Scenario
Route Logic App Standard traffic through your Virtual Network through specified static public IP address(es).
This approach will not work with Logic App Consumption
References
- Control Azure Functions outbound IP with an Azure virtual network NAT gateway | Microsoft Learn
- Manage a NAT gateway - Azure Virtual Network NAT | Microsoft Learn
- NAT gateway integration - Azure App Service | Microsoft Learn
Services Used
- Azure Logic Apps (Standard)
- Azure Virtual Network
- Azure NAT Gateway
Steps
1. Create Virtual Network
2. Create Logic App Standard
3. Create a workflow within the Logic App and set up an outbound HTTP action.
- GET Method
- URI: https://ifconfig.me
This external website returns the IP address of the caller. This step mimics the HTTP trigger function mentioned here:
Control Azure Functions outbound IP with an Azure virtual network NAT gateway | Microsoft Learn
4. Integrate the Virtual Network Integration on the Logic App and select the VNET/subnet that was created in Step 1.
5. (Optional) Test without the NAT Gateway Linked
- Invoke the workflow first and make the outbound call before configuring the NAT Gateway for testing/checking which IP address is returned.
- In this case, the IP address that was returned by the service is 20.88.178.231
- The IP address is part of the range of outbound IP addresses of the Logic App on the Networking page.
Navigate to the Networking blade of the Logic App and click on the list of Outbound IP addresses to view the full set. The IP address returned is part of the list.
6. Create NAT Gateway and integrate it to the Virtual Network
These below steps can be done during or after creation:
- Link the NAT Gateway to the Virtual Network and subnet that is configured on the Logic App.
- Create a Public IP Address, which will act as the outbound IP address.
Check to see what the IP address has been created. The Outbound IP address is this case is 20.115.24.20. This is the static IP address. You can also create more IP addresses.
7. Test with the NAT Gateway Linked
- Invoke the workflow first and make the outbound call after configuring the NAT Gateway for testing/checking which IP address is returned.
- In this case, the IP address that was returned by the service is 20.114.24.20
- The IP address is the Public IP address configured on the NAT Gateway, so the traffic has been routed through that.
Conclusion
Logic Apps Standard can be integrated with a Virtual Network, which in turn can be integrated with a NAT Gateway. This helps with routing traffic on built-in connectors through the NAT Gateway, using the static IP(s) defined as the outbound IP. In this tutorial, I have created only 1 static IP, but it is possible to create more on the NAT Gateway, which will allow the Logic App's traffic to route through either one.