We are currently validating a workflow which would involve whitelisting IP addresses from Azure in order to be able to talk to specific servers that we own. Our plan is to use Azure App Service Environment to be able to get a static IP address we could use (so that all app services running under that environment would be able to talk to our servers). My question -
Though the public VIP is described in detail, I couldn't find any documentation that describes cases when it could change or be disassociated from the App Service Environment.
Are there additional configurations/specific pricing tiers that we should follow in order for us to safely assume that we would not lose ownership of the public VIP we are whitelisting
ASE IP addresses
An ASE has a few IP addresses to be aware of. They are:
Public inbound IP address: Used for app traffic in an External ASE, and management traffic in both an External ASE and an ILB ASE.
Outbound public IP: Used as the "from" IP for outbound connections from the ASE that leave the VNet, which aren't routed down a VPN.
ILB IP address: The ILB IP address only exists in an ILB ASE.
App-assigned IP-based SSL addresses: Only possible with an External ASE and when IP-based SSL is configured.
All these IP addresses are visible in the Azure portal from the ASE UI.
These IP addresses will not change so long as your ASE stays up and running. If your ASE becomes suspended and restored, the addresses used by your ASE will change. The normal cause for an ASE to become suspended is if you block inbound management access or block access to an ASE dependency.