Share via

whitelist container instances static public ip with application gateway

Anonymous
2022-01-04T06:06:15.937+00:00

we have external private databse which firewall needs a static public IP address to be put into the whitelist, following this article https://learn.microsoft.com/en-us/azure/container-instances/container-instances-application-gateway, i create a static public IP 20.92 and Vnet with AG and CG inside, but after i test the access to DB i found i cant connect to it, so i went into the container log and found actually it use another dynamic ip 20.xx.xxx.xx which i dont know where it comes from, i also try to create a simple container instance with public IP
161980-image.png
and put the IP 20.213.65.71 into our DB whitelist also doesnt work, the log shows actually that container use another random IP to connect to our DB...
162069-image.png
Any advise?
Thanks

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
757 questions
0 comments
Accepted answer
  1. Sam Cogan 10,812 Reputation points Microsoft Employee Volunteer Moderator
    2022-01-04T11:17:51.62+00:00

    As mentioned by @SRIJIT-BOSE-MSFT , using an App Gateway will only allow for a static inbound IP. The article he references will work, but is an expensive way to do it. This article uses an Azure Firewall as the means of setting a static outbound IP, this will work, but unless you want all the other features of Azure Firewall it is a very expensive way to do this. Instead you can follow the same steps to join your ACI instance to a vNet, then configure the vNet to use a NAT Gateway to make the outbound IP static.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SRIJIT-BOSE-MSFT 4,346 Reputation points Microsoft Employee
    2022-01-04T08:17:45.92+00:00

    @Anonymous , thank you for your question.

    The article you have referred to shares guidelines on how to expose a static, public IP address for a container group by using an Azure application gateway. This means that all inbound traffic to that static Public IP address will be sent to the container group. However, outbound traffic from the container group does not use this static Public IP address. Instead, it uses an outbound IP address on a Load Balancer which is all abstracted from you.

    Instead, if you want to ensure, both inbound traffic to and outbound traffic from the container group over the static Public IP address then please follow the guidelines shared here.

    ----
    Hope this helps!

    Please "Accept as Answer" if it helped so that others in the community looking for similar topics can benefit from it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.