network/natGateways@2021-05-01' = { name: 'natgateway-name' location: location sku: { name: 'Standard' } properties: { idleTimeoutInMinutes: 4 publicIpAddresses: [ { id: publicIp.id } ] } } resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = { name: 'virtualNetwork' location: location properties: { addressSpace: { addressPrefixes: [ '192.168.0.0/16' ] } subnets: [ { name: 'subnet-for-${appOne}' properties: { addressPrefix: '192.168.0.0/24' natGateway: { id: natgateway.id } delegations: [ { name: 'delegation' properties: { serviceName: 'Microsoft.Web/serverfarms' } } ] } } { name: 'subnet-for-${appTwo}' properties: { addressPrefix: '192.168.1.0/24' natGateway: { id: natgateway.id } delegations: [ { name: 'delegation' properties: { serviceName: 'Microsoft.Web/serverfarms' } } ] } } ] } } resource prodcutsToSubnet 'Microsoft.Web/sites/networkConfig@2022-03-01' = { name: '${appOne}/virtualNetwork' properties: { subnetResourceId: virtualNetwork.properties.subnets[0].id swiftSupported: true } } resource webhooksToSubnet 'Microsoft.Web/sites/networkConfig@2022-03-01' = { name: '${appTwo}/virtualNetwork' properties: { subnetResourceId: virtualNetwork.properties.subnets[1].id swiftSupported: true } }
Enter fullscreen mode Exit fullscreen mode

Now all outbound connections from apps will use one static IP address.

Top comments (0)