Andrei KniazevIf you need to have multiple Azure Web Apps with one static IP for outbound calls you need:
1 - Create a Virtual Network
2 - Create NAT Gateway
3 - Create Public IP
5 - Create SubNets for each App
6 - Attach SubNets to VN
7 - Use NAT In SubNets
8 - Enable vnetRouteAllEnabled for each App
We will use bicep for all of it.
Apps
Notice: Apps should be S1 or higher to allow subnets - https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration#pricing-details
In you apps you need to enable vnetRouteAllEnabledin siteConfig. Example bicep:
First you need to creat two apps. Example bicep file for app-one:
param location string = resourceGroup().location
resource hostingPlan 'Microsoft.Web/serverfarms@2020-12-01' = {
name: 'hostingPlan'
location: location
kind: 'windows'
sku: {
name: 'S1'
capacity: 1
}
}
resource appService 'Microsoft.Web/sites@2021-03-01' = {
name: 'app-one'
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: hostingPlan.id
httpsOnly: true
siteConfig: {
vnetRouteAllEnabled: true
}
}
}
Network Part
This bicep will create VN, NAT Gateway, Public IP and SubNet for each Web App.
param location string = resourceGroup().location
var appOne = 'app-one'
var appTwo = 'app-two'
resource publicIp 'Microsoft.Network/publicIPAddresses@2021-05-01' = {
name: 'public-ip-name'
location: location
sku: {
name: 'Standard'
}
properties: {
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
idleTimeoutInMinutes: 4
}
}
resource natgateway 'Microsoft.Network/natGateways@2021-05-01' = {
name: 'natgateway-name'
location: location
sku: {
name: 'Standard'
}
properties: {
idleTimeoutInMinutes: 4
publicIpAddresses: [
{
id: publicIp.id
}
]
}
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = {
name: 'virtualNetwork'
location: location
properties: {
addressSpace: {
addressPrefixes: [
'192.168.0.0/16'
]
}
subnets: [
{
name: 'subnet-for-${appOne}'
properties: {
addressPrefix: '192.168.0.0/24'
natGateway: {
id: natgateway.id
}
delegations: [
{
name: 'delegation'
properties: {
serviceName: 'Microsoft.Web/serverfarms'
}
}
]
}
}
{
name: 'subnet-for-${appTwo}'
properties: {
addressPrefix: '192.168.1.0/24'
natGateway: {
id: natgateway.id
}
delegations: [
{
name: 'delegation'
properties: {
serviceName: 'Microsoft.Web/serverfarms'
}
}
]
}
}
]
}
}
resource prodcutsToSubnet 'Microsoft.Web/sites/networkConfig@2022-03-01' = {
name: '${appOne}/virtualNetwork'
properties: {
subnetResourceId: virtualNetwork.properties.subnets[0].id
swiftSupported: true
}
}
resource webhooksToSubnet 'Microsoft.Web/sites/networkConfig@2022-03-01' = {
name: '${appTwo}/virtualNetwork'
properties: {
subnetResourceId: virtualNetwork.properties.subnets[1].id
swiftSupported: true
}
}
Now all outbound connections from apps will use one static IP address.
