ALZ-Bicep icon indicating copy to clipboard operation
ALZ-Bicep copied to clipboard
verified publisher icon Azure

💡 Feature Request - Add zone configuration for hub network PIPs

Open BernieWhite opened this issue 3 years ago • 0 comments

Describe the solution you'd like

Currently several public IP addresses are created for numerous services in the hub networking module, this includes:

  • Azure Firewall
  • VPN/ Expression Gateway
  • Azure Bastion

Currently there is a configuration for availability zones supported with Azure Firewall which also sets the zones property of the public IP address through the parAzureFirewallAvailabilityZones parameter.

For VPN/ ER gateways, to fully support availability zones a AZ SKU + a public IP across more then one zone is required for zone redundancy. If you deploy via that Azure Portal, the Zone Redundancy option includes zones 1, 2, 3.

Currently I can't see any docs specifically calling out if Azure Bastion supports availability zones and the resource configuration does not have a telling zones property so I will assume not.

The other PIPs ideally should support availability zones to align to Well-Architected Framework (WAF) recommendation for reliability when a region supports it.

Additional context

This is reported by PSRule for Azure: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.PublicIP.AvailabilityZone/

Related to #206

BernieWhite avatar May 24 '22 12:05 BernieWhite