Static IP on Azure - What are your options?
Approximate time to read: 3 min
Azure is a great cloud hosting option but its very hard to get a Static IP address. The IP address assigned to your deployment only exists for the lifetime of your deployment so if you need to connect to a resource that only allows access from known IP addresses, for example a database behind a firewall or a secure third party web service, you have a major problem.
This post explains different ways to solve this when you need a static IP address for outbound traffic. If you need a static inbound IP address then take a look at Wely Lay’s post on the subject.
Option 1 – Deploy using VMs and never take them down
When you create a VM on Azure the IP address assigned to it will not change for the duration of its lifetime. You will be able to do in-place upgrades of these VMs and still retain the same IP address. Also known as the “fingers crossed” approach.
Good when:
- You are trying out a service that requires a known IP only don’t need that static IP to exist reliably for a long time.
- If you have quick access to update IP allow-list/firewall rules so you can update them when your deployment changes
Bad when:
- You are deploying a critical service that requires a stable IP for long period of time
- A third party needs to update their records with your static IP as their turnarounds may be too long
Option 2 – Create your own proxy service on Amazon EC2
Amazon EC2 has the concept of Elastic IP addresses. Once allocated to your account you can associate these with any running instance. If that instance fails or is destroyed you can associate the IP with a new instance.
As an Azure user you can create an Amazon account, deploy a new Amazon EC2 instance and allocate an Elastic IP address to it. You can then deploy a proxy server to that instance and route all outbound traffic from your Azure instances through your EC2 instance.
Good when:
- You have sysadmin skills and an Amazon EC2 account.
Bad when:
- You don’t want to manage your own infrastructure in multiple places
- You need fault tolerance. You would have to setup multiple EC2 instances behind a load balancer in case of failure of the Static IP node.
Option 3 – Use the QuotaGuard Static proxy service
QuotaGuard Static is a cloud service that allows you to route outbound traffic through a Static IP address. It is load balanced and accessible as either a SOCKS5 or HTTP proxy so can be integrated in to any language and framework.
You can find QuotaGuard on the Azure Marketplace:
When you sign-up you are assigned two static IP addresses and a connection string for the proxy to route your traffic through. Once configured you can route outbound traffic from your app through the proxy and appear to your target server to originate from one of the two static IPs. This approach works whether you have 1 or 100 Azure instances.
Good when:
- You don’t want to manage additional infrastructure.
- You want a reliable, scalable solution with easy setup.
Bad when:
- You want to do everything yourself.
Conclusion
We believe QuotaGuard Static is the most robust, scalable and cost effective way of getting a Static IP address on Azure and we offer free trials so you can see if you agree. What are you waiting for?