4

On an Azure VM when querying for metadata, the publicIpAddress has no value even though the machine as a public IP.

curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2019-11-01"

returns an empty string for publicIpAddress

{
  "compute": {
    // ... Omitted for brevity
  },
  "network": {
    "interface": [
      {
        "ipv4": {
          "ipAddress": [
            {
              "privateIpAddress": "10.3.0.4",
              "publicIpAddress": ""
            }
          ],
         // ... Rest has been omitted for brevity

Does anyone know why? I checked https://learn.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service, but couldn't find any reason for the public IP address not to show up

KBoek
  • 5,794
  • 5
  • 32
  • 49

2 Answers2

2

I believe your public IP address is Standard SKU instead of Basic SKU, which does not support instance metadata service.

From MSDN:

Only Public IP addresses with basic SKU are available when using instance metadata service IMDS. Standard SKU is not supported.

This GitHub Issue also has more information.

I've also tested this with both basic and standard SKU public IP addresses, and standard SKU will give you "publicIpAddress":"" when querying the instance metadata instance API.

Solution

To be able to use the instance metadata service, you need to use a Basic SKU public IP address. You cannot change the SKU once a public IP address is created, as highlighted in MSDN.

Instead, you could first disassociate your Standard SKU public IP address instance from your virtual machine network interface, create a new public IP address with Basic SKU, then associate this public IP address with your virtual machine network interface. This is required since a network interface can only have one public IP address associated to it.

Checking Public IP Address SKU

You can run Get-AzPublicIpAddress from Azure PowerShell command to check your public address SKU:

(Get-AzPublicIpAddress -Name "PUBLIC-IP-NAME" -ResourceGroupName "RESOURCE-GROUP").Sku.Name

Or using az network public-ip show from Azure CLI if you prefer:

az network public-ip show -n "PUBLIC-IP-NAME" -g "RESOURCE-GROUP" --query "sku.name"

Or just check via Azure portal by navigating to your public IP address instance.

RoadRunner
  • 25,803
  • 6
  • 42
  • 75
2

My answer might be too late, but this will help others who are looking for this solution. Yes as RoadRunner mentioned you cannot access a Standard SKU public IP from the above API.

The solution is the query the load balancer api endpoint which will return the list of Standard public IP addresses of the VM.

API call:

curl -H "Metadata:true" http://169.254.169.254/metadata/loadbalancer?api-version=2020-10-01
You can also use a more recent api version.

Response:

{
  "loadbalancer": {
    "publicIpAddresses": [
      {
        "frontendIpAddress": "20.X.Y.Z",
        "privateIpAddress": "10.X.Y.Z"
      }
    ],
    "inboundRules": [],
    "outboundRules": []
  }
}

The publicIpAddresses will contain all the standard IP's associated with the VM.

The key frontendIpAddress is the public IP address of the VM.

Ashik Meeran Mohideen
  • 21
  • 1