This terraform example demonstrates how to create a container based Linux App Service with secret management and monitoring.
- Managed identity for authentication instead of credentials
- Key vault references for accessing secrets from App Service
- Email alerts for errors and failed availability checks
- Random suffix for resources requiring globally unique name
For storing container images
- App Service pulls the image from the registry during deployment
- Authentication using managed identity
For storing and accessing secrets
- Access management using access policies
App Service plan & App Service
For hosting the application. App Service is created into the plan. If you have multiple App Services, it is possible to share the same plan among them.
- The application's docker image is deployed from the container registry
- Managed identity for accessing the Key Vault & Container registry
- Deployment slot for high availability deploys
- App service has a lot of settings that can be configured. See all of them here.
User for monitoring, metrics, logs and alerts.
- The application should use Application Insights library (e.g. for Node.js) to instrument the application and integrate it with App Insights
- Includes availability checks from multiple locations
- Email alert for:
- Failed availability checks
- Responses with 5xx response code
- Failed dependencies (e.g. database query or HTTP request fails)
Prerequisites
- Azure account and a service principal
- Resource group
- Terraform Azure Provider set up
module "my_app" {
# Required
resource_group_name = "my-resource-group"
alert_email_address = "[email protected]"
# Optional (with their default values)
name_prefix = "azure-app-example--"
app_service_name = "appservice"
app_insights_app_type = "other"
app_service_plan_tier = "PremiumV2"
app_service_plan_size = "P1v2"
}We can create rest of the resources with terraform apply.
An example of a Node.js application can be found in ./example-app directory.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| resource_group_name | Name of the resource group where the resources are deployed | string | yes | |
| alert_email_address | Email address where alerts are sent | string | yes | |
| name_prefix | Name prefix to use for objects that need to be created (only lowercase alphanumeric characters and hyphens allowed) | string | "azure-app-example--" |
no |
| app_service_name | Name of the app service to be created. Must be globally unique | string | "appservice" |
no |
| app_insights_app_type | Application insights application type | string | "other" |
no |
| app_service_plan_tier | App service plan tier | string | "PremiumV2" |
no |
| app_service_plan_size | App service plan size | string | "P1v2" |
no |