Jacob's Azure Lab

About the Lab

Welcome to the technical breakdown! This page details how this lab is architected, the Azure services used, and how everything is tied together using Terraform and CI/CD.

Architecture Overview

• Azure App Service – Hosts the main website frontend
• Azure Blob Storage – Stores static site assets and backend game data
• Azure Functions – Handles serverless backend logic (like high scores)
• Azure Managed Identity – Secure resource access (no secrets in code!)
• Azure DNS – Manages the jacobsazlab.com domain and routing
• GitHub Actions – Automates infrastructure deployment and updates using Terraform

Key Features & Practices

• Fully deployed and managed with Terraform (Infrastructure as Code)
• Managed Identities for secure, passwordless resource access
• Automated CI/CD pipeline: push to main = deploy infrastructure
• Custom domain (jacobsazlab.com) managed by Azure DNS, registrar is squarespace
• Low monthly cost (< $30/month, intentionally overengineered for learning)

Infrastructure Diagrams

Terraform to Azure CI/CD Flow

• Make Terraform changes locally in VSCode on my machine.
• Run terraform plan to review proposed changes and verify syntax.
• My account reaches out to the storage account hosting the Terraform state file for planning.
• Access is managed via RBAC permissions on the storage account.
• Once satisfied with the plan, push changes to my GitHub repo.
• GitHub Actions workflow is triggered, running terraform apply against the Azure environment.
• GitHub Actions uses RBAC permissions (service principal) to deploy/update resources in Azure.

Web Deployment Flow

• Make website .html, .js, .css changes with the help of AI overlords (I don’t know js or html really; I’m a network/systems engineer who just learned terraform and python some).
• Run git add
• Run git commit -m "notes on commit here"
• Run git push
• GitHub Actions uses RBAC permissions (service principal) to deploy/update resources in Azure.
• Website is updated!

More Details

• App Service: Linux B1 subscription, runs the public web site. Secure settings, custom domain, HTTPS enforced.
• Azure Function: Used for backend logic like saving and reading snake game high scores. Uses managed identity to access storage. (still working on this)

Source Code & Infrastructure

All code and Terraform for this project is public: GitHub Repository

What’s Next? I'm going to keep adding diagrams on information flow and keep adding complexity. (logging, pushing azure app data to website, making snake game better, etc)