Support the Removal of Inbound NAT Rules after deployment

[AlexFlat]

Hi,

We are using Service Fabric, which uses VMSS as the VM deployment mechanism. The default template installs public RDP to all VMs in the cluster using Inbound NAT Rules. We want to secure the cluster and remove direct RDP from each VM (we will employ a JumpBox for remote access). When trying to remove/update the Inbound NAT Rules we receive an error

Cannot remove inbound nat pool LoadBalancerXXXX from load balancer since it is in use by virtual machine scale set

I logged this issue with Azure Support and they confirmed that this is not currently supported for VMSS. I tried to find an issue/feature related to Inbound NAT Rules on this Repo but was unable to, so I logged one just in case. (Please delete if this is somewhere else)

Can you confirm if this feature is in the pipeline and if so, what is its status?

Thanks

Alex

[MJeorrett]

+1 Slightly different scenario. I have enabled debugging in visual studio which adds to the inbound NAT rules so when I try to make an incremental change to the deployed resources (in my case add certs to the VMs) I get the same error. I can work around by disabling debugging in Visual Studio before doing the deploy but would be nice if I didn't have to.

[rdkleine]

+1

[rwwilden]

You can actually update NAT rules by (temporarily) disconnecting the VMSS from the NAT pool(s). I wrote a blog post explaining this approach.