Source from repo
Azure Cloud Migrate

GitHub Copilot for Azure plugin providing Azure service management and development assistance inside Claude Code and IDEs.
microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page
Files
Skill
n/a
Size
177.7 KB
Entrypoint
SKILL.md
Format
git-repo
Open file
references/services/functions/lambda-to-functions.md

Syntax-highlighted preview of this file as included in the skill package.
Rendered Source
markdown267 linesFree
references/services/functions/lambda-to-functions.md
1# AWS Lambda to Azure Functions Migration
2 
3Detailed guidance for migrating AWS Lambda functions to Azure Functions.
4 
5## Overview
6 
7| AWS Service | Azure Equivalent |
8|-------------|------------------|
9| Lambda | Azure Functions |
10| API Gateway | Azure Functions HTTP Trigger / API Management |
11| S3 | Azure Blob Storage |
12| S3 Event | Azure Blob Storage + Event Grid |
13| DynamoDB | Cosmos DB |
14| SQS | Azure Service Bus / Storage Queue |
15| SNS | Azure Event Grid |
16| EventBridge | Azure Event Grid |
17| CloudWatch | Application Insights / Azure Monitor |
18| IAM Roles | Managed Identity + Azure RBAC |
19| CloudFormation / SAM | Bicep / ARM Templates |
20| Rekognition | Azure AI Computer Vision (Image Analysis) |
21 
22## Programming Model Mapping
23 
24| AWS Lambda | Azure Functions |
25|------------|-----------------|
26| `exports.handler` | `app.http()`, `app.storageBlob()`, etc. (v4) |
27| `event` object | `request` / `blob` / trigger-specific param |
28| `context` object | `context` (InvocationContext) |
29| `callback` | Return value |
30| `function.json` (v1-v3) | Inline bindings in code (v4 JS, v2 Python) |
31 
32## Trigger Mapping
33 
34| AWS Trigger | Azure Trigger | Notes |
35|-------------|---------------|-------|
36| API Gateway (REST/HTTP) | `app.http()` | Direct equivalent |
37| S3 Event | `app.storageBlob()` | Use `source: 'EventGrid'` for reliability |
38| SQS | `app.storageQueue()` or `app.serviceBusQueue()` | Service Bus for advanced scenarios |
39| SNS | `app.eventGrid()` | Event Grid is push-based |
40| EventBridge | `app.eventGrid()` | Map event patterns to filters |
41| CloudWatch Events (Scheduled) | `app.timer()` | NCRONTAB expressions |
42| DynamoDB Streams | Cosmos DB Change Feed trigger | Via `app.cosmosDB()` |
43 
44## Runtime-Specific Migration Patterns
45 
46For language-specific migration rules, correct/incorrect patterns, and code examples, see the runtime reference for the target language:
47 
48| Runtime | Migration Patterns |
49|---------|-------------------|
50| JavaScript (Node.js v4) | [runtimes/javascript.md — Lambda Migration Rules](runtimes/javascript.md#lambda-migration-rules) |
51| Python (v2) | [runtimes/python.md — Lambda Migration Rules](runtimes/python.md#lambda-migration-rules) |
52| TypeScript (v4) | [runtimes/typescript.md](runtimes/typescript.md) |
53| C# (Isolated Worker) | [runtimes/csharp.md](runtimes/csharp.md) |
54| Java | [runtimes/java.md](runtimes/java.md) |
55| PowerShell | [runtimes/powershell.md](runtimes/powershell.md) |
56 
57## Project Structure
58 
59```
60REQUIRED for Azure Functions:
61src/
62├── app.js (or function_app.py)   # Main entry point
63├── host.json                      # Function host configuration
64├── local.settings.json            # Local development settings
65├── package.json (or requirements.txt)
66├── [helper-modules]               # Business logic
67└── tests/                         # Test files
68 
69❌ NEVER create:
70├── [functionName]/                # No individual function directories
71│   ├── function.json              # No function.json (JS v4, Python v2)
72│   └── index.js
73```
74 
75## Environment Variables
76 
77```
78✅ Use managed identity connections for Azure Functions storage:
79   AzureWebJobsStorage__blobServiceUri
80   AzureWebJobsStorage__queueServiceUri
81   AzureWebJobsStorage__tableServiceUri
82 
83✅ Use specific endpoint variables for other services:
84   COMPUTER_VISION_ENDPOINT
85   STORAGE_ACCOUNT_URL
86   SOURCE_CONTAINER_NAME
87 
88❌ Avoid:
89   CONNECTION_STRING (use managed identity)
90   API_KEY (use managed identity)
91```
92 
93## Reference Links
94 
95- [AWS Lambda vs Azure Functions comparison](https://aka.ms/AWSLambda)
96- [AWS to Azure services comparison](https://learn.microsoft.com/en-us/azure/architecture/aws-professional/)
97- [Supported language runtimes](https://learn.microsoft.com/en-us/azure/azure-functions/supported-languages)
98- [Triggers and bindings overview](https://learn.microsoft.com/en-us/azure/azure-functions/functions-triggers-bindings)
99- [Functions quickstart JS (azd)](https://github.com/Azure-Samples/functions-quickstart-javascript-azd/tree/main/infra)
100- [Functions quickstart .NET Event Grid (azd)](https://github.com/Azure-Samples/functions-quickstart-dotnet-azd-eventgrid-blob/tree/main/infra)
101 
102## Flex Consumption + Blob Trigger with EventGrid Source
103 
104> **⚠️ CRITICAL**: When deploying blob triggers with `source: 'EventGrid'` on Flex Consumption, there are three infrastructure requirements that are NOT automatically handled and will cause silent trigger failures if missed.
105 
106### 1. Always-Ready Instances (Bootstrap Problem)
107 
108On Flex Consumption, trigger groups only start when there's work to do. But the blob extension needs to be running to create the Event Grid subscription that would deliver work — a chicken-and-egg problem.
109 
110**Solution**: Configure `alwaysReady` for the blob trigger group in the function app's `scaleAndConcurrency`:
111 
112```bicep
113// In api.bicep — functionAppConfig section
114scaleAndConcurrency: {
115  alwaysReady: [
116    {
117      name: 'blob'
118      instanceCount: 1
119    }
120  ]
121  instanceMemoryMB: 2048
122  maximumInstanceCount: 100
123}
124```
125 
126Without this, the trigger group never starts → Event Grid subscription never gets created → no events are delivered → function never triggers.
127 
128### 2. Queue Endpoint Required
129 
130The blob extension internally uses Storage Queues for poison-message tracking when `source: 'EventGrid'` is configured. Without the queue endpoint, the function fails to index with:
131 
132```
133Unable to find matching constructor while trying to create an instance of QueueServiceClient.
134Expected: serviceUri. Found: credential, clientId, blobServiceUri
135```
136 
137**Solution**: Always enable the queue endpoint alongside blob when using EventGrid source:
138 
139```bicep
140// In identity-based storage configuration
141AzureWebJobsStorage__blobServiceUri: storageAccount.properties.primaryEndpoints.blob
142AzureWebJobsStorage__queueServiceUri: storageAccount.properties.primaryEndpoints.queue  // REQUIRED for EventGrid source
143AzureWebJobsStorage__credential: 'managedidentity'
144AzureWebJobsStorage__clientId: managedIdentityClientId
145```
146 
147Also assign **Storage Queue Data Contributor** RBAC role to the UAMI.
148 
149### 3. Event Grid Subscription via Bicep (Not CLI)
150 
151Do **NOT** create Event Grid event subscriptions via CLI. The `az eventgrid system-topic event-subscription create` command requires a webhook validation handshake that consistently fails on Flex Consumption with "response code Unknown" (timeout during cold start).
152 
153**Solution**: Deploy the Event Grid system topic and event subscription as Bicep resources. ARM handles the webhook validation internally and reliably:
154 
155```bicep
156// eventGrid.bicep
157resource systemTopic 'Microsoft.EventGrid/systemTopics@2024-06-01-preview' = {
158  name: 'evgt-${storageAccountName}'
159  location: location
160  properties: {
161    source: storageAccount.id
162    topicType: 'Microsoft.Storage.StorageAccounts'
163  }
164}
165 
166resource eventSubscription 'Microsoft.EventGrid/systemTopics/eventSubscriptions@2024-06-01-preview' = {
167  parent: systemTopic
168  name: 'blob-trigger-sub'
169  properties: {
170    destination: {
171      endpointType: 'WebHook'
172      properties: {
173        // ARM resolves system key and handles validation at deployment time
174        endpointUrl: 'https://${functionApp.properties.defaultHostName}/runtime/webhooks/blobs?functionName=${functionName}&code=${listKeys('${functionApp.id}/host/default', '2023-12-01').systemKeys.blobs_extension}'
175      }
176    }
177    filter: {
178      includedEventTypes: [ 'Microsoft.Storage.BlobCreated' ]
179      subjectBeginsWith: '/blobServices/default/containers/${sourceContainerName}/'
180    }
181  }
182}
183```
184 
185**RBAC requirement**: Assign **EventGrid EventSubscription Contributor** role to the UAMI.
186 
187## User Assigned Managed Identity (UAMI) Auth Patterns
188 
189### DefaultAzureCredential with UAMI
190 
191When using UAMI, `DefaultAzureCredential()` without arguments tries SystemAssigned first and fails. Always pass the client ID:
192 
193```javascript
194const { DefaultAzureCredential } = require('@azure/identity');
195 
196const credential = new DefaultAzureCredential({
197  managedIdentityClientId: process.env.AZURE_CLIENT_ID
198});
199```
200 
201Add `AZURE_CLIENT_ID` as an app setting pointing to the UAMI client ID:
202 
203```bicep
204appSettings: {
205  AZURE_CLIENT_ID: managedIdentity.outputs.clientId
206}
207```
208 
209### Identity-Linked Storage Connection
210 
211```bicep
212AzureWebJobsStorage__credential: 'managedidentity'
213AzureWebJobsStorage__clientId: managedIdentityClientId
214AzureWebJobsStorage__blobServiceUri: storageAccount.properties.primaryEndpoints.blob
215AzureWebJobsStorage__queueServiceUri: storageAccount.properties.primaryEndpoints.queue
216```
217 
218### Required RBAC Roles for Face Blur Pattern
219 
220| Role | Scope | Purpose |
221|------|-------|---------|
222| Storage Blob Data Owner | Storage Account | Read source blobs, write destination blobs |
223| Storage Queue Data Contributor | Storage Account | Poison-message queue for blob extension |
224| EventGrid EventSubscription Contributor | Resource Group | Create/manage Event Grid subscriptions |
225| Cognitive Services User | Cognitive Services Account | Call Computer Vision API |
226| Monitoring Metrics Publisher | Application Insights | Emit telemetry |
227 
228## AWS Rekognition → Azure AI Computer Vision
229 
230| AWS | Azure |
231|-----|-------|
232| `@aws-sdk/client-rekognition` | `@azure-rest/ai-vision-image-analysis` |
233| `DetectFaces` | Image Analysis `People` feature |
234| `FaceDetails[].BoundingBox` (relative 0-1) | `peopleResult.values[].boundingBox` (pixel coordinates) |
235 
236> **⚠️ Package version**: `@azure-rest/ai-vision-image-analysis` is still in beta. The `^1.0.0` semver does NOT resolve. Pin explicitly: `"@azure-rest/ai-vision-image-analysis": "1.0.0-beta.3"`
237 
238### Coordinate Conversion
239 
240AWS Rekognition returns relative coordinates (0-1). Azure AI returns pixel coordinates. Convert for consistent face processing:
241 
242```javascript
243const sharp = require('sharp');
244const metadata = await sharp(imageBuffer).metadata();
245 
246const faces = result.body.peopleResult.values.map(person => ({
247  BoundingBox: {
248    Width: person.boundingBox.width / metadata.width,
249    Height: person.boundingBox.height / metadata.height,
250    Left: person.boundingBox.x / metadata.width,
251    Top: person.boundingBox.y / metadata.height
252  }
253}));
254```
255 
256### Auth: Use UAMI (No API Keys)
257 
258```bicep
259// computerVision.bicep
260resource computerVision 'Microsoft.CognitiveServices/accounts@2024-10-01' = {
261  kind: 'ComputerVision'
262  properties: {
263    disableLocalAuth: true  // Enterprise policy compliance — no API keys
264  }
265}
266```
267
Preparing the source view

Azure Cloud Migrate

references/services/functions/lambda-to-functions.md
