Note: This is currently a work in progress. The project is being developed to demonstrate the deployment of a FastAPI application on Azure App Service with various features and configurations, and is not yet complete nor fully deployable.
A Python FastAPI application that displays environment variables in an HTML table format, deployed as a Linux container on Azure App Service. The application is secured with Azure Entra ID authentication and integrates with Azure Monitor for logging.
This application provides a simple web interface to view all environment variables available to the running container. It includes:
- HTML table display of all environment variables
- Parsing of
FEATURE_FLAGSenvironment variable as a comma-delimited list - Health check endpoint
- Environment-specific logging configuration
- Azure Key Vault integration using Managed Identity
- Azure Monitor integration for logging and monitoring
- Docker and Docker Compose
- Python 3.x (for local development outside of Docker)
- Azure CLI (for deployment)
-
Clone this repository:
git clone <repository-url> cd azure-fastapi-app-service
-
Create a
.envfile for local environment variables:echo "FEATURE_FLAGS=local_dev,debug" > .env
-
Run the application using Docker Compose:
docker-compose up
-
Access the application:
- Development environment: http://localhost:8000
- Staging environment: http://localhost:8001
- Production environment: http://localhost:8002
- Azure subscription
- Azure CLI installed and logged in
- Docker installed
-
Initialize the infrastructure:
make init
-
Deploy to the desired environment:
# For development make deploy-dev # For staging make deploy-staging # For production make deploy-prod
-
To deploy with custom feature flags:
make deploy ENV=<environment> FEATURE_FLAGS="flag1,flag2,flag3"
-
To update dependencies to latest versions:
make update-deps
-
To clean up resources:
make clean
/
├── src/ # Application source code
│ ├── main.py # FastAPI application
│ ├── requirements.txt # Python dependencies
│ └── templates/ # HTML templates
├── infra/ # Bicep templates
│ ├── main.bicep # Main infrastructure template
│ └── modules/ # Modularized Bicep components
├── Dockerfile # Container definition
├── docker-compose.yml # Local development setup
├── Makefile # Deployment automation
├── README.md # This file
└── spec.md # Technical specification
| Variable | Description | Default |
|---|---|---|
FEATURE_FLAGS |
Comma-delimited list of feature flags | "" |
LOG_LEVEL |
Logging level (DEBUG, INFO, WARNING) | Based on environment |
AZURE_KEY_VAULT_URI |
URI of Azure Key Vault | Set by App Service |
APPINSIGHTS_INSTRUMENTATIONKEY |
Azure Application Insights key | Set by App Service |
- Development: DEBUG logging, feature flags: "dev_mode,debug_api"
- Staging: INFO logging, feature flags: "metrics,api_logging"
- Production: WARNING logging, no default feature flags
Authentication is handled by Azure App Service using Entra ID. The Bicep templates configure the App Service to require authentication with specific tenant ID and user role settings.
The application uses the Managed Identity assigned to the App Service to access secrets in Key Vault. No credentials are stored in the application code or configuration.
make help- Display available commandsmake init- Create resource group and ACRmake build- Build Docker containermake push- Push container to ACRmake deploy-infra- Deploy Azure resources with Bicepmake deploy-app- Configure App Service to use the containermake deploy- Full deployment processmake deploy-dev- Deploy to development environmentmake deploy-staging- Deploy to staging environmentmake deploy-prod- Deploy to production environmentmake update-deps- Update dependencies in requirements.txtmake clean- Remove resource group and all resources