IP restriction recommendations for publicly accessible container apps

Azure / aca-landing-zone-accelerator

The Azure Container Apps landing zone accelerator is an open-source collection of architectural guidance and reference implementation to accelerate deployment of Azure Container Apps at scale.

https://aka.ms/aca-lza

MIT License

176 stars 90 forks source link

IP restriction recommendations for publicly accessible container apps #57

Closed Nicwalle closed 1 year ago

Nicwalle commented 1 year ago

Hi, The landing zone accelerator does not mention the IP restriction functionality: https://learn.microsoft.com/en-us/azure/container-apps/ip-restrictions?pivots=azure-portal

In some scenarios, it makes sense to have a public facing container app rather than putting it behind an application gateway. It would thus be nice to have some discussions and recommendations regarding such a scenario. Thank you.

thotheod commented 1 year ago

Hi @Nicwalle , thank you for your recommendation. I assume a valid scenario to use IP Restrictions would be to use a third party CDN/WAF service, so we updated the Networking Design Area accordingly. Do you have something else in mind?