Cloud Web App Deployment on Azure

📗 Table of Contents

• 📖 About the Project
  • 🛠 Built With
    • Tech Stack
    • Key Features
  • 🚀 Live Demo
• 💻 Getting Started
  • Prerequisites
  • Setup
  • Provision Infrastructure (Terraform)
  • Configure Services (Ansible)
  • Deployment
• 🔧 Customizing Variables
• ☁️ Remote Terraform State in Azure
• 👥 Authors
• 🔭 Future Features
• 🤝 Contributing
• ⭐️ Show your support
• 🙏 Acknowledgements
• ❓ FAQ
• 📝 License

---

📖 Azure Cloud Web App Deployment

This project automates the provisioning and deployment of a scalable cloud application on Microsoft Azure. It uses Terraform to create infrastructure, and Ansible to configure services like a backend API running on 2 VMs behind a Load Balancer, connected to an Azure MySQL database, along with a frontend deployed on Azure Web App.

Architecture Diagram

(back to top)

## 🛠 Built With

Tech Stack

Infrastructure as Code

• Terraform

Configuration Management

• Ansible

Cloud Platform

• Microsoft Azure

Database

• Azure Database for MySQL

Deployment Targets

• Azure Virtual Machines
• Azure Load Balancer
• Azure App Service (Web App)

Key Features

• 🔧 Automated infrastructure provisioning with Terraform
• 📦 Service configuration and app deployment using Ansible
• 🐘 MySQL database initialized via Ansible using ansible/files/mysql/movie_db.sql
• 🌐 Scalable API on 2 Azure VMs behind a Load Balancer
• 💾 Managed Azure MySQL integration
• 🚀 Web frontend deployed using Azure Web App
• 🔐 Service Principal authentication using Client Secret
• ⚙️ Fully automated deployment workflow with CI/CD integration
• 🏗️ End-to-end Terraform deployment from scratch included in workflow
• 🧹 Automated environment teardown using terraform-destroy.yml
• 💸 Uses Azure Web App F1 Free Tier for cost-effective deployment

Load Balancer API (Backend)

Azure Secrets

App Service

(back to top)

GH Actions Workflow

---

🚀 Live Demo

• Frontend Web App
• API Endpoint (behind Load Balancer)

Movie Analyst main page

Our Movies Critics

Latest Movie Reviews

Our Publication Partners

(back to top)

---

💻 Getting Started

To get a local copy up and running, follow these instructions.

Prerequisites

Most dependencies are installed automatically in the GitHub Actions workflow. However, for local development or debugging, ensure you have the following:

• 🖥️ Azure CLI (az)
• 📦 Terraform ≥ 1.5
• ⚙️ Ansible ≥ 2.15
• 🔐 SSH key pair for accessing virtual machines
• 📦 Node.js ≥ 14 and npm (required for both frontend and backend)
• 📚 zip utility (used to package the frontend app)
• ☁️ Azure Service Principal credentials (used by the workflow):
  • ARM_CLIENT_ID
  • ARM_CLIENT_SECRET
  • ARM_TENANT_ID
  • ARM_SUBSCRIPTION_ID
• 💡 (Optional) GitHub CLI (gh) – useful for managing secrets or manually triggering workflows

🔧 Setup

# Clone this repository
git clone https://github.com/NeckerFree/azure-fullstack-automation.git
cd azure-fullstack-automation

create a file

📦 Provision Infrastructure (Terraform)

Infrastructure provisioning is fully automated and triggered via GitHub Actions on every push or pull request to the master branch.

• Terraform is initialized and executed within the workflow using predefined variables.
• The deployment includes:
  • A MySQL database on Azure
  • A Load Balancer with 2 backend VMs
  • Network and security resources
• The entire infrastructure is provisioned from scratch via terraform.yml.

⚙️ Configure Services (Ansible)

Ansible Jumpbox Configuration

Once the infrastructure is up, Ansible playbooks are automatically triggered within the same CI/CD workflow to:

• Configure the VMs with the required packages
• Deploy the Node.js API to both backend nodes
• Apply application settings
• Validate MySQL schema creation and data population

This configuration is handled through the deploy-api.yml GitHub Actions workflow.

🚢 Deployment

• 🎯 Trigger: Every push or pull request to master kicks off a full deployment pipeline.
• 🌐 API is publicly reachable via the Load Balancer’s IP address.
• 💻 Frontend is deployed to Azure Web App using the F1 Free Tier.
• 🔐 Secure integration between services via environment variables and Azure-managed credentials.
• 🧨 A separate terraform-destroy.yml workflow is available to automatically destroy all infrastructure when needed.

(back to top)

---

🔧 Customizing Variables

You can modify the following variables to adapt the deployment to your needs. These are defined in the Terraform configuration files:

infra/terraform.tfvars:

allowed_ssh_ip        = "xxx.xxx.xxx.xxx/32"         # IP allowed to access VMs via SSH
mysql_user            = "mysqladmin"                # MySQL admin user
mysql_admin_password  = "Sec#reP@ssword123!"        # MySQL admin password

infra\variables.tf:

variable "location" {
  default = "westus2"                               # Azure region to deploy resources
}

variable "admin_username" {
  default = "myadminuser"                                # Admin username for virtual machines
}

variable "lb_api_port" {
  default = 8080                                    # API port exposed by Load Balancer
}

(back to top)

---

☁️ Remote Terraform State in Azure

Terraform uses remote state storage to persist infrastructure state across executions and team members.

This project stores the Terraform state file (terraform.tfstate) securely in an Azure Storage Account using a backend configuration like the following:

terraform {
  backend "azurerm" {
    resource_group_name  = "my-resource-group"
    storage_account_name = "myterraformstate"
    container_name       = "tfstate"
    key                  = "infrastructure.tfstate"
  }
}

(back to top)

---

👥 Authors

👤 Elio Cortés

• GitHub: @NeckerFree
• Twitter: @ElioCortesM
• LinkedIn: elionelsoncortes

(back to top)

---

🔭 Future Features

• Enable autoscaling for the API tier
• Implement managed identity-based DB auth

(back to top)

---

🤝 Contributing

Contributions, issues, and feature requests are welcome!

Feel free to open an issue, or request features.

(back to top)

---

⭐️ Show your support

If you like this project, please ⭐️ the repository and share it with others!

(back to top)

---

🙏 Acknowledgements

• Microsoft Azure documentation
• Ansible Azure Collection contributors
• HashiCorp Terraform Modules
• devops-rampup — Backend & frontend prototype used as base for this project
• EPAM DevOps Campus — Cloud and DevOps learning program
• ChatGPT — Assistance in automation, CI/CD, and documentation
• DeepSeek — Assistance in automation, CI/CD, and documentation

(back to top)

---

❓ FAQ

🔐 Where are secrets like passwords and keys stored?

Secrets are securely stored as GitHub Actions secrets and injected at runtime into the workflows.

🧪 Can I test changes before deploying to Azure?

Yes! You can test locally using terraform plan and ansible-playbook in dry-run mode before committing changes.

🌎 Where is the infrastructure deployed?

By default, all resources are deployed to the westus2 Azure region. You can change this in infra/variables.tf.

🛠 What if I want to destroy all resources?

You can run the terraform-destroy.yml GitHub Actions workflow to safely destroy the provisioned infrastructure.

🐘 How is the database created?

The Azure MySQL database is provisioned with Terraform and initialized using movie_db.sql from Ansible.

🌐 What is the default URL for the frontend?

The frontend is hosted on Azure Web App. The exact URL depends on the generated Azure App Service name. Check the Azure Portal or output logs.

(back to top)

---

📝 License

This project is licensed under the MIT License.

(back to top)