/eh-python-cosmos1

Primary LanguageBicepMIT LicenseMIT

page_type languages products urlFragment name description
sample
azdeveloper
python
bicep
typescript
html
azure
azure-cosmos-db
azure-app-service
azure-monitor
azure-pipelines
todo-python-mongo
Web Application with a Python API and Azure Cosmos DB API for MongoDB on Azure App Service
A complete ToDo app with Python FastAPI and Azure Cosmos API for MongoDB for storage. Uses Azure Developer CLI (azd) to build, deploy, and monitor

ToDo Application with a Python API and Azure Cosmos DB API for MongoDB on Azure App Service

Open in GitHub Codespaces Open in Remote - Containers

A complete ToDo application that includes everything you need to build, deploy, and monitor an Azure solution. This application uses the Azure Developer CLI (azd) to get you up and running on Azure quickly using Bicep as the IaC provider, React.js for the Web application, Python (FastAPI) for the API, Azure Cosmos DB API for MongoDB for storage, and Azure Monitor for monitoring and logging. It includes application code, tools, and pipelines that serve as a foundation from which you can build upon and customize when creating your own solutions.

Let's jump in and get the ToDo app up and running in Azure. When you are finished, you will have a fully functional web app deployed on Azure. In later steps, you'll see how to setup a pipeline and monitor the application.

Screenshot of deployed ToDo app

Screenshot of the deployed ToDo app

Prerequisites

The following prerequisites are required to use this application. Please ensure that you have them all installed locally.

Quickstart

The fastest way for you to get this application up and running on Azure is to use the azd up command. This single command will create and configure all necessary Azure resources - including access policies and roles for your account and service-to-service communication with Managed Identities.

  1. Open a terminal, create a new empty folder, and change into it.
  2. Create a new Python virtual environment.
  3. Run the following command to initialize the project, provision Azure resources, and deploy the application code.
azd up --template todo-python-mongo

You will be prompted for the following information:

  • Environment Name: This will be used as a prefix for the resource group that will be created to hold all Azure resources. This name should be unique within your Azure subscription.
  • Azure Location: The Azure location where your resources will be deployed.
  • Azure Subscription: The Azure Subscription where your resources will be deployed.

NOTE: This may take a while to complete as it executes three commands: azd init (initializes environment), azd provision (provisions Azure resources), and azd deploy (deploys application code). You will see a progress indicator as it provisions and deploys your application.

When azd up is complete it will output the following URLs:

  • Azure Portal link to view resources
  • ToDo Web application frontend
  • ToDo API application

"azd up output"

Click the web application URL to launch the ToDo app. Create a new collection and add some items. This will create monitoring activity in the application that you will be able to see later when you run azd monitor.

NOTE:

  • The azd up command will create Azure resources that will incur costs to your Azure subscription. You can clean up those resources manually via the Azure portal or with the azd down command.
  • You can call azd up as many times as you like to both provision and deploy your solution, but you only need to provide the --template parameter the first time you call it to get the code locally. Subsequent azd up calls do not require the template parameter. If you do provide the parameter, all your local source code will be overwritten if you agree to overwrite when prompted.
  • You can always create a new environment with azd env new.

Application Architecture

This application utilizes the following Azure resources:

Here's a high level architecture diagram that illustrates these components. Notice that these are all contained within a single resource group, that will be created for you when you create the resources.

Application architecture diagram

This template provisions resources to an Azure subscription that you will select upon provisioning them. Please refer to the Pricing calculator for Microsoft Azure and, if needed, update the included Azure resource definitions found in infra/main.bicep to suit your needs.

Application Code

The repo is structured to follow the Azure Developer CLI conventions including:

  • Source Code: All application source code is located in the src folder.
  • Infrastructure as Code: All application "infrastructure as code" files are located in the infra folder.
  • Azure Developer Configuration: An azure.yaml file located in the root that ties the application source code to the Azure services defined in your "infrastructure as code" files.
  • GitHub Actions: A sample GitHub action file is located in the .github/workflows folder.
  • VS Code Configuration: All VS Code configuration to run and debug the application is located in the .vscode folder.

Azure Subscription

This template will create infrastructure and deploy code to Azure. If you don't have an Azure Subscription, you can sign up for a free account here. Make sure you have contributor role to the Azure subscription.

Azure Developer CLI - VS Code Extension

The Azure Developer experience includes an Azure Developer CLI VS Code Extension that mirrors all of the Azure Developer CLI commands into the azure.yaml context menu and command palette options. If you are a VS Code user, then we highly recommend installing this extension for the best experience.

Here's how to install it:

VS Code

  1. Click on the "Extensions" tab in VS Code
  2. Search for "Azure Developer CLI" - authored by Microsoft
  3. Click "Install"

Marketplace

  1. Go to the Azure Developer CLI - VS Code Extension page
  2. Click "Install"

Once the extension is installed, you can press F1, and type "Azure Developer CLI" to see all of your available options. You can also right click on your project's azure.yaml file for a list of commands.

Next Steps

At this point, you have a complete application deployed on Azure. But there is much more that the Azure Developer CLI can do. These next steps will introduce you to additional commands that will make creating applications on Azure much easier. Using the Azure Developer CLI, you can setup your pipelines, monitor your application, test and debug locally.

Set up a pipeline using azd pipeline

This template includes a GitHub Actions pipeline configuration file that will deploy your application whenever code is pushed to the main branch. You can find that pipeline file here: .github/workflows.

Setting up this pipeline requires you to give GitHub permission to deploy to Azure on your behalf, which is done via a Service Principal stored in a GitHub secret named AZURE_CREDENTIALS. The azd pipeline config command will automatically create a service principal for you. The command also helps to create a private GitHub repository and pushes code to the newly created repo.

Run the following command to set up a GitHub Action:

azd pipeline config

Support for Azure DevOps Pipelines is coming soon to azd pipeline config. In the meantime, you can follow the instructions found here: .azdo/pipelines/README.md to set it up manually.

Monitor the application using azd monitor

To help with monitoring applications, the Azure Dev CLI provides a monitor command to help you get to the various Application Insights dashboards.

  • Run the following command to open the "Overview" dashboard:

    azd monitor --overview
  • Live Metrics Dashboard

    Run the following command to open the "Live Metrics" dashboard:

    azd monitor --live
  • Logs Dashboard

    Run the following command to open the "Logs" dashboard:

    azd monitor --logs

Run and Debug Locally

The easiest way to run and debug is to leverage the Azure Developer CLI Visual Studio Code Extension. Refer to this walk-through for more details.

Clean up resources

When you are done, you can delete all the Azure resources created with this template by running the following command:

azd down

Enable Additional Features

This template is prepared to use Azure API Management (aka APIM) for backend API protection and observability. APIM supports the complete API lifecycle and abstract backend complexity from API consumers.

To use APIM on this template you just need to set the environment variable with the following command:

azd env set USE_APIM true

And then execute azd up to provision and deploy. No worries if you already did azd up! You can set the USE_APIM environment variable at anytime and then just repeat the azd up command to run the incremental deployment.

Here's the high level architecture diagram when APIM is used:

Application architecture diagram with APIM

The frontend will be configured to make API requests through APIM instead of calling the backend directly, so that the following flow gets executed:

  1. APIM receives the frontend request, applies the configured policy to enable CORS, validates content and limits concurrency. Follow this guide to understand how to customize the policy.
  2. If there are no errors, the request is forwarded to the backend and then the backend response is sent back to the frontend.
  3. APIM emits logs, metrics, and traces for monitoring, reporting, and troubleshooting on every execution. Follow this guide to visualize, query, and take actions on the metrics or logs coming from APIM.

NOTE:

By default, this template uses the Consumption tier that is a lightweight and serverless version of API Management service, billed per execution. Please check the pricing page for more details.

Additional azd commands

The Azure Developer CLI includes many other commands to help with your Azure development experience. You can view these commands at the terminal by running azd help. You can also view the full list of commands on our Azure Developer CLI command page.

Troubleshooting/Known issues

Sometimes, things go awry. If you happen to run into issues, then please review our "Known Issues" page for help. If you continue to have issues, then please file an issue in our main Azure Dev repository.

Security

Roles

This template creates a managed identity for your app inside your Azure Active Directory tenant, and it is used to authenticate your app with Azure and other services that support Azure AD authentication like Key Vault via access policies. You will see principalId referenced in the infrastructure as code files, that refers to the id of the currently logged in Azure Developer CLI user, which will be granted access policies and permissions to run the application locally. To view your managed identity in the Azure Portal, follow these steps.

Key Vault

This template uses Azure Key Vault to securely store your Cosmos DB connection string for the provisioned Cosmos DB account. Key Vault is a cloud service for securely storing and accessing secrets (API keys, passwords, certificates, cryptographic keys) and makes it simple to give other Azure services access to them. As you continue developing your solution, you may add as many secrets to your Key Vault as you require.

Uninstall

To remove the Azure Developer CLI, refer to uninstall Azure Developer CLI.

Reporting Issues and Feedback

If you have any feature requests, issues, or areas for improvement, please file an issue. To keep up-to-date, ask questions, or share suggestions, join our GitHub Discussions. You may also contact us via AzDevTeam@microsoft.com.