Skip to content

Public IP addresses should use availability zones#

Reliability · Public IP address · Azure.PublicIP.AvailabilityZone

Public IP addresses deployed with Standard SKU should use availability zones in supported regions for high availability.

Description#

Public IP addresses using availability zones improve reliability and ensure availability during failure scenarios affecting a data center within a region. A zone redundant Public IP address can spread across multiple availability zones, which ensures the Public IP address will continue running even if another zone has gone down. Furthermore, this ensures Public Standard Load balancer frontend IPs using a zone-redundant Public IP address can survive zone failure.

Recommendation#

Consider using zone-redundant Public IP addresses deployed with Standard SKU.

Notes#

This rule applies when analyzing resources deployed to Azure using pre-flight and in-flight data.

This rule fails when "zones" is constrained to a single(zonal) zone, or set to null, [] when there are supported availability zones for the given region.

This rule passes if no zones exist for a given region or "zones" is set to ["1", "2", "3"].

Configure AZURE_PUBLICIP_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST to set additional availability zones that need to be supported which are not in the existing providers for namespace Microsoft.Network and resource type publicIpAddresses.

# YAML: The default AZURE_PUBLICIP_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST configuration option
configuration:
  AZURE_PUBLICIP_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST: []

Examples#

Configure with Azure template#

To configure zone-redundancy for a Public IP address.

  • Set sku.name to Standard.
  • Set zones to ["1", "2", "3"].

For example:

{
    "type": "Microsoft.Network/publicIPAddresses",
    "apiVersion": "2020-11-01",
    "name": "[parameters('publicIPAddresses_test_ip_name')]",
    "location": "australiaeast",
    "sku": {
        "name": "Standard",
        "tier": "Regional"
    },
    "zones": [
        "2",
        "3",
        "1"
    ],
    "properties": {
        "ipAddress": "[parameters('publicIPAddresses_ip_address')]",
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4,
        "ipTags": []
    }
}

Configure with Bicep#

To configure zone-redundancy for a Public IP address.

  • Set sku.name to Standard.
  • Set zones to ["1", "2", "3"].

For example:

resource publicIPAddresses_resource 'Microsoft.Network/publicIPAddresses@2020-11-01' = {
  name: name
  location: location
  sku: {
    name: 'Standard'
    tier: 'Regional'
  }
  zones: [
    '2'
    '3'
    '1'
  ]
  properties: {
    ipAddress: ipAddress
    publicIPAddressVersion: 'IPv4'
    publicIPAllocationMethod: 'Static'
    idleTimeoutInMinutes: 4
    ipTags: []
  }
}

Last update: 2021-10-19