Protect logic apps from zonal failures with availability zones and zone redundancy
Applies to: Azure Logic Apps (Consumption + Standard)
In each Azure region, availability zones are physically separate locations that are tolerant to local failures. Such failures can range from software and hardware failures to events such as earthquakes, floods, and fires. These zones achieve tolerance through the redundancy and logical isolation of Azure services.
To provide resiliency and distributed availability, at least three separate availability zones exist in any Azure region that supports and enables zone redundancy. The Azure Logic Apps platform distributes these zones and logic app workloads across these zones. This capability is a key requirement for enabling resilient architectures and providing high availability if datacenter failures happen in a region.
For more information, see the following documentation:
This guide provides a brief overview, considerations, and information about how to enable availability zones in Azure Logic Apps.
Considerations
Availability zones are supported with Standard logic app workflows, which run in single-tenant Azure Logic Apps and are powered by Azure Functions extensibility. For more information, see Reliability in Azure Functions.
You can enable this capability only when you create a Standard logic app in a supported Azure region or in an App Service Environment v3 (ASE v3) - Windows plans only.
You can enable this capability only for new Standard logic apps. You can't enable availability zone support for existing Standard logic app workflows.
You can enable this capability only at creation time. No programmatic tool support, such as Azure PowerShell or Azure CLI, currently exists to enable availability zone support after creation.
This capability supports only built-in connector operations, which directly run with the Azure Logic Apps runtime, not connector operations that are hosted and run in Azure.
Limitations
With HTTP-based actions, certificates exported or created with AES256 encryption won't work when used for client certificate authentication. The same certificates also won't work when used for OAuth authentication.
Prerequisites
An Azure account and subscription. If you don't have a subscription, sign up for a free Azure account.
If you have a firewall or restricted environment, you have to allow traffic through all the IP addresses required by Azure Logic Apps, managed connectors, and any custom connectors in the Azure region where you create your logic app workflows. New IP addresses that support availability zone redundancy are already published for Azure Logic Apps, managed connectors, and custom connectors. For more information, review the following documentation:
Enable availability zones
For Standard logic apps only, follow these steps:
In the Azure portal, start creating a Standard logic app. On the Create Logic App page, stop after you select Standard as the plan type for your logic app.
For a tutorial, see Create Standard logic app workflows with single-tenant Azure Logic Apps in the Azure portal.
After you select Standard, the Zone redundancy section and options become available.
Note
The Zone redundancy options appear unavailable if you select an unsupported Azure region or an existing Windows plan that created in an unsupported Azure region. Make sure to select a supported Azure region and a Windows plan that was created in a supported Azure region, or create a new Windows plan.
Under Zone redundancy, select Enabled.
At this point, your logic app creation experience appears similar to this example:
Finish creating your logic app workflow.
If you use a firewall and haven't set up access for traffic through the required IP addresses, make sure to complete that requirement.