This repository encompasses both enterprise architecture guidelines and a reference implementation for deploying Azure App Service solutions in multi-tenant and App Service Environment scenarios. It includes best practices, considerations and deployable artifacts for implementing a common reference architecture.
aka.ms/EnterpriseScale-AppService
The enterprise architecture is broken down into six different design areas, where you can find the links to each at:
| Design Area | Considerations | Recommendations |
|---|---|---|
| Identity and Access Management | Design Considerations | Design Recommendations |
| Network Topology and Connectivity | Design Considerations | Design Recommendations |
| Management and Monitoring | Design Considerations | Design Recommendations |
| Business Continuity and Disaster Recovery | Design Considerations | Design Recommendations |
| Security, Governance, and Compliance | Design Considerations | Design Recommendations |
| Application Automation and DevOps | Design Considerations | Design Recommendations |
In this repo you will find reference implementations with supporting Infrastructure as Code templates. More reference implementations will be added as they become available.
Pick one of the scenarios below to get started on a reference implementation.
For configuring the GitHub Actions pipelines, please refer to the GitHub Actions documentation.
With the selected reference implementation, you can now choose between Bicep or Terraform to deploy the scenario's infrastructure.
- Ensure you are logged in to Azure CLI and have selected the correct subscription.
- Navigate to the Terraform deployment directory (same directory as the
main.tffile). - Familiarize yourself with the deployment files:
main.tf- Contains the Terraform provider configurations for the selected deployment/module. Note thebackend "azurerm" {}block as this configures your Terraform deployment's remote state. Also contains the resource group definitions to host the deployed resources._locals.tf- Contains the local variable declarations as well as custom logic to support naming and tagging conventions across each module.variables.tf- Contains the input variable declarations for the selected deployment/module.outputs.tf- Contains the output variable declarations for the selected deployment/module.- other
.tffiles - Contains groupings of resources for organizational purposes. Parameters/uat.tfvars- Reference input parameter file for the UAT environment.
- Navigate to the Terraform deployment directory (same directory as the
main.tffile). - Run
terraform initto initialize the deployment. - Run
terraform plan -var-file="Parameters/uat.tfvars"to review the deployment plan. - Run
terraform apply -var-file="Parameters/uat.tfvars"to deploy the resources.
GitHub Actions pipelines are located in the .github/workflows directory with templates stored in the .github/actions directory.i
- Create an Azure AD Service Principal for OIDC Authentication
- Reference the following documentation to configure your Azure AD Service Principal: OIDC authentication to Azure.
- Configure your GitHub Actions Secrets
- In your forked repository, navigate to
Settings > Secrets and variables > Actions. - Create the following secrets:
Secret Name Description Example Value AZURE_CLIENT_IDGUID value for the Client ID of the service principal to authenticate with 00000000-0000-0000-0000-000000000000AZURE_SUBSCRIPTION_IDGUID value for the Subscription ID to deploy resources to 00000000-0000-0000-0000-000000000000AZURE_TENANT_IDGUID value for the Tenant ID of the service principal to authenticate with 00000000-0000-0000-0000-000000000000AZURE_TF_STATE_RESOURCE_GROUP_NAMEOptional override value to configure the remote state resource group name rg-terraform-stateAZURE_TF_STATE_STORAGE_ACCOUNT_NAMEOptional override value to configure the remote state storage account name tfstateAZURE_TF_STATE_STORAGE_CONTAINER_NAMEOptional override value to configure the remote state storage container name tfstateACCOUNT_NAMEhttps://dev.azure.com/ORGNAMEORgithub.com/ORGUSERNAMEORnonePATPersonal Access Token for the DevOps VM to leverage on provisioning the pipeline agent asdf1234567
- In your forked repository, navigate to
Looking for developer-focused reference implementation? Check out Reliable Web Patterns for App Service.
Please leverage issues if you have any feedback or request on how we can improve on this repository.
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkId=521839. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
Telemetry collection is on by default.
To opt-out, set the variable enableTelemetry to false in Bicep/ARM file and disable_terraform_partner_id to false on Terraform files.
See more at Contributing
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.