Skip to content

README.md

Latest commit

 

History

History
169 lines (130 loc) · 4.85 KB

README.md

File metadata and controls

169 lines (130 loc) · 4.85 KB

Azure Cloud Infrastructure as Code

This repository contains Infrastructure as Code (IaC) templates using Azure Bicep for deploying a complete cloud infrastructure. The infrastructure includes serverless functions, content delivery, database, and storage components configured for both production and non-production environments.

Architecture Overview

![Architecture Diagram] The infrastructure consists of the following components:

  • Azure Front Door: Global load balancer and CDN
  • Azure Functions: Serverless compute with staging slots
  • Azure Storage Accounts: Blob storage for various purposes
  • Azure Cosmos DB: NoSQL database with serverless configuration
  • Azure DNS: Custom domain management
  • App Service Plan: Hosting plan for Function Apps

Prerequisites

  • Azure CLI (version 2.50.0 or later)
  • Azure subscription with Owner/Contributor access
  • PowerShell 7+ or Azure Cloud Shell
  • Visual Studio Code with Bicep extension (optional)

Repository Structure

.
├── main.bicep              # Main deployment template
├── main.bicepparam        # Parameter file
├── modules/
│   ├── appServicePlan.bicep    # App Service Plan configuration
│   ├── cosmosDbAccount.bicep   # Cosmos DB configuration
│   ├── createContainer.bicep   # Storage container creation
│   ├── dnsZone.bicep          # DNS configuration
│   ├── frontDoor.bicep        # Front Door configuration
│   ├── functionAppProd.bicep   # Production function app
│   ├── functionAppStage.bicep  # Staging function app
│   └── storageAccount.bicep    # Storage account configuration

Environment Setup

  1. Install Azure CLI and login:
# Install Azure CLI (Windows)
winget install Microsoft.AzureCLI

# Login to Azure
az login
az account set --subscription "<subscription-id>"

az group list --query "[].name" -o tsv | ForEach-Object { az group delete --name $_ --yes --no-wait }

  1. Configure environment variables:
$RG="rg-webapp-102-lz"
$LOCATION="centralus"
$TEMPLATE="main.bicep"
$PARAMS="main.bicepparam"
  1. Create Resource Group:
az group create --name $RG --location $LOCATION

Parameter Configuration

Update main.bicepparam with your specific values:

  • environment: 'prod' or 'nonprod'
  • location: Azure region
  • zoneName: Your custom domain
  • funcName: Base name for function apps
  • profileName: Front Door profile name
  • tags: Resource tagging structure
  • dnsRecords: DNS configuration including verification codes

Deployment

  1. Set up environment variables:
# Run the environment setup script
./scripts/Set-Environment.ps1 -ResourceGroupName "your-resource-group" -Location "your-location" -Environment "prod"
  1. Validate the deployment:
az deployment group what-if --resource-group $env:AZURE_RG --template-file $TEMPLATE --parameters $PARAMS
  1. Deploy the infrastructure:
az deployment group create --resource-group $env:AZURE_RG --template-file $TEMPLATE --parameters $PARAMS
  1. Update Storage Account Verification:
# Connect to Azure (if not already connected)
Connect-AzAccount

# Run the storage verification script (uses environment variables)
./scripts/Update-StorageVerification.ps1

Security Considerations

  • All storage accounts are configured with:

    • HTTPS-only access
    • TLS 1.2 minimum version
    • Disabled public blob access
    • OAuth authentication enabled

  • Function Apps include:

    • HTTPS-only access
    • Managed identity authentication
    • CORS configuration for specified domains
    • FTPS-only state

  • Front Door provides:

    • WAF protection (optional)
    • TLS 1.2 minimum version
    • Managed certificates for custom domains

Monitoring and Maintenance

  1. Monitor deployments:
az deployment group list --resource-group $RG --query "[].{Name:name, ProvisioningState:properties.provisioningState}" -o table
  1. Check resource health:
az resource list --resource-group $RG --query "[].{Name:name, Type:type, Status:properties.provisioningState}" -o table

Troubleshooting

Common issues and solutions:

  1. Deployment Failures

    • Verify parameter values in main.bicepparam
    • Check resource name availability
    • Verify subscription permissions

  2. DNS Configuration

    • Ensure DNS verification codes are correct
    • Allow time for DNS propagation (up to 48 hours)
    • Verify domain ownership

  3. Function App Issues

    • Check App Service Plan scaling
    • Verify storage account connections
    • Review application settings

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Commit your changes
  4. Push to the branch
  5. Create a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

For support and questions, please open an issue in the repository.