Public IP addresses should use availability zones#
Reliability · Public IP address · Rule · 2021_12 · Important
Public IP addresses deployed with Standard SKU should use availability zones in supported regions for high availability.
Description#
Public IP addresses using availability zones improve reliability and ensure availability during failure scenarios affecting a data center within a region. A zone redundant Public IP address can spread across multiple availability zones, which ensures the Public IP address will continue running even if another zone has gone down. Furthermore, this ensures Public Standard Load balancer frontend IPs using a zone-redundant Public IP address can survive zone failure.
Recommendation#
Consider using zone-redundant Public IP addresses deployed with Standard SKU.
Examples#
Configure with Azure template#
To configure zone-redundancy for a Public IP address.
- Set
sku.name
toStandard
. - Set
zones
to["1", "2", "3"]
.
For example:
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2023-05-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard",
"tier": "Regional"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4
},
"zones": [
"1",
"2",
"3"
]
}
Configure with Bicep#
To configure zone-redundancy for a Public IP address.
- Set
sku.name
toStandard
. - Set
zones
to['1', '2', '3']
.
For example:
resource pip 'Microsoft.Network/publicIPAddresses@2023-05-01' = {
name: name
location: location
sku: {
name: 'Standard'
tier: 'Regional'
}
properties: {
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
idleTimeoutInMinutes: 4
}
zones: [
'1'
'2'
'3'
]
}
Notes#
This rule is not applicable for public IP addresses used for Azure Bastion. Azure Bastion does not currently support Availability Zones. Public IP addresses with the following tags are automatically excluded from this rule:
resource-usage
tag set toazure-bastion
.
This rule fails when "zones"
is constrained to a single(zonal) zone, or set to null
, []
when there are supported availability zones for the given region.
This rule passes if no zones exist for a given region or "zones"
is set to ["1", "2", "3"]
.
Configure AZURE_PUBLICIP_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST
to set additional availability zones that need to be supported which are not in the existing providers for namespace Microsoft.Network
and resource type publicIpAddresses
.
# YAML: The default AZURE_PUBLICIP_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST configuration option
configuration:
AZURE_PUBLICIP_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST: []