Microsoft.Network publicIPAddresses

The publicIPAddresses resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.Network/publicIPAddresses resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Network/publicIPAddresses@2021-02-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  sku: {
    name: 'string'
    tier: 'string'
  }
  extendedLocation: {
    name: 'string'
    type: 'EdgeZone'
  }
  properties: {
    ddosSettings: {
      ddosCustomPolicy: {
        id: 'string'
      }
      protectedIP: bool
      protectionCoverage: 'string'
    }
    deleteOption: 'string'
    dnsSettings: {
      domainNameLabel: 'string'
      fqdn: 'string'
      reverseFqdn: 'string'
    }
    idleTimeoutInMinutes: int
    ipAddress: 'string'
    ipTags: [
      {
        ipTagType: 'string'
        tag: 'string'
      }
    ]
    linkedPublicIPAddress: {
      extendedLocation: {
        name: 'string'
        type: 'EdgeZone'
      }
      id: 'string'
      location: 'string'
      properties: {
      sku: {
        name: 'string'
        tier: 'string'
      }
      tags: {
        tagName1: 'tagValue1'
        tagName2: 'tagValue2'
      }
      zones: [ 'string' ]
    }
    migrationPhase: 'string'
    natGateway: {
      id: 'string'
      location: 'string'
      properties: {
        idleTimeoutInMinutes: int
        publicIpAddresses: [
          {
            id: 'string'
          }
        ]
        publicIpPrefixes: [
          {
            id: 'string'
          }
        ]
      }
      sku: {
        name: 'Standard'
      }
      tags: {
        tagName1: 'tagValue1'
        tagName2: 'tagValue2'
      }
      zones: [ 'string' ]
    }
    publicIPAddressVersion: 'string'
    publicIPAllocationMethod: 'string'
    publicIPPrefix: {
      id: 'string'
    }
    servicePublicIPAddress: {
      extendedLocation: {
        name: 'string'
        type: 'EdgeZone'
      }
      id: 'string'
      location: 'string'
      properties: {
      sku: {
        name: 'string'
        tier: 'string'
      }
      tags: {
        tagName1: 'tagValue1'
        tagName2: 'tagValue2'
      }
      zones: [ 'string' ]
    }
  }
  zones: [ 'string' ]
}

Property values

publicIPAddresses

Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
'Microsoft.Network/publicIPAddresses'
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
'2021-02-01'
name The resource name string (required)
location Resource location. string
tags Resource tags. Dictionary of tag names and values. See Tags in templates
sku SKU of a public IP address. PublicIPAddressSku
extendedLocation ExtendedLocation complex type. ExtendedLocation
properties Public IP address properties. PublicIPAddressPropertiesFormat
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

ExtendedLocation

Name Description Value
name The name of the extended location. string
type The supported ExtendedLocation types. Currently only EdgeZone is supported in Microsoft.Network resources. 'EdgeZone'

PublicIPAddressPropertiesFormat

Name Description Value
ddosSettings Contains the DDoS protection settings of the public IP. DdosSettings
deleteOption Specify what happens to the public IP address when the VM using it is deleted 'Delete'
'Detach'
dnsSettings Contains FQDN of the DNS record associated with the public IP address. PublicIPAddressDnsSettings
idleTimeoutInMinutes The idle timeout of the public IP address. int
ipAddress The IP address associated with the public IP address resource. string
ipTags The list of tags associated with the public IP address. IpTag[]
linkedPublicIPAddress Public IP address resource. PublicIPAddress
migrationPhase Migration phase of Public IP Address. 'Abort'
'Commit'
'Committed'
'None'
'Prepare'
natGateway Nat Gateway resource. NatGateway
publicIPAddressVersion IP address version. 'IPv4'
'IPv6'
publicIPAllocationMethod IP address allocation method. 'Dynamic'
'Static'
publicIPPrefix Reference to another subresource. SubResource
servicePublicIPAddress Public IP address resource. PublicIPAddress

DdosSettings

Name Description Value
ddosCustomPolicy Reference to another subresource. SubResource
protectedIP Enables DDoS protection on the public IP. bool
protectionCoverage The DDoS protection policy customizability of the public IP. Only standard coverage will have the ability to be customized. 'Basic'
'Standard'

SubResource

Name Description Value
id Resource ID. string

PublicIPAddressDnsSettings

Name Description Value
domainNameLabel The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. string
fqdn The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. string
reverseFqdn The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. string

IpTag

Name Description Value
ipTagType The IP tag type. Example: FirstPartyUsage. string
tag The value of the IP tag associated with the public IP. Example: SQL. string

PublicIPAddress

Name Description Value
extendedLocation ExtendedLocation complex type. ExtendedLocation
id Resource ID. string
location Resource location. string
properties Public IP address properties. PublicIPAddressPropertiesFormat
sku SKU of a public IP address. PublicIPAddressSku
tags Resource tags. Dictionary of tag names and values. See Tags in templates
zones A list of availability zones denoting the IP allocated for the resource needs to come from. string[]

PublicIPAddressSku

Name Description Value
name Name of a public IP address SKU. 'Basic'
'Standard'
tier Tier of a public IP address SKU. 'Global'
'Regional'

NatGateway

Name Description Value
id Resource ID. string
location Resource location. string
properties Nat Gateway properties. NatGatewayPropertiesFormat
sku SKU of nat gateway. NatGatewaySku
tags Resource tags. Dictionary of tag names and values. See Tags in templates
zones A list of availability zones denoting the zone in which Nat Gateway should be deployed. string[]

NatGatewayPropertiesFormat

Name Description Value
idleTimeoutInMinutes The idle timeout of the nat gateway. int
publicIpAddresses An array of public ip addresses associated with the nat gateway resource. SubResource[]
publicIpPrefixes An array of public ip prefixes associated with the nat gateway resource. SubResource[]

NatGatewaySku

Name Description Value
name Name of Nat Gateway SKU. 'Standard'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
AKS cluster with the Application Gateway Ingress Controller

Deploy to Azure
This sample shows how to deploy an AKS cluster with Application Gateway, Application Gateway Ingress Controller, Azure Container Registry, Log Analytics and Key Vault
App Gateway with WAF, SSL, IIS and HTTPS redirection

Deploy to Azure
This template deploys an Application Gateway with WAF, end to end SSL and HTTP to HTTPS redirect on the IIS servers.
Create an Application Gateway V2 with Key Vault

Deploy to Azure
This template deploys an Application Gateway V2 in a Virtual Network, a user defined identity, Key Vault, a secret (cert data), and access policy on Key Vault and Application Gateway.
Application Gateway for Multi Hosting

Deploy to Azure
This template creates an Application Gateway and configures it for Multi Hosting on port 443.
Create an Application Gateway

Deploy to Azure
This template deploys an Application Gateway and shows usage of the path override feature for a backend address pool.
Create an Application Gateway

Deploy to Azure
This template deploys an Application Gateway with enhanced probe functionality.
Create an Application Gateway with Public IP

Deploy to Azure
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Http Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers.
Create an Application Gateway with Public IP

Deploy to Azure
This template creates an Application Gateway, Public IP address for the Application Gateway, and the Virtual Network in which Application Gateway is deployed. Also configures Application Gateway for Ssl Offload and Load balancing with Two backend servers. Note that you have to specify valid IPs for backend servers.
Create an Application Gateway

Deploy to Azure
This template creates an application gateway with Redirect functionalities in a virtual network and sets up load balancing and redirect rules (basic and pathbased)
Create an Application Gateway

Deploy to Azure
This template creates an application gateway with Rewrite functionalities in a virtual network and sets up load balancing, rewrite rules
Create an Application Gateway

Deploy to Azure
This template deploys an Application Gateway configured with a custom ssl policy.
Create an Application Gateway

Deploy to Azure
This template deploys an Application Gateway configured with a predefined ssl policy.
Application Gateway for Url Path Based Routing

Deploy to Azure
This template creates an Application Gateway and configures it for URL Path Based Routing.
Create an Application Gateway v2

Deploy to Azure
This template creates an application gateway v2 in a virtual network and sets up auto scaling properties and an HTTP load-balancing rule with public frontend
Create an Application Gateway

Deploy to Azure
This template creates an application gateway with Web Application Firewall functionality in a virtual network and sets up load balancing rules for any number of virtual machines
Application Gateway for a Web App with IP Restriction

Deploy to Azure
This template creates an application gateway in front of an Azure Web App with IP restriction enabled on the Web App.
Create an Application Gateway

Deploy to Azure
This template creates an application gateway in front of two Azure Web Apps with a custom probe enabled.
Application Security Groups

Deploy to Azure
This template shows how to put together the pieces to secure workloads using NSGs with Application Security Groups. It will deploy a Linux VM running NGINX and through the usage of Applicaton Security Groups on Network Security Groups we will allow access to ports 22 and 80 to a VM assigned to Application Security Group called webServersAsg.
Azure Bastion as a Service

Deploy to Azure
This template provisions Azure Bastion in a Virtual Network
Azure Bastion as a Service

Deploy to Azure
This template provisions Azure Bastion in a Virtual Network
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Deploy to Azure
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Create a Firewall and FirewallPolicy with Rules and Ipgroups

Deploy to Azure
This template deploys an Azure Firewall with Firewall Policy (including multiple application and network rules) referencing IP Groups in application and network rules.
Create a Firewall with FirewallPolicy and IpGroups

Deploy to Azure
This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup
Create an Azure Firewall with IpGroups

Deploy to Azure
This template creates an Azure Firewall with Application and Network Rules referring to IP Groups. Also, includes a Linux Jumpbox vm setup
Create an Azure Firewall with Availability Zones

Deploy to Azure
This template creates an Azure Firewall with Availability Zones and any number of Public IPs in a virtual network and sets up 1 sample application rule and 1 sample network rule
Create an Azure Firewall sandbox with forced tunneling

Deploy to Azure
This template creates an Azure Firewall sandbox (Linux) with one firewall force tunneled through another firewall in a peered VNET
Testing environment for Azure Firewall Premium

Deploy to Azure
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Create a sandbox setup of Azure Firewall with Linux VMs

Deploy to Azure
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses, 1 sample application rule, 1 sample network rule and default private ranges
Create a sandbox setup with Firewall Policy

Deploy to Azure
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses. Also creates a Firewall policy with 1 sample application rule, 1 sample network rule and default private ranges
Create a sandbox setup of Azure Firewall with Zones

Deploy to Azure
This template creates a virtual network with three subnets (server subnet, jumpbox subnet, and Azure Firewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the ServerSubnet,an Azure Firewall with one or more Public IP addresses, one sample application rule, and one sample network rule and Azure Firewall in Availability Zones 1, 2, and 3.
Deploy a Bastion host in a hub Virtual Network

Deploy to Azure
This template creates two vNets with peerings, a Bastion host in the Hub vNet and a Linux VM in the spoke vNet
Connect an ExpressRoute circuit to a VNET

Deploy to Azure
This template creates a VNET, an ExpresRoute Gateway and a connection to a provisioned and enabled ExpressRoute circuit with AzurePrivatePeering configured.
ExpressRoute circuit with private peering and Azure VNet

Deploy to Azure
This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute gateway and link the VNet to the ExpressRoute circuit
Extend an existing Azure VNET to a Multi-VNET Configuration

Deploy to Azure
This template allows you to extend an existing single VNET environment to a Multi-VNET environment that extends across two datacenter regions using VNET-to-VNET gateways
Front Door Standard/Premium with Application Gateway origin

Deploy to Azure
This template creates a Front Door Standard/Premium (Preview) and an Application Gateway instance, and uses an NSG and WAF policy to validate that traffic has come through the Front Door origin.
Front Door with Container Instances and Application Gateway

Deploy to Azure
This template creates a Front Door Standard/Premium (Preview) with a container group and Application Gateway.
Create an Azure Firewall with multiple IP public addresses

Deploy to Azure
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test.
Secured virtual hubs

Deploy to Azure
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
Create a cross-region load balancer

Deploy to Azure
This template creates a cross-region load balancer with a backend pool containing two regional load balancers. Cross-region load balancer is currently available in limited regions. The regional load balancers behind the cross-region load balancer can be in any region.
Standard Load Balancer with Backend Pool by IP Addresses

Deploy to Azure
This template is used to demonstrate how ARM Templates can be used to configure the Backend Pool of a Load Balancer by IP Address as outlined in the Backend Pool management document.
Create a load-balancer with a Public IPv6 address

Deploy to Azure
This template creates an Internet-facing load-balancer with a Public IPv6 address, load balancing rules, and two VMs for the backend pool.
Create a standard load-balancer

Deploy to Azure
This template creates an Internet-facing load-balancer, load balancing rules, and three VMs for the backend pool with each VM in a redundant zone.
Load Balancer with 2 VIPs, each with one LB rule

Deploy to Azure
This template allows you to create a Load Balancer, 2 Public IP addresses for the Load balancer (multivip), Virtual Network, Network Interface in the Virtual Network & a LB Rule in the Load Balancer that is used by the Network Interface.
Load Balancer with Inbound NAT Rule

Deploy to Azure
This template allows you to create a Load Balancer, Public IP address for the Load balancer, Virtual Network, Network Interface in the Virtual Network & a NAT Rule in the Load Balancer that is used by the Network Interface.
Virtual Network NAT

Deploy to Azure
Deploy a NAT gateway and virtual machine
Virtual Network NAT

Deploy to Azure
Deploy a NAT gateway and virtual network
Network Interface with Public IP Address

Deploy to Azure
This template allows you to create a Network Inerface in a Virtual Network referencing a Public IP Address.
Create a Point-to-Site Gateway

Deploy to Azure
This template allows you to create a Point-to-Site connection using VirtualNetworkGateways
Private Link service example

Deploy to Azure
This template shows how to create a private link service
Reserved IP Use Case Snippet

Deploy to Azure
This template demonstrates the currently supported use case for Reserved IP. A Reserved IP is simply a statically allocated Public IP.
Azure Route Server in BGP peering with Quagga

Deploy to Azure
This template deploys a Router Server and Ubuntu VM with Quagga. Two external BGP sessions are established between the Router Server and Quagga. Installation and configuration of Quagga is executed by Azure custom script extension for linux
Create a Site-to-Site VPN Connection

Deploy to Azure
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways
Create a Site-to-Site VPN Connection

Deploy to Azure
This template allows you to create a Site-to-Site VPN Connection using Virtual Network Gateways
Site-to-Site VPN with active-active VPN Gateways with BGP

Deploy to Azure
This template allows you to deploy a site-to-site VPN between two VNets with VPN Gateways in configuration active-active with BGP. Each Azure VPN Gateway resolves the FQDN of the remote peers to determine the public IP of the remote VPN Gateway. Template runs as expected in Azure regions with availability zones.
Azure Traffic Manager VM example

Deploy to Azure
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines.
Azure Traffic Manager VM example with Availability Zones

Deploy to Azure
This template shows how to create an Azure Traffic Manager profile load-balancing across multiple virtual machines placed in Availability Zones.
User defined routes and Appliance

Deploy to Azure
This template deploys a Virtual Network, VMs in respective subnets and routes to direct traffic to the appliance
201-vnet-2subnets-service-endpoints-storage-integration

Deploy to Azure
Creates 2 new VMs with a NIC each, in two different subnets within the same VNet. Sets service endpoint on one of the subnets and secures storage account to that subnet.
Create a VNET to VNET connection across two regions

Deploy to Azure
This template allows you to connect two VNETs in different regions using Virtual Network Gateways
Create a BGP VNET to VNET connection

Deploy to Azure
This template allows you to connect two VNETs using Virtual Network Gateways and BGP
Create three vNets to demonstrate transitive BGP connections

Deploy to Azure
This template deploys three vNets connected using Virtual Network Gateways and BGP-enabled connections