[NoNameProvided]

We use Azure at work and this article hit home hard. As we just have been burned recently by Azure pricing. I am in the same spot as the author: liking Azure but being put off by all the weird stuff sometimes they are doing.

In our case, all we wanted was a static IP in front of an Azure Container Instance. Easy right? Let's put the container in a vNET, place a NAT Gateway in front of it and we are done. However, for some reason NAT Gateway is not supported for Container instances, instead, the official documentation suggests setting up an Azure managed firewall in front of your container that starts at a whopping 600EUR/month. That is a steep price increase from your ~30ish EUR/month for a basic container instance and it doesn't seem to be any other official alternative.

I have opened an issue with the docs team [1] about it and I hope there is another way of doing this that doesn't incur a doubling of our Azure monthly spending.

[1]: https://github.com/MicrosoftDocs/azure-docs/issues/81274

[amir734jj]

I don't think azure-docs repo is the right place to ask for help/suggestions as maintainers are not very responsive because their sole job is to push internal docs to public docs. But I understand your frustration.

However, I believe you could have set up "public IP prefix" using azure cli. I do not think you needs a azure managed firewall.

Adding managed firewall just to have edge IP is like saying I want to add a outside patio to my house, sure let's add a security check point for the neighborhood first.

[hirsin]

This varies immensely by the product team. If you file a bug on the AAD protocol docs I have a self-enforced SLA of a business day (or less). And a CVP enforced SLA to solve it in 30 days. And I generally love the folks who do file bugs - they're engineers, and usually fairly savvy.

Other teams do get burnt out on docs though, especially when customers use them for abuse or free architecture help. My favorite was someone asking me how to use an Oracle product. I know our branding is confusing but it's not that bad... Is it?

[NoNameProvided]

> I don't think azure-docs repo is the right place to ask for help/suggestions as maintainers are not very responsive because their sole job is to push internal docs to public docs.

What place would you suggest? We had bad experience with Azure support we could never fight through on the first support line.

> However, I believe you could have set up "public IP prefix" using azure cli. I do not think you needs a azure managed firewall.

I don't have deep experience in networking stuff on Azure so my understanding can be wrong, but I think "public ip prefix" is just a group of continuous IP addresses what you can reserve. You still need to assign those to something eg a NAT Gateway. As far as I know you cannot assign them directly to an Container Instance.

[larrybud]

[Microsoft employee here, speaking for myself]

>> I don't think azure-docs repo is the right place to ask for help/suggestions This is correct -- The azure docs repo feedback mechanism (using GitHub issues) is primarily for providing feedback on the documentation itself. We try to make this clear via the buttons on the bottom of the page; one is for 'Product Feedback' and the other is for 'Feedback about this page'. I would agree that the distinctions can be blurry, but I see the three categories as: - Product Support: I need help with a product - Product Feedback: Product A is missing feature B, and I want you to add it - Documentation Feedback: The documentation is unclear, has a typo, or the example provided no longer works

For Product support, your best bet is to go through the standard support channel. I'm sorry that you didn't get a better response when you tried contacting support. Do you have paid support? If you're a large customer, you may get a dedicated customer support account manager. Additionally, there are community forums including https://docs.microsoft.com/en-us/answers/topics/azure-contai... and https://techcommunity.microsoft.com/t5/azure-compute/bd-p/Co... , which can also be used to submit product feedback.

[notimrelakatos]

Dear lord, this hits too close home, I've been having nightmares maintaining some Azure infra lately. I'm not a cloud-provider fanboy, they all suck at the end of day, but Azure is the one that deliberately makes my life worse every day.

All those features and no decent integration between them, unless you're a multi billion 100k employee company you'll have no luck with their customer support either.

[throw1234651234]

I had an Azure employee troubleshoot my PG db instance for hours with me, for free, while our total spend was something like $100 a month.

Now, this employee didn't really help, but they were obviously professional and had database experience and didn't act condescending / like they were doing us a favor at all.

They just worked through the issue with me, which was a very pleasant surprise.

[topspin]

> I hope there is another way of doing this that doesn't incur a doubling of our Azure monthly spending

Oracle Cloud Infrastructure provides NAT gateways for free. You pay (low) transit costs, but unlike AWS+Azure (idk about Google) the NAT gateway itself costs nothing, so you don't pay twice for NAT traffic.

All the traffic at these cloud operations gets handled by cloud scale SDN systems. I suspect the actual cost of the few tens of bytes necessary to track a NAT connection is lost in the noise of such platforms. So to my mind the high cost of some of these cloud operator's NAT gateways seems abusive.

Fortunately there is indeed competition that accommodates my view.

[globnomulous]

Could you not attach it to a subnet, and attach the subnet to a network security group, and then do what's needed in the network security group? Maybe there are regional restrictions that I'm unaware of.

Edit: oh, no, you just need a public ip prefix/address, right?