Secure Azure App Services + SQL PaaS stack using pulumi

Ref: https://github.com/pulumi/examples/tree/master/azure-py-appservice

Instructions at: https://www.pulumi.com/docs/get-started/

• Install Pulumi

# Install on macos
$ brew install pulumi

# Install on linux
$ curl -fsSL https://get.pulumi.com | sh

# Install on windows
@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; iex ((New-Object System.Net.WebClient).DownloadString('https://get.pulumi.com/install.ps1'))" && SET "PATH=%PATH%;%USERPROFILE%\.pulumi\bin"

• Install Python 3.6 or above

• Program: a collection of files written in your chosen programming language
• Project: a directory containing a program, with metadata, so Pulumi knows how to run it
• Stack: an instance of your project, each often corresponding to a different cloud environment

• For this Project

• For new projects

  • Create via Web App: https://app.pulumi.com/site/new-project

  • Create via CLI

  $ pulumi new

  • Have a Pulumi.yaml in your directory and it will be used to create a new project.

  name: todo # change this name and you will end up with a new stack
  runtime: python
  description: Secure Azure App Services + SQL PaaS stack using pulumi

pulumi login [<url>] [flags]

# Pulumi manages the state, you need PULUMI_ACCESS_TOKEN in the environment variables (or you will be prompted)
# Get it from: https://app.pulumi.com/venura9/settings/tokens
pulumi login

# Enterprise 
pulumi login https://api.pulumi.yourcompany.com

# Local fs
pulumi login file://~
pulumi login --local

#Azure Blob
pulumi login azblob://my-pulumi-state-bucket

Starting point for building web application hosted in Azure App Service.

Provisions Azure SQL Database and Azure Application Insights to be used in combination with App Service.

1. Create a new stack:

   $ pulumi stack init dev

   # if you want the stack to be created at the same time
   $ pulumi stack select dev -c

2. Login to Azure CLI (you will be prompted to do this during deployment if you forget this step):

   $ az login

3. Create a Python virtualenv, activate it, and install dependencies:

   This installs the dependent packages needed for our Pulumi program.

   $ python3 -m venv venv
   $ source venv/bin/activate
   $ pip3 install -r requirements.txt

4. Define SQL Server password (make it complex enough to satisfy Azure policy):

   # generates Pulumi.dev.yaml and adds the vaules, if the file exists with the values you don't need to set the config.
   
   pulumi config set --secret sqlPassword <value>
   pulumi config set sqlUsername <value>
   
   #if the stack is created with `pulumi stack switch dev -c`
   pulumi config set azure:environment public
   pulumi config set azure:location AustraliaEast

5. Run pulumi preview to preview changes (Optional, Good for CI, Pull Requests):

   $ pulumi preview

6. Run pulumi up to preview and deploy changes:

   $ pulumi up
   Previewing changes:
   ...
   
   Performing changes:
   ...
   info: 7 changes performed:
       + 7 resources created
   Update duration: 1m14.59910109s

7. Check the deployed website endpoint:

   $ pulumi stack output endpoint
   https://azpulumi-as0ef47193.azurewebsites.net
   $ curl "$(pulumi stack output endpoint)"

1. Remind kindly that you shouldn't touch the portal @$#%@^#@^@#^
2. Run pulumi refresh
3. Run pulumi preview
4. Fix the diff