Secure Azure App Services + SQL PaaS stack using pulumi
Ref: https://github.com/pulumi/examples/tree/master/azure-py-appservice
Instructions at: https://www.pulumi.com/docs/get-started/
- Install Pulumi
# Install on macos
$ brew install pulumi
# Install on linux
$ curl -fsSL https://get.pulumi.com | sh
# Install on windows
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://get.pulumi.com/install.ps1'))" && SET "PATH=%PATH%;%USERPROFILE%\.pulumi\bin"
- Install Python 3.6 or above
- Program: a collection of files written in your chosen programming language
- Project: a directory containing a program, with metadata, so Pulumi knows how to run it
- Stack: an instance of your project, each often corresponding to a different cloud environment
- For this Project
-
For new projects
-
Create via Web App: https://app.pulumi.com/site/new-project
-
Create via CLI
$ pulumi new
- Have a
Pulumi.yaml
in your directory and it will be used to create a new project.
name: todo # change this name and you will end up with a new stack runtime: python description: Secure Azure App Services + SQL PaaS stack using pulumi
-
pulumi login [<url>] [flags]
# Pulumi manages the state, you need PULUMI_ACCESS_TOKEN in the environment variables (or you will be prompted)
# Get it from: https://app.pulumi.com/venura9/settings/tokens
pulumi login
# Enterprise
pulumi login https://api.pulumi.yourcompany.com
# Local fs
pulumi login file://~
pulumi login --local
#Azure Blob
pulumi login azblob://my-pulumi-state-bucket
Starting point for building web application hosted in Azure App Service.
Provisions Azure SQL Database and Azure Application Insights to be used in combination with App Service.
-
Create a new stack:
$ pulumi stack init dev
# if you want the stack to be created at the same time $ pulumi stack select dev -c
-
Login to Azure CLI (you will be prompted to do this during deployment if you forget this step):
$ az login
-
Create a Python virtualenv, activate it, and install dependencies:
This installs the dependent packages needed for our Pulumi program.
$ python3 -m venv venv $ source venv/bin/activate $ pip3 install -r requirements.txt
-
Define SQL Server password (make it complex enough to satisfy Azure policy):
# generates Pulumi.dev.yaml and adds the vaules, if the file exists with the values you don't need to set the config. pulumi config set --secret sqlPassword <value> pulumi config set sqlUsername <value> #if the stack is created with `pulumi stack switch dev -c` pulumi config set azure:environment public pulumi config set azure:location AustraliaEast
-
Run
pulumi preview
to preview changes (Optional, Good for CI, Pull Requests):$ pulumi preview
-
Run
pulumi up
to preview and deploy changes:$ pulumi up Previewing changes: ... Performing changes: ... info: 7 changes performed: + 7 resources created Update duration: 1m14.59910109s
-
Check the deployed website endpoint:
$ pulumi stack output endpoint https://azpulumi-as0ef47193.azurewebsites.net $ curl "$(pulumi stack output endpoint)"
- Remind kindly that you shouldn't touch the portal @$#%@^#@^@#^
- Run
pulumi refresh
- Run
pulumi preview
- Fix the diff