Source from repo

Azure Prepare

Prepare applications for Azure deployment by generating infrastructure code, Dockerfiles, and config files.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

164

Skill

n/a

Size

546.6 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/apim.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown213 linesFree

references/apim.md

1# APIM Deployment Guide
2 
3Deploy Azure API Management (APIM) as part of your Azure infrastructure.
4 
5> **For AI Gateway configuration** (policies, backends, semantic caching), use the **azure-aigateway** skill after deployment.
6 
7---
8 
9## When to Deploy APIM
10 
11| Scenario | APIM Tier | Notes |
12|----------|-----------|-------|
13| AI Gateway for model governance | Standard v2 or Premium v2 | Semantic caching requires v2 SKUs |
14| API consolidation | Standard v2 | Single entry point for microservices |
15| MCP tool hosting | Standard v2 | Rate limiting and auth for AI tools |
16| Development / Testing | Developer | Not for production |
17| High-volume production | Premium v2 | Multi-region, higher limits |
18 
19---
20 
21## Quick Deploy (Azure CLI)
22 
23### 1. Create APIM Instance
24 
25```bash
26az apim create \
27  --name <apim-name> \
28  --resource-group <rg> \
29  --location <location> \
30  --publisher-name "<your-org>" \
31  --publisher-email "<[email protected]>" \
32  --sku-name "StandardV2" \
33  --sku-capacity 1
34 
35# ⚠ APIM provisioning takes 30-45 minutes for Standard/Premium tiers
36```
37 
38### 2. Enable Managed Identity
39 
40```bash
41az apim update --name <apim-name> --resource-group <rg> \
42  --set identity.type=SystemAssigned
43```
44 
45### 3. Get Gateway URL
46 
47```bash
48az apim show --name <apim-name> --resource-group <rg> \
49  --query "gatewayUrl" -o tsv
50```
51 
52---
53 
54## Bicep Template
55 
56```bicep
57@description('Name of the API Management instance')
58param apimName string
59 
60@description('Location for the APIM instance')
61param location string = resourceGroup().location
62 
63@description('Publisher organization name')
64param publisherName string
65 
66@description('Publisher email address')
67param publisherEmail string
68 
69@description('SKU name (StandardV2 recommended for AI Gateway)')
70@allowed(['Developer', 'StandardV2', 'PremiumV2'])
71param skuName string = 'StandardV2'
72 
73@description('Number of scale units')
74param skuCapacity int = 1
75 
76resource apim 'Microsoft.ApiManagement/service@2023-09-01-preview' = {
77  name: apimName
78  location: location
79  sku: {
80    name: skuName
81    capacity: skuCapacity
82  }
83  identity: {
84    type: 'SystemAssigned'
85  }
86  properties: {
87    publisherName: publisherName
88    publisherEmail: publisherEmail
89  }
90}
91 
92output apimId string = apim.id
93output gatewayUrl string = apim.properties.gatewayUrl
94output principalId string = apim.identity.principalId
95```
96 
97### With Azure OpenAI Backend (AI Gateway Pattern)
98 
99```bicep
100@description('Name of the Azure OpenAI resource')
101param aoaiName string
102 
103@description('Resource group of the Azure OpenAI resource')
104param aoaiResourceGroup string = resourceGroup().name
105 
106// Reference existing Azure OpenAI
107resource aoai 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' existing = {
108  name: aoaiName
109  scope: resourceGroup(aoaiResourceGroup)
110}
111 
112// APIM Backend pointing to Azure OpenAI
113resource openaiBackend 'Microsoft.ApiManagement/service/backends@2023-09-01-preview' = {
114  parent: apim
115  name: 'openai-backend'
116  properties: {
117    protocol: 'http'
118    url: '${aoai.properties.endpoint}openai'
119    tls: {
120      validateCertificateChain: true
121      validateCertificateName: true
122    }
123  }
124}
125 
126// Grant APIM access to Azure OpenAI
127resource cognitiveServicesUser 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
128  name: guid(apim.id, aoai.id, 'Cognitive Services User')
129  scope: aoai
130  properties: {
131    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908')
132    principalId: apim.identity.principalId
133    principalType: 'ServicePrincipal'
134  }
135}
136```
137 
138---
139 
140## Terraform Module
141 
142```hcl
143resource "azurerm_api_management" "apim" {
144  name                = var.apim_name
145  location            = var.location
146  resource_group_name = var.resource_group_name
147  publisher_name      = var.publisher_name
148  publisher_email     = var.publisher_email
149  sku_name            = "${var.sku_name}_${var.sku_capacity}"
150 
151  identity {
152    type = "SystemAssigned"
153  }
154}
155 
156output "gateway_url" {
157  value = azurerm_api_management.apim.gateway_url
158}
159 
160output "principal_id" {
161  value = azurerm_api_management.apim.identity[0].principal_id
162}
163```
164 
165---
166 
167## Post-Deployment Steps
168 
169After APIM is deployed:
170 
1711. **Configure AI backends** → Use **azure-aigateway** skill
1722. **Import APIs** → `az apim api import` or portal
1733. **Apply policies** → Invoke **azure-aigateway** skill for AI governance policies
1744. **Enable monitoring** → Connect Application Insights
1755. **Secure endpoints** → Configure subscriptions and RBAC
176 
177---
178 
179## SKU Selection Guide
180 
181| Feature | Developer | Standard v2 | Premium v2 |
182|---------|-----------|-------------|------------|
183| GenAI policies | ✅ | ✅ | ✅ |
184| Semantic caching | ❌ | ✅ | ✅ |
185| VNet integration | ❌ | ✅ | ✅ |
186| Multi-region | ❌ | ❌ | ✅ |
187| SLA | None | 99.95% | 99.99% |
188| Scale units | 1 | 1-10 | 1-12 per region |
189| Provisioning time | ~30 min | ~30 min | ~45 min |
190 
191> **Recommendation**: Use **Standard v2** for most AI Gateway scenarios. Use **Premium v2** only for multi-region or high-compliance requirements.
192 
193---
194 
195## Naming Conventions
196 
197| Resource | Pattern | Example |
198|----------|---------|---------|
199| APIM Instance | `apim-<app>-<env>` | `apim-myapp-prod` |
200| API | `<api-name>-api` | `openai-api` |
201| Backend | `<service>-backend` | `openai-backend` |
202| Product | `<tier>-product` | `premium-product` |
203| Subscription | `<consumer>-sub` | `frontend-sub` |
204 
205---
206 
207## References
208 
209- [APIM v2 Overview](https://learn.microsoft.com/azure/api-management/v2-service-tiers-overview)
210- [APIM Bicep Reference](https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service)
211- [APIM Terraform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management)
212- [GenAI Gateway Capabilities](https://learn.microsoft.com/azure/api-management/genai-gateway-capabilities)
213

Loading source

Preparing the source view

Pulling the file list, source metadata, and syntax-aware rendering for this listing.

Marketplace

Source from repo

Azure Prepare

Prepare applications for Azure deployment by generating infrastructure code, Dockerfiles, and config files.

microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page

Files

164

Skill

n/a

Size

546.6 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

references/apim.md

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

markdown213 linesFree

references/apim.md

1# APIM Deployment Guide
2 
3Deploy Azure API Management (APIM) as part of your Azure infrastructure.
4 
5> **For AI Gateway configuration** (policies, backends, semantic caching), use the **azure-aigateway** skill after deployment.
6 
7---
8 
9## When to Deploy APIM
10 
11| Scenario | APIM Tier | Notes |
12|----------|-----------|-------|
13| AI Gateway for model governance | Standard v2 or Premium v2 | Semantic caching requires v2 SKUs |
14| API consolidation | Standard v2 | Single entry point for microservices |
15| MCP tool hosting | Standard v2 | Rate limiting and auth for AI tools |
16| Development / Testing | Developer | Not for production |
17| High-volume production | Premium v2 | Multi-region, higher limits |
18 
19---
20 
21## Quick Deploy (Azure CLI)
22 
23### 1. Create APIM Instance
24 
25```bash
26az apim create \
27  --name <apim-name> \
28  --resource-group <rg> \
29  --location <location> \
30  --publisher-name "<your-org>" \
31  --publisher-email "<[email protected]>" \
32  --sku-name "StandardV2" \
33  --sku-capacity 1
34 
35# ⚠ APIM provisioning takes 30-45 minutes for Standard/Premium tiers
36```
37 
38### 2. Enable Managed Identity
39 
40```bash
41az apim update --name <apim-name> --resource-group <rg> \
42  --set identity.type=SystemAssigned
43```
44 
45### 3. Get Gateway URL
46 
47```bash
48az apim show --name <apim-name> --resource-group <rg> \
49  --query "gatewayUrl" -o tsv
50```
51 
52---
53 
54## Bicep Template
55 
56```bicep
57@description('Name of the API Management instance')
58param apimName string
59 
60@description('Location for the APIM instance')
61param location string = resourceGroup().location
62 
63@description('Publisher organization name')
64param publisherName string
65 
66@description('Publisher email address')
67param publisherEmail string
68 
69@description('SKU name (StandardV2 recommended for AI Gateway)')
70@allowed(['Developer', 'StandardV2', 'PremiumV2'])
71param skuName string = 'StandardV2'
72 
73@description('Number of scale units')
74param skuCapacity int = 1
75 
76resource apim 'Microsoft.ApiManagement/service@2023-09-01-preview' = {
77  name: apimName
78  location: location
79  sku: {
80    name: skuName
81    capacity: skuCapacity
82  }
83  identity: {
84    type: 'SystemAssigned'
85  }
86  properties: {
87    publisherName: publisherName
88    publisherEmail: publisherEmail
89  }
90}
91 
92output apimId string = apim.id
93output gatewayUrl string = apim.properties.gatewayUrl
94output principalId string = apim.identity.principalId
95```
96 
97### With Azure OpenAI Backend (AI Gateway Pattern)
98 
99```bicep
100@description('Name of the Azure OpenAI resource')
101param aoaiName string
102 
103@description('Resource group of the Azure OpenAI resource')
104param aoaiResourceGroup string = resourceGroup().name
105 
106// Reference existing Azure OpenAI
107resource aoai 'Microsoft.CognitiveServices/accounts@2024-04-01-preview' existing = {
108  name: aoaiName
109  scope: resourceGroup(aoaiResourceGroup)
110}
111 
112// APIM Backend pointing to Azure OpenAI
113resource openaiBackend 'Microsoft.ApiManagement/service/backends@2023-09-01-preview' = {
114  parent: apim
115  name: 'openai-backend'
116  properties: {
117    protocol: 'http'
118    url: '${aoai.properties.endpoint}openai'
119    tls: {
120      validateCertificateChain: true
121      validateCertificateName: true
122    }
123  }
124}
125 
126// Grant APIM access to Azure OpenAI
127resource cognitiveServicesUser 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
128  name: guid(apim.id, aoai.id, 'Cognitive Services User')
129  scope: aoai
130  properties: {
131    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a97b65f3-24c7-4388-baec-2e87135dc908')
132    principalId: apim.identity.principalId
133    principalType: 'ServicePrincipal'
134  }
135}
136```
137 
138---
139 
140## Terraform Module
141 
142```hcl
143resource "azurerm_api_management" "apim" {
144  name                = var.apim_name
145  location            = var.location
146  resource_group_name = var.resource_group_name
147  publisher_name      = var.publisher_name
148  publisher_email     = var.publisher_email
149  sku_name            = "${var.sku_name}_${var.sku_capacity}"
150 
151  identity {
152    type = "SystemAssigned"
153  }
154}
155 
156output "gateway_url" {
157  value = azurerm_api_management.apim.gateway_url
158}
159 
160output "principal_id" {
161  value = azurerm_api_management.apim.identity[0].principal_id
162}
163```
164 
165---
166 
167## Post-Deployment Steps
168 
169After APIM is deployed:
170 
1711. **Configure AI backends** → Use **azure-aigateway** skill
1722. **Import APIs** → `az apim api import` or portal
1733. **Apply policies** → Invoke **azure-aigateway** skill for AI governance policies
1744. **Enable monitoring** → Connect Application Insights
1755. **Secure endpoints** → Configure subscriptions and RBAC
176 
177---
178 
179## SKU Selection Guide
180 
181| Feature | Developer | Standard v2 | Premium v2 |
182|---------|-----------|-------------|------------|
183| GenAI policies | ✅ | ✅ | ✅ |
184| Semantic caching | ❌ | ✅ | ✅ |
185| VNet integration | ❌ | ✅ | ✅ |
186| Multi-region | ❌ | ❌ | ✅ |
187| SLA | None | 99.95% | 99.99% |
188| Scale units | 1 | 1-10 | 1-12 per region |
189| Provisioning time | ~30 min | ~30 min | ~45 min |
190 
191> **Recommendation**: Use **Standard v2** for most AI Gateway scenarios. Use **Premium v2** only for multi-region or high-compliance requirements.
192 
193---
194 
195## Naming Conventions
196 
197| Resource | Pattern | Example |
198|----------|---------|---------|
199| APIM Instance | `apim-<app>-<env>` | `apim-myapp-prod` |
200| API | `<api-name>-api` | `openai-api` |
201| Backend | `<service>-backend` | `openai-backend` |
202| Product | `<tier>-product` | `premium-product` |
203| Subscription | `<consumer>-sub` | `frontend-sub` |
204 
205---
206 
207## References
208 
209- [APIM v2 Overview](https://learn.microsoft.com/azure/api-management/v2-service-tiers-overview)
210- [APIM Bicep Reference](https://learn.microsoft.com/azure/templates/microsoft.apimanagement/service)
211- [APIM Terraform](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management)
212- [GenAI Gateway Capabilities](https://learn.microsoft.com/azure/api-management/genai-gateway-capabilities)
213