Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Deploy applications and infrastructure to Azure using Copilot-guided workflows and Azure MCP
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/recipes/azd/post-deployment.md
1# Post-Deployment Steps2Execute critical post-deployment configuration after infrastructure provisioning completes.4> ⚠️ **Run AFTER `azd up` or `azd provision` completes successfully**6## When to Apply8Post-deployment steps are required when your deployment includes:10| Scenario | Required Actions |12|----------|-----------------|13| **ASP.NET Core + Azure SQL + Managed Identity** | Grant managed identity SQL access, apply EF migrations |14| **App Service + Azure SQL + Entra auth** | Grant App Service identity database permissions |15| **Container Apps + SQL Database** | Configure managed identity access, run migrations |16## ASP.NET Core + EF Core + Azure SQL18Complete workflow for apps using Entity Framework with Azure SQL Database.20### Prerequisites22- `azd up` or `azd provision` completed successfully24- App Service or Container App has system-assigned managed identity enabled25- Azure SQL Server configured with Entra ID admin26- EF Core project with migrations27### Step 1: Grant Managed Identity SQL Access29Grant the App Service or Container App's managed identity permissions on the SQL database.31See [SQL Managed Identity Access](sql-managed-identity.md) for detailed SQL scripts and examples.33**Quick Template:**35```bash37# Get the app identity name from azd38eval $(azd env get-values)39APP_NAME=$SERVICE_API_NAME # or SERVICE_WEB_NAME40# Connect as Entra admin and grant permissions42# See sql-managed-identity.md for connection patterns43```44**PowerShell:**46```powershell47# Get the app identity name from azd48azd env get-values | ForEach-Object {49$name, $value = $_.Split('=', 2)50Set-Item "env:$name" $value51}52$AppName = $env:SERVICE_API_NAME # or SERVICE_WEB_NAME53# Connect as Entra admin and grant permissions55# See sql-managed-identity.md for connection patterns56```57### Step 2: Apply EF Core Migrations59Apply Entity Framework migrations to create database schema.61See [EF Core Migrations](ef-migrations.md) for deployment patterns and troubleshooting.63**Quick Options:**65| Method | Command | Use When |67|--------|---------|----------|68| **azd hook** | Add `postprovision` hook in `azure.yaml` | Automated deployments |69| **Manual** | `dotnet ef database update` | One-time or troubleshooting |70| **SQL Script** | `dotnet ef migrations script --idempotent` | Pre-generated scripts |71### Step 3: Verify Deployment73```bash75# Get app endpoint76ENDPOINT=$(azd env get-values | grep SERVICE_.*_URI | cut -d'=' -f2)77# Health check79curl -f "$ENDPOINT/health" || echo "Health check failed"80# Test database connectivity82curl -f "$ENDPOINT/api/test-db" || echo "Database connection failed"83```84**PowerShell:**86```powershell87# Get app endpoint88$Endpoint = azd env get-values | Select-String -Pattern 'SERVICE_.*_URI' |89Select-Object -First 1 | ForEach-Object { ($_ -split '=', 2)[1] }90# Health check92try { Invoke-WebRequest "$Endpoint/health" } catch { Write-Output "Health check failed" }93# Test database connectivity95try { Invoke-WebRequest "$Endpoint/api/test-db" } catch { Write-Output "Database connection failed" }96```97**Expected Result:**99- HTTP 200 from health endpoint100- No SQL authentication errors in logs101- Application starts successfully102## Common Issues104| Error | Cause | Solution |106|-------|-------|----------|107| `Login failed for user '<token-identified principal>'` | Managed identity not granted SQL access | Follow [sql-managed-identity.md](sql-managed-identity.md) |108| `Cannot open database` | Firewall rules block access | Check SQL firewall, ensure "Allow Azure services" enabled |109| `Invalid object name` | Migrations not applied | Run EF migrations per [ef-migrations.md](ef-migrations.md) |110| `No such table` | Schema missing | Apply migrations or check connection string database name |111## Best Practices1131. **Automate with azd hooks** — Add `postprovision` hook to `azure.yaml` for repeatable deployments1152. **Use idempotent scripts** — Generate SQL with `dotnet ef migrations script --idempotent`1163. **Verify incrementally** — Test SQL access, then migrations, then endpoint1174. **Log everything** — Enable verbose logging during initial setup for troubleshooting118## References120- [SQL Managed Identity Access](sql-managed-identity.md)122- [EF Core Migrations](ef-migrations.md)123- [Verification Steps](verify.md)124