Merge pull request #234256 from KarlErickson/karler-bowen5

edit #108057

Author: prmerger-automator[bot]

articles/spring-apps/concept-outbound-type.md

@@ -16,16 +16,16 @@ ms.custom: devx-track-java, engagement-fy23
 
 **This article applies to:** ✔️ Java ✔️ C#
 
-**This article applies to:** ✔️ Basic/Standard tier ✔️ Enterprise tier
+**This article applies to:** ✔️ Basic/Standard ✔️ Enterprise
 
 This article describes how to customize an instance's egress route to support custom network scenarios. For example, you might want to customize an instance's egress route for networks that disallow public IPs and require the instance to sit behind a network virtual appliance (NVA).
 
-By default, Azure Spring Apps provisions a Standard SKU Load Balancer that you can set up and use for egress. However, the default setup may not meet the requirements of all scenarios. For example, public IPs may not be allowed, or more hops may be required for egress.
+By default, Azure Spring Apps provisions a Standard SKU Load Balancer that you can set up and use for egress. However, the default setup may not meet the requirements of all scenarios. For example, public IPs may not be allowed, or more hops may be required for egress. When you use this feature to customize egress, Azure Spring Apps doesn't create public IP resources.
 
 ## Prerequisites
 
 - All prerequisites for deploying Azure Spring Apps in a virtual network. For more information, see [Deploy Azure Spring Apps in a virtual network](how-to-deploy-in-azure-virtual-network.md).
-- An API version of *2022-09-01 preview* or greater.
+- An API version of `2022-09-01 preview` or greater.
 - [Azure CLI version 1.1.7 or later](/cli/azure/install-azure-cli).
 
 ## Limitations
@@ -47,7 +47,7 @@ The default `outboundType` value is `loadBalancer`. If `outboundType` is set to
 > [!NOTE]
 > Using an outbound type is an advanced networking scenario and requires proper network configuration.
 
-If `outboundType` is set to `userDefinedRouting`, Azure Spring Apps won't automatically configure egress paths. You must set up egress paths yourself. You could still find two load balancers in your resource group. They're only used for internal traffic and won't expose any public IP. You must prepare two route tables associated with two subnets: one to service the runtime and another for the user app.
+If `outboundType` is set to `userDefinedRouting`, Azure Spring Apps doesn't automatically configure egress paths. You must set up egress paths yourself. You could still find two load balancers in your resource group. They're only used for internal traffic and don't expose any public IP. You must prepare two route tables associated with two subnets: one to service the runtime and another for the user app.
 
 > [!IMPORTANT]
 > An `outboundType` of `userDefinedRouting` requires a route for `0.0.0.0/0` and the next hop destination of a network virtual appliance in the route table. For more information, see [Customer responsibilities for running Azure Spring Apps in a virtual network](vnet-customer-responsibilities.md).

articles/spring-apps/how-to-create-user-defined-route-instance.md

@@ -13,7 +13,7 @@ ms.custom: devx-track-java, devx-track-azurecli
 
 **This article applies to:** ✔️ Java ✔️ C#
 
-**This article applies to:** ✔️ Basic/Standard tier ✔️ Enterprise tier
+**This article applies to:** ✔️ Basic/Standard ✔️ Enterprise
 
 This article describes how to secure outbound traffic from your applications hosted in Azure Spring Apps. The article provides an example of a user-defined route. A user-defined route is an advanced feature that lets you fully control egress traffic. You can use a user-defined route in scenarios such as disallowing an Azure Spring Apps autogenerated public IP address.
 
@@ -35,10 +35,11 @@ The following illustration shows an example of an Azure Spring Apps virtual netw
 
 This diagram illustrates the following features of the architecture:
 
-* Public ingress traffic must flow through firewall filters.
-* Each Azure Spring Apps instance is isolated within a dedicated subnet.
-* The firewall is owned and managed by customers. 
-* This structure ensures that the firewall enables a healthy environment for all the functions you need.
+- Public ingress traffic must flow through firewall filters.
+- Each Azure Spring Apps instance is isolated within a dedicated subnet.
+- Customers own and manage the firewall.
+- This structure ensures that the firewall enables a healthy environment for all the functions you need.
+- Azure Spring Apps doesn't automatically generate public IP resources.
 
 ### Define environment variables
 
@@ -110,7 +111,7 @@ az network vnet subnet create \
 Use the following command to create and set up an Azure Firewall instance with a user-defined route, and to configure Azure Firewall outbound rules. The firewall lets you configure granular egress traffic rules from Azure Spring Apps.
 
 > [!IMPORTANT]
-> If your cluster or application creates a large number of outbound connections directed to the same destination or to a small subset of destinations, you might require more firewall front-end IP addresses to avoid reaching the maximum ports per front-end IP address. For more information on how to create an Azure Firewall instance with multiple IP addresses, see [Quickstart: Create an Azure Firewall instance with multiple public IP addresses - ARM template](../firewall/quick-create-multiple-ip-template.md). Create a Standard SKU public IP resource that will be used as the Azure Firewall front-end address.
+> If your cluster or application creates a large number of outbound connections directed to the same destination or to a small subset of destinations, you might require more firewall front-end IP addresses to avoid reaching the maximum ports per front-end IP address. For more information on how to create an Azure Firewall instance with multiple IP addresses, see [Quickstart: Create an Azure Firewall instance with multiple public IP addresses - ARM template](../firewall/quick-create-multiple-ip-template.md). Create a Standard SKU public IP resource for use as the Azure Firewall front-end address.
 
 ```azurecli
 az network public-ip create \
@@ -137,7 +138,7 @@ az network firewall create \
 The following example shows how to assign the IP address that you created to the firewall front end.
 
 > [!NOTE]
-> Setting up the public IP address to the Azure Firewall instance might take a few minutes. To use a fully qualified domain name (FQDN) on network rules, enable a DNS proxy. After you enable the proxy, the firewall will listen on port 53 and forward DNS requests to the specified DNS server. The firewall can then translate the FQDN automatically.
+> Setting up the public IP address to the Azure Firewall instance might take a few minutes. To use a fully qualified domain name (FQDN) on network rules, enable a DNS proxy. After you enable the proxy, the firewall listens on port 53 and forwards DNS requests to the specified DNS server. The firewall can then translate the FQDN automatically.
 
 ```azurecli
 # Configure the firewall IP address.
@@ -319,7 +320,7 @@ az spring create \
     --outbound-type userDefinedRouting
 ```
 
-You can now access the public IP address of the firewall from the internet. The firewall will route traffic into Azure Spring Apps subnets according to your routing rules.
+You can now access the public IP address of the firewall from the internet. The firewall routes traffic into Azure Spring Apps subnets according to your routing rules.
 
 ## Next steps