| page_type | languages | products | urlFragment | name | description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
sample |
|
|
azd-ais-async |
Deploy an Asynchronous Pattern to the azd-ais-lza with Azure Developer CLI |
Deploy an Asynchronous Pattern to the azd-ais-lza with Azure Developer CLI to demonstrate an automated deployment of an Integration Pattern to an Azure Integration Services Landingzone. The integration landingzone includes best practices for security, network isolation, monitoring, and more. |
Deploy an Asynchronous Pattern to the azd-ais-lza with Azure Developer CLI to demonstrate an automated deployment of an Integration Pattern to an Azure Integration Services Landingzone. The integration landingzone includes best practices for security, network isolation, monitoring, and more.
Based on the choices made during the Landingzone deployment (like deploying Azure Frontdoor, Application Service Environment v3, Azure Service Bus), the Asynchronous Pattern will be deployed in its own resource group, but will be leveraging resources in the Landingzone via the vnet (and Private Endpoints). The Asynchronous Pattern includes an Azure Logic App with multiple workflows, Azure Service Bus Queues, CosmosDB as an ODS, and APIs in Azure API Management.
- Infrastructure-as-code: Bicep templates for provisioning and deploying the resources.
- Secure Access Management: Best practices and configurations for managing secure access to Azure Integration Services.
- Monitoring: Solutions for tracking and monitoring Azure Integration Services.
- End-to-end sample: Deployment of an Asynchronous Pattern from beginning to end.
Read more: Architecture in detail
- Infrastructure-as-code (IaC) Bicep files under the
infrafolder that demonstrate how to provision resources and setup resource tagging for azd. - A dev container configuration file under the
.devcontainerdirectory that installs infrastructure tooling by default. This can be readily used to create cloud-hosted developer environments such as GitHub Codespaces or a local environment via a VSCode DevContainer. - Continuous deployment workflows for CI providers such as GitHub Actions under the
.githubdirectory, and Azure Pipelines under the.azdodirectory that work for most use-cases.
azd init -t pascalvanderheiden/azd-ais-asyncIf you already cloned this repository to your local machine or run from a Dev Container or GitHub Codespaces you can run the following command from the root folder.
azd initIt will prompt you to provide a name that will later be used in the name of the deployed resources. If you're not logged into Azure, it will also prompt you to first login.
azd auth loginazd upIt will prompt you to login, pick a subscription, and provide a location (like "eastus"). We've added extra conditional parameters to determine to which landingzone services you want to deploy. For example, Azure Service Bus is an optional service that you can choose to deploy or not in the Landingzone. For this pattern, the Service Bus service is required. This pattern will not deploy an instance of Service Bus, but you'll need to have it deployed in the Landingzone. The same applies to the App Service Environment v3, if you have chosen to deploy Logic Apps to an isolated environment, this App Service Plan will be used. Otherwise, the Logic Apps will be deployed to the "standard, but shielded off from the internet" App Service Plan. At first you are asked to provide the resource group name of the integration Landingzone, and it will look for the Service Bus namespace, App Service Plan, Vnet and API management in that resource group. If there is only one available it will use that one, otherwise it will prompt you to choose one.
For more details on the deployed services, see additional details below.
azd-ais-async-deploy.mp4
This project includes a Github workflow and a Azure DevOps Pipeline for deploying the resources to Azure on every push to main. That workflow requires several Azure-related authentication secrets to be stored as Github action secrets. To set that up, run:
azd pipeline configYou can configure azd to provision and deploy resources to your deployment environments using standard commands such as azd up or azd provision. When platform.type is set to devcenter, all azd remote environment state and provisioning uses dev center components. azd uses one of the infrastructure templates defined in your dev center catalog for resource provisioning. In this configuration, the infra folder in your local templates isn’t used.
azd config set platform.type devcenterThe deployed resources include a Log Analytics workspace with an Application Insights based dashboard to measure metrics like server response time and failed requests.
To open that dashboard, run this command once you've deployed:
azd monitor --overviewTo clean up all the resources you've created and purge the soft-deletes, simply run:
azd down --purge --forceThe resource group and all the resources will be deleted and you'll not be prompted.
azd-ais-async-explain-update-deploy.mp4
A tests.http file with relevant tests you can perform is included, to check if your deployment is successful. You need the subcription key, created in API Management in order to test the API. The rest of the names / urls can be fetched from the azd env file here: .azure//.env or by using this command:
azd env get-valuesYou can find more information about how to create subscription keys here.
azd-ais-async-test.mp4
After forking this repo, you can use this GitHub Action to enable CI/CD for your fork. Just adjust the README in your fork to point to your own GitHub repo.
| GitHub Action | Status |
|---|---|
azd Deploy |
 |
The following section examines different concepts that help tie in application and infrastructure.
This repository illustrates how to deploy an Asynchronous Pattern to a predefined Azure Integration Services Landing Zone accelerator, with Azure Developer CLI. The accelerator includes best practices for security, network isolation, monitoring, and more.
We've used the Azure Developer CLI Bicep Starter template to create this repository. With azd you can create a new repository with a fully functional CI/CD pipeline in minutes. You can find more information about azd here.
One of the key points of azd templates is that we can implement best practices together with our solution when it comes to security, network isolation, monitoring, etc. Users are free to define their own best practices for their dev teams & organization, so all deployments are followed by the same standards.
The best practices we've followed for this architecture are: Azure Integration Service Landingzone Accelerator.
When it comes to security, there are recommendations mentioned for securing your Azure API Management instance in the accelerators above. For example, implementing OAuth authentication on the API Management instance. How to implement OAuth authentication on API Management (see here repository).
We're also using Azure Monitor Private Link Scope. This allows us to define the boundaries of my monitoring network, and only allow traffic from within that network to my Log Analytics workspace. This is a great way to secure your monitoring network.
Azure API Management is a fully managed service that enables customers to publish, secure, transform, maintain, and monitor APIs. It is a great way to expose your APIs to the outside world in a secure and manageable way.
Managed identities allows you to secure communication between services. This is done without having the need for you to manage any credentials.
Application Insights allows you to monitor your application. You can use this to monitor the performance of your application.
Log Analytics allows you to collect and analyze telemetry data from your application. You can use this to monitor the performance of your application.
Azure Service Bus allows you to use a secure messaging service.
Azure Front Door allows you to use a secure global CDN.
Azure App Service Environment allows you to use a secure and isolated environment for running your Logic App or Azure Function App.
Azure Key Vault allows you to store and manage your secrets in a secure way.
Azure Storage allows you to store your data in a secure way.
Azure Cosmos DB allows you to store your data in a secure way.
Azure Logic Apps allows you to automate your workflows.