โญ Repository โ ๐ Compliance Engine โ ๐ CloudAware โ ๐ Azure โ ๐ Virtual Network
๐ก๏ธ Azure Public IP Address is not associated with any resource๐ข
- Contextual name: ๐ก๏ธ Public IP Address is not associated with any resource๐ข
- ID:
/ce/ca/azure/virtual-network/unused-public-ip-address - Tags:
- ๐ข Policy with categories
- ๐ข Policy with type
- ๐ข Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
SECURITY,COST
Logicโ
- ๐ง prod.logic.yaml๐ข
Descriptionโ
Descriptionโ
Evaluate and remove Azure Public IP Addresses that are not currently associated with any Azure resource to minimize unnecessary costs and reduce resource clutter.
Rationalโ
Unassociated Public IP Addresses in Azure incur charges on an hourly basis despite not being attached to any active service. Proactively identifying and deallocating these unused IPs is an effective cost-optimization strategy.
Beyond cost implications, unassociated Public IPs may represent residual network exposure. While they do not directly expose a running workload, their presence can complicate network visibility, increase the attack surface, and hinder security posture management. Eliminating unused public IPs contributes to a cleaner, more secure, and manageable cloud environment.
Auditโ
This policy marks an Azure Public IP Address as
INCOMPLIANTif theAssociated Resource IDfield is empty, indicating no active associations with IP Configurations.
Remediationโ
Remediationโ
Deallocate the Unused Public IP Addressโ
If a Public IP Address is confirmed to be unused and not required by any current or planned service, it should be deleted to prevent ongoing charges and reduce the potential network exposure.
Azure CLIโ
az network public-ip delete \
--resource-group {{resource-group-name}} \
--name {{public-ip-name}}PowerShellโ
Remove-AzPublicIpAddress `
-Name "{{public-ip-name}}" `
-ResourceGroupName "{{resource-group-name}}"Considerationsโ
- Ensure that the Public IP Address is not reserved for future use or linked to a pending deployment. Accidental deletion may cause disruption to planned services.
- If the Public IP was recently detached due to the deletion of a dependent resource, verify that the resource removal was intentional and permanent.
policy.yamlโ
Linked Framework Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| ๐ผ Cloudaware Framework โ ๐ผ Public and Anonymous Access | 80 | no data | |||
| ๐ผ Cloudaware Framework โ ๐ผ Waste Reduction | 25 | no data |