Add static IP address for outbound traffic without the use of App Service Environment
There are many reasons you may want to have a static IP address for outbound connections. For example, you may be accessing a system which requires you to whitelist IP address in a firewall, such as SQL Database or an external service.
Currently, the only way to get a static IP address for outbound connections is to use App Service Environment. App Service Environments are quite complex, and has a very high price tag. You need at least 4 instances, 2 of which must be P2, meaning you'll pay at least 1000 EUR/month. Paying 1000 EUR/month just because you want a static IP address is obviously ridiculous.
I'm looking forward to being able to use a static IP address without an App Service Environment.
Still no news to share, just to add that we are investigating options on modifications for the App Service multi-tenant offering with enhanced capabilities.
Marlon Regenhardt commented
Really no official update since 2018? Still looking for a way to easily let only one specific App Service connect to a certain Azure SQL Database on a SQL Server.
Miikka Tuori commented
I have enabled VNET integration for the App Service Plan. Can I force all outbound traffic to flow through the Application Gateway with WAF (v2)? It does have a public static IP.
Time and again I run into this problem. Have to convert our .NET Core Azure Functions into .NET Framework Cloud Services (classic) just to get a static outbound IP.
Feels like this is a strategic decision by Micro$oft to force people to use the only and very expensive option of ASE.
This is same with Azure function in consumption tier, IP may change and static ip requirement forcing customer to use ASE with 3 time cost. Surprised to see this is not resolved yet.
Karel Golberg commented
This is very annoying indeed. Unbelievable that this has not been solved yet (this request is 3 years old). Whitelisting IP's is still very common today.
3 vote for this, obviously there would be static IP for outbound traffic for whitelisting for third parties and Database
Jens Vestergaard commented
This has become an issue for us as well, and we would very much like to know which direction you will be going with this.
Pedro Feio commented
Can you please provide an update on this? At least an update mentioning if you're building this, pr planning to build this into the App Services or not.
Stephan van Rooij commented
I can't believe this isn't possible yet. I don't like the fact that some 3th party systems require (manual) IP whitelisting, but for now I have to live with it.
GOPINATH THIRUVENGADAM commented
With Azure Application gateway supporting static IP and traffic leaving the app gw v2 also having the same static public IP, we can get away with ASE's with a combination of splitting the web and mid tier across 3 application gateways. Web AppGW exposed to the internet and Mid AppGW with public static IP but NSG in front so it accepts traffic only from Web APPGW static IP, and the DB behind another APPGWV2 that is configured to receive traffic only from MiDAPPGWV2.
This is a Key Feature to many clients of Microsoft. It is obviously for security that Microsoft's clients must use a whilelist in their external systems. For this reason, it is a great feature to improve the App Services.
Paul Broman commented
Seriously, this seems like such a basic thing. I just assumed you could pin a service to an outbound IP somewhere quickly and easily. I have developers working on things and now we're looking at migrating to VMs. I suppose I should have done more homework on this, but it just seems like such a basic common need for so many developers. Why should it cost a pile of cash just so you can assign stuff to a static outbound IP? Terrible.
Matias Osca commented
Another vote.. Be able to run a script to make outbound call from a static IP would help to white-list in my external systems
Also really need this feature. We have several app services, and recently have gotten a requirement to have a static outbound IP. Wanted to use app service, but paying $1000+ for ASE would basically quadruple our costs.
We're ending up having to make a cloud service just to get static IP. Please add this, so we can stick to App Services.
3 votes for this. The problem with ASE is it has features that smaller customers want but other features that are not needed such as high scalability.
For example, my company has web apps that for security reasons require traffic to pass through Azure's internal network only, we also require static IP addresses as the calls made from our web apps come from a range. Opening the entire range means that you expose the web app to others outside of our company.
We don't need high scalability for these apps, but we do require the security it comes with such as the isolation. Currently, we have to use IaaS which is a bit of a waste.
any news or provision for this 7 months after the last post? forced to look into other options simply because of this
Jens Hellberg commented
If your site uses SSL and you're at least using the "Production" tier, you can assign the SSL cert using IP based bindings. This will lock down your IP address so that it won't change.
Hope this feature will be implemented soon.