README.md

Azure CLI Deployment

This directory includes Bash scripts designed for deploying and testing the sample Web App utilizing the azlocal CLI. Refer to the Azure Web App with Managed Identity guide for details about the sample application.

Prerequisites

Before deploying this solution, ensure you have the following tools installed:

• LocalStack for Azure: Local Azure cloud emulator for development and testing
• Visual Studio Code: Code editor installed on one of the supported platforms
• Docker: Container runtime required for LocalStack
• Azure CLI: Azure command-line interface
• Azlocal CLI: LocalStack Azure CLI wrapper
• Python: Python runtime (version 3.12 or above)
• jq: JSON processor for scripting and parsing command outputs

Installing azlocal CLI

The deploy.sh Bash script uses the azlocal CLI to work with LocalStack. Install it using:

pip install azlocal

For more information, see Get started with the az tool on LocalStack.

Architecture Overview

The deploy.sh Bash script creates the following Azure resources using Azure CLI commands:

1. Azure Storage Account: Provides blob storage for persisting vacation activity data. The web application stores each activity as a JSON blob file in the activities container.
2. Azure App Service Plan: Defines the compute resources (CPU, memory, and scaling options) that host the web application.
3. Azure Web App: Hosts the Python Flask-based Vacation Planner application. The web app uses managed identity to securely access the Azure Storage Account without requiring explicit credentials.
4. Managed Identity: Provides secure, credential-free authentication between the web app and storage account. Supports both system-assigned and user-assigned identity types.
5. Role Assignment: Grants the web app's managed identity the Storage Blob Data Contributor role, enabling read/write access to blob containers.
6. App Service Source Control: (Optional) Enables continuous deployment from a Git repository for automated application updates.

The web app allows users to plan and manage vacation activities, storing all activity data as blob files in the activities containers in the Azure Storage Account. For more information, see Azure Web App with Managed Identity.

Provisioning Scripts

Automation Scripts

This sample provides two bash scripts to streamline the deployment process by automating the provisioning of Azure resources and the sample application:

• user-assigned.sh: Configures the Azure Web App with a user-assigned managed identity
• system-assigned.sh: Configures the Azure Web App with a system-assigned managed identity

See the script files for complete implementation. The scripts perform the following operations:

• Detect environment (LocalStack or Azure Cloud) and select appropriate CLI
• Create resource group if it doesn't exist
• Provision storage account and retrieve access keys and endpoints
• Create blob container for activity data
• Create App Service Plan with Linux runtime
• Create user-assigned managed identity (user-assigned script only)
• Retrieve identity client ID, principal ID, and resource ID
• Create web app with specified Python runtime
• Assign managed identity to web app
• Configure Storage Blob Data Contributor role assignment with retry logic
• Set web app configuration settings (storage URL, container name, client ID)
• Package application code into zip file
• Deploy zip package to Azure Web App
• Clean up temporary artifacts

These scripts eliminate manual configuration steps and enable one-command deployment of the entire infrastructure.

Note

You can use the azlocal CLI as a drop-in replacement for the az CLI to direct all commands to the LocalStack for Azure emulator. Alternatively, run azlocal start-interception to automatically intercept and redirect all az commands to LocalStack. To revert back to the default behavior and send commands to the Azure cloud, run azlocal stop-interception.

Deployment

You can set up the Azure emulator by utilizing LocalStack for Azure Docker image. Before starting, ensure you have a valid LOCALSTACK_AUTH_TOKEN to access the Azure emulator. Refer to the Auth Token guide to obtain your Auth Token and specify it in the LOCALSTACK_AUTH_TOKEN environment variable. The Azure Docker image is available on the LocalStack Docker Hub. To pull the Azure Docker image, execute the following command:

docker pull localstack/localstack-azure-alpha

Start the LocalStack Azure emulator using the localstack CLI, execute the following command:

# Set the authentication token
export LOCALSTACK_AUTH_TOKEN=<your_auth_token>

# Start the LocalStack Azure emulator
IMAGE_NAME=localstack/localstack-azure-alpha localstack start -d
localstack wait -t 60

# Route all Azure CLI calls to the LocalStack Azure emulator
azlocal start-interception

Navigate to the scripts folder:

cd samples/web-app-managed-identity/python/scripts

Make the script executable:

chmod +x deploy.sh

Run the deployment script:

./deploy.sh

Validation

After deployment, you can use the validate.sh script to verify that all resources were created and configured correctly:

#!/bin/bash

# Variables
# Check resource group
az group show \
--name local-rg \
--output table

# List resources
az resource list \
--resource-group local-rg \
--output table

# Check Azure Web App
az webapp show \
--name local-webapp-test \
--resource-group local-rg \
--output table

# Check storage account properties
az storage account show \
  --name localstoragetest \
  --resource-group local-rg \
  --output table

# List storage containers
az storage container list \
  --account-name localstoragetest \
  --output table \
  --only-show-errors

Cleanup

To destroy all created resources:

# Delete resource group and all contained resources
az group delete --name local-rg --yes --no-wait

# Verify deletion
az group list --output table

This will remove all Azure resources created by the CLI deployment script.

Related Documentation

• Azure CLI Documentation
• LocalStack for Azure Documentation