Connect an existing Azure App Service to Azure Database for MySQL server

This topic explains how to connect an existing Azure App Service to your Azure Database for MySQL server.

Before you begin

Log in to the Azure portal. Create an Azure Database for MySQL server. For details, refer to How to create Azure Database for MySQL server from Portal or How to create Azure Database for MySQL server using CLI.

Currently there are two solutions to enable access from an Azure App Service to an Azure Database for MySQL. Both solutions involve setting up server-level firewall rules.

Solution 1 - Create a firewall rule to allow all IPs

Azure Database for MySQL provides access security using a firewall to protect your data. When connecting from an Azure App Service to Azure Database for MySQL server, keep in mind that the outbound IPs of App Service are dynamic in nature.

To ensure the availability of your Azure App Service, we recommend using this solution to allow ALL IPs.


Microsoft is working on a long-term solution to avoid allowing all IPs for Azure services to connect to Azure Database for MySQL.

  1. On the MySQL server blade, under the Settings heading, click Connection Security to open the Connection Security blade for Azure Database for MySQL.

    Azure portal - click Connection Security

  2. Enter RULE NAME, START IP, and END IP, and then click Save.

    • Rule name: Allow-All-IPs
    • Start IP:
    • End IP:

    Azure portal - Add all IPs

Solution 2 - Create a firewall rule to explicitly allow outbound IPs

You can explicitly add all the outbound IPs of your Azure App Service.

  1. On the App Service Properties blade, view your OUTBOUND IP ADDRESS.

    Azure portal - View outbound IPs

  2. On the MySQL Connection security blade, add outbound IPs one by one.

    Azure portal - Add explicit IPs

  3. Remember to Save your firewall rules.

Though the Azure App service attempts to keep IP addresses constant over time, there are cases where the IP addresses may change. For example, this can occur when the app recycles or a scale operation occurs, or when new computers are added in Azure regional data centers to increase capacity. When the IP addresses change, the app could experience downtime in the event it can no longer connect to the MySQL server. Keep this consideration in mind when choosing one of the preceding solutions.

SSL configuration

Azure Database for MySQL has SSL enabled by default. If your application is not using SSL to connect to the database, then you need to disable SSL on the MySQL server. For details on how to configure SSL, see Using SSL with Azure Database for MySQL.

Next steps

For more information about connection strings, refer to Connection Strings.