Microsoft.Network publicIPAddresses
Bicep resource definition
The publicIPAddresses resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/publicIPAddresses resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/publicIPAddresses@2023-04-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
tier: 'string'
}
extendedLocation: {
name: 'string'
type: 'EdgeZone'
}
properties: {
ddosSettings: {
ddosProtectionPlan: {
id: 'string'
}
protectionMode: 'string'
}
deleteOption: 'string'
dnsSettings: {
domainNameLabel: 'string'
domainNameLabelScope: 'string'
fqdn: 'string'
reverseFqdn: 'string'
}
idleTimeoutInMinutes: int
ipAddress: 'string'
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
linkedPublicIPAddress: {
public-ip-address-object
}
extendedLocation: {
name: 'string'
type: 'EdgeZone'
}
id: 'string'
location: 'string'
properties: {
sku: {
name: 'string'
tier: 'string'
}
tags: {}
zones: [
'string'
]
}
migrationPhase: 'string'
natGateway: {
id: 'string'
location: 'string'
properties: {
idleTimeoutInMinutes: int
publicIpAddresses: [
{
id: 'string'
}
]
publicIpPrefixes: [
{
id: 'string'
}
]
}
sku: {
name: 'Standard'
}
tags: {}
zones: [
'string'
]
}
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
publicIPPrefix: {
id: 'string'
}
servicePublicIPAddress: {
public-ip-address-object
}
extendedLocation: {
name: 'string'
type: 'EdgeZone'
}
id: 'string'
location: 'string'
properties: {
sku: {
name: 'string'
tier: 'string'
}
tags: {}
zones: [
'string'
]
}
}
zones: [
'string'
]
}
Property values
publicIPAddresses
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 1-80 Valid characters: Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore. |
| location | Resource location. | string |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| sku | The public IP address SKU. | PublicIPAddressSku |
| extendedLocation | The extended location of the public ip address. | ExtendedLocation |
| properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
PublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| ddosSettings | The DDoS protection custom policy associated with the public IP address. | DdosSettings |
| deleteOption | Specify what happens to the public IP address when the VM using it is deleted | 'Delete' 'Detach' |
| dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipAddress | The IP address associated with the public IP address resource. | string |
| ipTags | The list of tags associated with the public IP address. | IpTag[] |
| linkedPublicIPAddress | The linked public IP address of the public IP address resource. | PublicIPAddress |
| migrationPhase | Migration phase of Public IP Address. | 'Abort' 'Commit' 'Committed' 'None' 'Prepare' |
| natGateway | The NatGateway for the Public IP address. | NatGateway |
| publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
| publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
| servicePublicIPAddress | The service public IP address of the public IP address resource. | PublicIPAddress |
DdosSettings
| Name | Description | Value |
|---|---|---|
| ddosProtectionPlan | The DDoS protection plan associated with the public IP. Can only be set if ProtectionMode is Enabled | SubResource |
| protectionMode | The DDoS protection mode of the public IP | 'Disabled' 'Enabled' 'VirtualNetworkInherited' |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
PublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| domainNameLabelScope | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
IpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
| tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
PublicIPAddress
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the public ip address. | ExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
| sku | The public IP address SKU. | PublicIPAddressSku |
| tags | Resource tags. | object |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Name of a public IP address SKU. | 'Basic' 'Standard' |
| tier | Tier of a public IP address SKU. | 'Global' 'Regional' |
NatGateway
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Nat Gateway properties. | NatGatewayPropertiesFormat |
| sku | The nat gateway SKU. | NatGatewaySku |
| tags | Resource tags. | object |
| zones | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | string[] |
NatGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| idleTimeoutInMinutes | The idle timeout of the nat gateway. | int |
| publicIpAddresses | An array of public ip addresses associated with the nat gateway resource. | SubResource[] |
| publicIpPrefixes | An array of public ip prefixes associated with the nat gateway resource. | SubResource[] |
NatGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of Nat Gateway SKU. | 'Standard' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
| App Gateway with WAF, SSL, IIS and HTTPS redirection |
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers. |
| Create an IPv6 Application Gateway |
This template creates an application gateway with an IPv6 frontend in a dual-stack virtual network. |
| Create an Application Gateway V2 with Key Vault |
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
| Application Gateway for Multi Hosting |
This template creates an Application Gateway and configures it for Multi Hosting on port 443. |
| Create an Application Gateway with Path Override |
This template deploys an Application Gateway and shows usage of the path override feature for a backend address pool. |
| Create an Application Gateway with Probe |
This template deploys an Application Gateway with enhanced probe functionality. |
| Create an Application Gateway with Public IP |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Http Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
| Create an Application Gateway with Public IP (Offload) |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Ssl Offload and Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
| Create an Application Gateway with Redirect |
This template creates an application gateway with Redirect functionalities in a virtual network and sets up load balancing and redirect rules (basic and pathbased) |
| Create an Application Gateway with Rewrite |
This template creates an application gateway with Rewrite functionalities in a virtual network and sets up load balancing, rewrite rules |
| Create an Application Gateway (Custom SSL) |
This template deploys an Application Gateway configured with a custom ssl policy. |
| Create an Application Gateway (SSL Policy) |
This template deploys an Application Gateway configured with a predefined ssl policy. |
| Application Gateway for Url Path Based Routing |
This template creates an Application Gateway and configures it for URL Path Based Routing. |
| Create an Application Gateway v2 |
This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend |
| Create an Application Gateway (WAF) |
This template creates an application gateway with Web Application Firewall functionality in a virtual network and sets up load balancing rules for any number of virtual machines |
| Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
| Application Gateway for a Web App with IP Restriction |
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App. |
| Create an Application Gateway for WebApps |
This template creates an application gateway in front of two Azure Web Apps with a custom probe enabled. |
| Application Security Groups |
This template shows how to put together the pieces to secure workloads using NSGs with Application Security Groups. It will deploy a Linux VM running NGINX and through the usage of Applicaton Security Groups on Network Security Groups we will allow access to ports 22 and 80 to a VM assigned to Application Security Group called webServersAsg. |
| Azure Bastion as a Service |
This template provisions Azure Bastion in a Virtual Network |
| Azure Bastion as a Service with NSG |
This template provisions Azure Bastion in a Virtual Network |
| Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
| Create sandbox of Azure Firewall, client VM, and server VM |
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall. |
| Create a Firewall and FirewallPolicy with Rules and Ipgroups |
This template deploys an Azure Firewall with Firewall Policy (including multiple application and network rules) referencing IP Groups in application and network rules. |
| Create a Firewall, FirewallPolicy with Explicit Proxy |
This template creates an Azure Firewall, FirewalllPolicy with Explicit Proxy and Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
| Create a Firewall with FirewallPolicy and IpGroups |
This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
| Create an Azure Firewall with IpGroups |
This template creates an Azure Firewall with Application and Network Rules referring to IP Groups. Also, includes a Linux Jumpbox vm setup |
| Create an Azure Firewall with Availability Zones |
This template creates an Azure Firewall with Availability Zones and any number of Public IPs in a virtual network and sets up 1 sample application rule and 1 sample network rule |
| Create an Azure Firewall sandbox with forced tunneling |
This template creates an Azure Firewall sandbox (Linux) with one firewall force tunneled through another firewall in a peered VNET |
| Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
| Create a sandbox setup of Azure Firewall with Linux VMs |
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses, 1 sample application rule, 1 sample network rule and default private ranges |
| Create a sandbox setup with Firewall Policy |
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses. Also creates a Firewall policy with 1 sample application rule, 1 sample network rule and default private ranges |
| Create a sandbox setup of Azure Firewall with Zones |
This template creates a virtual network with three subnets (server subnet, jumpbox subnet, and Azure Firewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the ServerSubnet,an Azure Firewall with one or more Public IP addresses, one sample application rule, and one sample network rule and Azure Firewall in Availability Zones 1, 2, and 3. |
| Deploy a Bastion host in a hub Virtual Network |
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet |
| Connect an ExpressRoute circuit to a VNET |
This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured. |
| ExpressRoute circuit with private peering and Azure VNet |
This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute gateway and link the VNet to the ExpressRoute circuit |
| Extend an existing Azure VNET to a Multi-VNET Configuration |
This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways |
| Create an Azure Firewall with multiple IP public addresses |
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test. |
| Secured virtual hubs |
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet. |
| Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
| Standard Load Balancer with Backend Pool by IP Addresses |
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
| Create a load-balancer with a Public IPv6 address |
This template creates an Internet-facing load-balancer with a Public IPv6 address, load balancing rules, and two VMs for the backend pool. |
| Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
| Load Balancer with 2 VIPs, each with one LB rule |
This template allows you to create a Load Balancer, 2 Public IP addresses for the Load balancer (multivip), Virtual Network, Network Interface in the Virtual Network & a LB Rule in the Load Balancer that is used by the Network Interface. |
| Load Balancer with Inbound NAT Rule |
This template allows you to create a Load Balancer, Public IP address for the Load balancer, Virtual Network, Network Interface in the Virtual Network & a NAT Rule in the Load Balancer that is used by the Network Interface. |
| Virtual Network NAT with VM |
Deploy a NAT gateway and virtual machine |
| Virtual Network NAT |
Deploy a NAT gateway and virtual network |
| Network Interface with Public IP Address |
This template allows you to create a Network Inerface in a Virtual Network referencing a Public IP Address. |
| Create Public IP with DDoS IP Protection |
This template creates a Public IP that is protected with DDoS IP Protection |
| Create a Point-to-Site Gateway |
This template allows you to create a Point-to-Site connection using VirtualNetworkGateways |
| Create a Point-to-Site Gateway with Azure AD |
This template deploys a VPN Virtual Network Gateway configured with an Azure Active Directory Point-to-Site connection |
| Private Link service example |
This template shows how to create a private link service |
| Reserved IP Use Case Snippet |
This template demonstrates the currently supported use case for Reserved IP. A Reserved IP is simply a statically allocated Public IP. |
| Create a Route Server in a New Subnet |
This template deploys a Route Server into a subnet named RouteServerSubnet. |
| Azure Route Server in BGP peering with Quagga |
This template deploys a Router Server and Ubuntu VM with Quagga. Two external BGP sessions are established between the Router Server and Quagga. Installation and configuration of Quagga is executed by Azure custom script extension for linux |
| Create a Site-to-Site VPN Connection with VM |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
| Create a Site-to-Site VPN Connection |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
| Site-to-Site VPN with active-active VPN Gateways with BGP |
This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. |
| Azure Traffic Manager VM example |
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines. |
| Azure Traffic Manager VM example with Availability Zones |
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines placed in Availability Zones. |
| User defined routes and Appliance |
This template deploys a Virtual Network, VMs in respective subnets and routes to direct traffic to the appliance |
| 201-vnet-2subnets-service-endpoints-storage-integration |
Creates 2 new VMs with a NIC each, in two different subnets within the same VNet. Sets service endpoint on one of the subnets and secures storage account to that subnet. |
| Create a VNET to VNET connection across two regions |
This template allows you to connect two VNETs in different regions using Virtual Network Gateways |
| Create a BGP VNET to VNET connection |
This template allows you to connect two VNETs using Virtual Network Gateways and BGP |
| Create three vNets to demonstrate transitive BGP connections |
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections |
ARM template resource definition
The publicIPAddresses resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/publicIPAddresses resource, add the following JSON to your template.
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2023-04-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"sku": {
"name": "string",
"tier": "string"
},
"extendedLocation": {
"name": "string",
"type": "EdgeZone"
},
"properties": {
"ddosSettings": {
"ddosProtectionPlan": {
"id": "string"
},
"protectionMode": "string"
},
"deleteOption": "string",
"dnsSettings": {
"domainNameLabel": "string",
"domainNameLabelScope": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"idleTimeoutInMinutes": "int",
"ipAddress": "string",
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"linkedPublicIPAddress": { public-ip-address-object },
"extendedLocation": {
"name": "string",
"type": "EdgeZone"
},
"id": "string",
"location": "string",
"properties": {
"sku": {
"name": "string",
"tier": "string"
},
"tags": {},
"zones": [ "string" ]
},
"migrationPhase": "string",
"natGateway": {
"id": "string",
"location": "string",
"properties": {
"idleTimeoutInMinutes": "int",
"publicIpAddresses": [
{
"id": "string"
}
],
"publicIpPrefixes": [
{
"id": "string"
}
]
},
"sku": {
"name": "Standard"
},
"tags": {},
"zones": [ "string" ]
},
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"publicIPPrefix": {
"id": "string"
},
"servicePublicIPAddress": { public-ip-address-object },
"extendedLocation": {
"name": "string",
"type": "EdgeZone"
},
"id": "string",
"location": "string",
"properties": {
"sku": {
"name": "string",
"tier": "string"
},
"tags": {},
"zones": [ "string" ]
}
},
"zones": [ "string" ]
}
Property values
publicIPAddresses
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Network/publicIPAddresses' |
| apiVersion | The resource api version | '2023-04-01' |
| name | The resource name | string (required) Character limit: 1-80 Valid characters: Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore. |
| location | Resource location. | string |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| sku | The public IP address SKU. | PublicIPAddressSku |
| extendedLocation | The extended location of the public ip address. | ExtendedLocation |
| properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | 'EdgeZone' |
PublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| ddosSettings | The DDoS protection custom policy associated with the public IP address. | DdosSettings |
| deleteOption | Specify what happens to the public IP address when the VM using it is deleted | 'Delete' 'Detach' |
| dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipAddress | The IP address associated with the public IP address resource. | string |
| ipTags | The list of tags associated with the public IP address. | IpTag[] |
| linkedPublicIPAddress | The linked public IP address of the public IP address resource. | PublicIPAddress |
| migrationPhase | Migration phase of Public IP Address. | 'Abort' 'Commit' 'Committed' 'None' 'Prepare' |
| natGateway | The NatGateway for the Public IP address. | NatGateway |
| publicIPAddressVersion | The public IP address version. | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | The public IP address allocation method. | 'Dynamic' 'Static' |
| publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
| servicePublicIPAddress | The service public IP address of the public IP address resource. | PublicIPAddress |
DdosSettings
| Name | Description | Value |
|---|---|---|
| ddosProtectionPlan | The DDoS protection plan associated with the public IP. Can only be set if ProtectionMode is Enabled | SubResource |
| protectionMode | The DDoS protection mode of the public IP | 'Disabled' 'Enabled' 'VirtualNetworkInherited' |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
PublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| domainNameLabelScope | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | 'NoReuse' 'ResourceGroupReuse' 'SubscriptionReuse' 'TenantReuse' |
| fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
IpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
| tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
PublicIPAddress
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the public ip address. | ExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
| sku | The public IP address SKU. | PublicIPAddressSku |
| tags | Resource tags. | object |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Name of a public IP address SKU. | 'Basic' 'Standard' |
| tier | Tier of a public IP address SKU. | 'Global' 'Regional' |
NatGateway
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Nat Gateway properties. | NatGatewayPropertiesFormat |
| sku | The nat gateway SKU. | NatGatewaySku |
| tags | Resource tags. | object |
| zones | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | string[] |
NatGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| idleTimeoutInMinutes | The idle timeout of the nat gateway. | int |
| publicIpAddresses | An array of public ip addresses associated with the nat gateway resource. | SubResource[] |
| publicIpPrefixes | An array of public ip prefixes associated with the nat gateway resource. | SubResource[] |
NatGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of Nat Gateway SKU. | 'Standard' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| AKS cluster with the Application Gateway Ingress Controller |
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault |
| App Gateway with WAF, SSL, IIS and HTTPS redirection |
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers. |
| Create an IPv6 Application Gateway |
This template creates an application gateway with an IPv6 frontend in a dual-stack virtual network. |
| Create an Application Gateway V2 with Key Vault |
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway. |
| Application Gateway for Multi Hosting |
This template creates an Application Gateway and configures it for Multi Hosting on port 443. |
| Create an Application Gateway with Path Override |
This template deploys an Application Gateway and shows usage of the path override feature for a backend address pool. |
| Create an Application Gateway with Probe |
This template deploys an Application Gateway with enhanced probe functionality. |
| Create an Application Gateway with Public IP |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Http Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
| Create an Application Gateway with Public IP (Offload) |
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Ssl Offload and Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers. |
| Create an Application Gateway with Redirect |
This template creates an application gateway with Redirect functionalities in a virtual network and sets up load balancing and redirect rules (basic and pathbased) |
| Create an Application Gateway with Rewrite |
This template creates an application gateway with Rewrite functionalities in a virtual network and sets up load balancing, rewrite rules |
| Create an Application Gateway (Custom SSL) |
This template deploys an Application Gateway configured with a custom ssl policy. |
| Create an Application Gateway (SSL Policy) |
This template deploys an Application Gateway configured with a predefined ssl policy. |
| Application Gateway for Url Path Based Routing |
This template creates an Application Gateway and configures it for URL Path Based Routing. |
| Create an Application Gateway v2 |
This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend |
| Create an Application Gateway (WAF) |
This template creates an application gateway with Web Application Firewall functionality in a virtual network and sets up load balancing rules for any number of virtual machines |
| Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
| Application Gateway for a Web App with IP Restriction |
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App. |
| Create an Application Gateway for WebApps |
This template creates an application gateway in front of two Azure Web Apps with a custom probe enabled. |
| Application Security Groups |
This template shows how to put together the pieces to secure workloads using NSGs with Application Security Groups. It will deploy a Linux VM running NGINX and through the usage of Applicaton Security Groups on Network Security Groups we will allow access to ports 22 and 80 to a VM assigned to Application Security Group called webServersAsg. |
| Azure Bastion as a Service |
This template provisions Azure Bastion in a Virtual Network |
| Azure Bastion as a Service with NSG |
This template provisions Azure Bastion in a Virtual Network |
| Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
| Create sandbox of Azure Firewall, client VM, and server VM |
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall. |
| Create a Firewall and FirewallPolicy with Rules and Ipgroups |
This template deploys an Azure Firewall with Firewall Policy (including multiple application and network rules) referencing IP Groups in application and network rules. |
| Create a Firewall, FirewallPolicy with Explicit Proxy |
This template creates an Azure Firewall, FirewalllPolicy with Explicit Proxy and Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
| Create a Firewall with FirewallPolicy and IpGroups |
This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
| Create an Azure Firewall with IpGroups |
This template creates an Azure Firewall with Application and Network Rules referring to IP Groups. Also, includes a Linux Jumpbox vm setup |
| Create an Azure Firewall with Availability Zones |
This template creates an Azure Firewall with Availability Zones and any number of Public IPs in a virtual network and sets up 1 sample application rule and 1 sample network rule |
| Create an Azure Firewall sandbox with forced tunneling |
This template creates an Azure Firewall sandbox (Linux) with one firewall force tunneled through another firewall in a peered VNET |
| Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
| Create a sandbox setup of Azure Firewall with Linux VMs |
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses, 1 sample application rule, 1 sample network rule and default private ranges |
| Create a sandbox setup with Firewall Policy |
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses. Also creates a Firewall policy with 1 sample application rule, 1 sample network rule and default private ranges |
| Create a sandbox setup of Azure Firewall with Zones |
This template creates a virtual network with three subnets (server subnet, jumpbox subnet, and Azure Firewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the ServerSubnet,an Azure Firewall with one or more Public IP addresses, one sample application rule, and one sample network rule and Azure Firewall in Availability Zones 1, 2, and 3. |
| Deploy a Bastion host in a hub Virtual Network |
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet |
| Connect an ExpressRoute circuit to a VNET |
This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured. |
| ExpressRoute circuit with private peering and Azure VNet |
This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute gateway and link the VNet to the ExpressRoute circuit |
| Extend an existing Azure VNET to a Multi-VNET Configuration |
This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways |
| Create an Azure Firewall with multiple IP public addresses |
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test. |
| Secured virtual hubs |
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet. |
| Create a cross-region load balancer |
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region. |
| Standard Load Balancer with Backend Pool by IP Addresses |
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document. |
| Create a load-balancer with a Public IPv6 address |
This template creates an Internet-facing load-balancer with a Public IPv6 address, load balancing rules, and two VMs for the backend pool. |
| Create a standard load-balancer |
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone. |
| Load Balancer with 2 VIPs, each with one LB rule |
This template allows you to create a Load Balancer, 2 Public IP addresses for the Load balancer (multivip), Virtual Network, Network Interface in the Virtual Network & a LB Rule in the Load Balancer that is used by the Network Interface. |
| Load Balancer with Inbound NAT Rule |
This template allows you to create a Load Balancer, Public IP address for the Load balancer, Virtual Network, Network Interface in the Virtual Network & a NAT Rule in the Load Balancer that is used by the Network Interface. |
| Virtual Network NAT with VM |
Deploy a NAT gateway and virtual machine |
| Virtual Network NAT |
Deploy a NAT gateway and virtual network |
| Network Interface with Public IP Address |
This template allows you to create a Network Inerface in a Virtual Network referencing a Public IP Address. |
| Create Public IP with DDoS IP Protection |
This template creates a Public IP that is protected with DDoS IP Protection |
| Create a Point-to-Site Gateway |
This template allows you to create a Point-to-Site connection using VirtualNetworkGateways |
| Create a Point-to-Site Gateway with Azure AD |
This template deploys a VPN Virtual Network Gateway configured with an Azure Active Directory Point-to-Site connection |
| Private Link service example |
This template shows how to create a private link service |
| Reserved IP Use Case Snippet |
This template demonstrates the currently supported use case for Reserved IP. A Reserved IP is simply a statically allocated Public IP. |
| Create a Route Server in a New Subnet |
This template deploys a Route Server into a subnet named RouteServerSubnet. |
| Azure Route Server in BGP peering with Quagga |
This template deploys a Router Server and Ubuntu VM with Quagga. Two external BGP sessions are established between the Router Server and Quagga. Installation and configuration of Quagga is executed by Azure custom script extension for linux |
| Create a Site-to-Site VPN Connection with VM |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
| Create a Site-to-Site VPN Connection |
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways |
| Site-to-Site VPN with active-active VPN Gateways with BGP |
This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones. |
| Azure Traffic Manager VM example |
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines. |
| Azure Traffic Manager VM example with Availability Zones |
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines placed in Availability Zones. |
| User defined routes and Appliance |
This template deploys a Virtual Network, VMs in respective subnets and routes to direct traffic to the appliance |
| 201-vnet-2subnets-service-endpoints-storage-integration |
Creates 2 new VMs with a NIC each, in two different subnets within the same VNet. Sets service endpoint on one of the subnets and secures storage account to that subnet. |
| Create a VNET to VNET connection across two regions |
This template allows you to connect two VNETs in different regions using Virtual Network Gateways |
| Create a BGP VNET to VNET connection |
This template allows you to connect two VNETs using Virtual Network Gateways and BGP |
| Create three vNets to demonstrate transitive BGP connections |
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections |
Terraform (AzAPI provider) resource definition
The publicIPAddresses resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/publicIPAddresses resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/publicIPAddresses@2023-04-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
ddosSettings = {
ddosProtectionPlan = {
id = "string"
}
protectionMode = "string"
}
deleteOption = "string"
dnsSettings = {
domainNameLabel = "string"
domainNameLabelScope = "string"
fqdn = "string"
reverseFqdn = "string"
}
idleTimeoutInMinutes = int
ipAddress = "string"
ipTags = [
{
ipTagType = "string"
tag = "string"
}
]
linkedPublicIPAddress = {
public-ip-address-object
}
extendedLocation = {
name = "string"
type = "EdgeZone"
}
id = "string"
location = "string"
properties = {
sku = {
name = "string"
tier = "string"
}
tags = {}
zones = [
"string"
]
}
migrationPhase = "string"
natGateway = {
id = "string"
location = "string"
properties = {
idleTimeoutInMinutes = int
publicIpAddresses = [
{
id = "string"
}
]
publicIpPrefixes = [
{
id = "string"
}
]
}
sku = {
name = "Standard"
}
tags = {}
zones = [
"string"
]
}
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
publicIPPrefix = {
id = "string"
}
servicePublicIPAddress = {
public-ip-address-object
}
extendedLocation = {
name = "string"
type = "EdgeZone"
}
id = "string"
location = "string"
properties = {
sku = {
name = "string"
tier = "string"
}
tags = {}
zones = [
"string"
]
}
}
zones = [
"string"
]
sku = {
name = "string"
tier = "string"
}
extendedLocation = {
name = "string"
type = "EdgeZone"
}
})
}
Property values
publicIPAddresses
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Network/publicIPAddresses@2023-04-01" |
| name | The resource name | string (required) Character limit: 1-80 Valid characters: Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore. |
| location | Resource location. | string |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. |
| sku | The public IP address SKU. | PublicIPAddressSku |
| extendedLocation | The extended location of the public ip address. | ExtendedLocation |
| properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
ExtendedLocation
| Name | Description | Value |
|---|---|---|
| name | The name of the extended location. | string |
| type | The type of the extended location. | "EdgeZone" |
PublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| ddosSettings | The DDoS protection custom policy associated with the public IP address. | DdosSettings |
| deleteOption | Specify what happens to the public IP address when the VM using it is deleted | "Delete" "Detach" |
| dnsSettings | The FQDN of the DNS record associated with the public IP address. | PublicIPAddressDnsSettings |
| idleTimeoutInMinutes | The idle timeout of the public IP address. | int |
| ipAddress | The IP address associated with the public IP address resource. | string |
| ipTags | The list of tags associated with the public IP address. | IpTag[] |
| linkedPublicIPAddress | The linked public IP address of the public IP address resource. | PublicIPAddress |
| migrationPhase | Migration phase of Public IP Address. | "Abort" "Commit" "Committed" "None" "Prepare" |
| natGateway | The NatGateway for the Public IP address. | NatGateway |
| publicIPAddressVersion | The public IP address version. | "IPv4" "IPv6" |
| publicIPAllocationMethod | The public IP address allocation method. | "Dynamic" "Static" |
| publicIPPrefix | The Public IP Prefix this Public IP Address should be allocated from. | SubResource |
| servicePublicIPAddress | The service public IP address of the public IP address resource. | PublicIPAddress |
DdosSettings
| Name | Description | Value |
|---|---|---|
| ddosProtectionPlan | The DDoS protection plan associated with the public IP. Can only be set if ProtectionMode is Enabled | SubResource |
| protectionMode | The DDoS protection mode of the public IP | "Disabled" "Enabled" "VirtualNetworkInherited" |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
PublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| domainNameLabelScope | The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. | "NoReuse" "ResourceGroupReuse" "SubscriptionReuse" "TenantReuse" |
| fqdn | The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
IpTag
| Name | Description | Value |
|---|---|---|
| ipTagType | The IP tag type. Example: FirstPartyUsage. | string |
| tag | The value of the IP tag associated with the public IP. Example: SQL. | string |
PublicIPAddress
| Name | Description | Value |
|---|---|---|
| extendedLocation | The extended location of the public ip address. | ExtendedLocation |
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Public IP address properties. | PublicIPAddressPropertiesFormat |
| sku | The public IP address SKU. | PublicIPAddressSku |
| tags | Resource tags. | object |
| zones | A list of availability zones denoting the IP allocated for the resource needs to come from. | string[] |
PublicIPAddressSku
| Name | Description | Value |
|---|---|---|
| name | Name of a public IP address SKU. | "Basic" "Standard" |
| tier | Tier of a public IP address SKU. | "Global" "Regional" |
NatGateway
| Name | Description | Value |
|---|---|---|
| id | Resource ID. | string |
| location | Resource location. | string |
| properties | Nat Gateway properties. | NatGatewayPropertiesFormat |
| sku | The nat gateway SKU. | NatGatewaySku |
| tags | Resource tags. | object |
| zones | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | string[] |
NatGatewayPropertiesFormat
| Name | Description | Value |
|---|---|---|
| idleTimeoutInMinutes | The idle timeout of the nat gateway. | int |
| publicIpAddresses | An array of public ip addresses associated with the nat gateway resource. | SubResource[] |
| publicIpPrefixes | An array of public ip prefixes associated with the nat gateway resource. | SubResource[] |
NatGatewaySku
| Name | Description | Value |
|---|---|---|
| name | Name of Nat Gateway SKU. | "Standard" |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for