π Azure Public IP Address is not associated with any resource π’
- Contextual name: π Public IP Address is not associated with any resource π’
- ID:
/ce/ca/azure/virtual-network/unused-public-ip-address - Located in: π Azure Virtual Network
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITYCOST
Logicβ
- π§ prod.logic.yaml π’
Descriptionβ
Descriptionβ
Evaluate and remove Azure Public IP Addresses that are not currently associated with any Azure resource to minimize unnecessary costs and reduce resource clutter.
Rationalβ
Unassociated Public IP Addresses in Azure incur charges on an hourly basis despite not being attached to any active service. Proactively identifying and deallocating these unused IPs is an effective cost-optimization strategy.
Beyond cost implications, unassociated Public IPs may represent residual network exposure. While they do not directly expose a running workload, their presence can complicate network visibility, increase the attack surface, and hinder security posture management. Eliminating unused public IPs contributes to a cleaner, more secure, and manageable cloud environment.
Auditβ
This policy marks an Azure Public IP Address as
INCOMPLIANTif theAssociated Resource IDfield is empty, indicating no active associations with IP Configurations.
Remediationβ
Remediationβ
Deallocate the Unused Public IP Addressβ
If a Public IP Address is confirmed to be unused and not required by any current or planned service, it should be deleted to prevent ongoing charges and reduce the potential network exposure.
Azure CLIβ
az network public-ip delete \
--resource-group {{resource-group-name}} \
--name {{public-ip-name}}PowerShellβ
Remove-AzPublicIpAddress `
-Name "{{public-ip-name}}" `
-ResourceGroupName "{{resource-group-name}}"Considerationsβ
- Ensure that the Public IP Address is not reserved for future use or linked to a pending deployment. Accidental deletion may cause disruption to planned services.
- If the Public IP was recently detached due to the deletion of a dependent resource, verify that the resource removal was intentional and permanent.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ Cloudaware Framework β πΌ Public and Anonymous Access | 69 | |||
| πΌ Cloudaware Framework β πΌ Waste Reduction | 9 |