App Service Template Recipes — REFERENCE ONLY
Composable IaC + source code modules that extend the Web API or Web App base template to support specific Azure service integrations.
Architecture
Base Template (per language/scenario, from AZD gallery)
│
├── Source code (REST API or full-stack web app)
├── IaC (App Service Plan, App Service, App Insights, UAMI, RBAC)
└── AZD config (azure.yaml, parameters)
+ Recipe (per integration)
│
├── Source code delta (service client, middleware, config)
├── IaC delta (new resource + RBAC + networking modules)
└── App settings delta
│
= Complete deployable project → `azd up`Available Recipes
| Recipe | IaC Delta? | Source Delta? | Status |
|---|---|---|---|
| sql | ✅ SQL Server + DB + firewall + RBAC | ✅ EF Core (.NET), SQLAlchemy (Python), Prisma (Node.js) · ⏳ Spring Data JPA (Java): planned | ✅ Available |
| cosmos | ✅ Cosmos account + DB + container + RBAC + PE | ✅ Cosmos SDK (.NET, Python, Node.js) · ⏳ Spring Data Cosmos (Java): planned | ✅ Available |
| auth | ✅ App registration + Easy Auth config | ✅ MSAL / Identity middleware (.NET, Python, Node.js) · ⏳ Spring Security (Java): planned | ✅ Available |
| redis | ✅ Redis cache + RBAC + PE | ✅ Distributed cache client (.NET, Python, Node.js) · ⏳ Spring Session (Java): planned | ✅ Available |
How It Works
Step 1: Fetch Base Template
# Pick template by language + scenario (see selection.md)
azd init -t <template> -e "$ENV_NAME" --no-promptStep 2: Apply Recipe
The skill reads the recipe's README.md for:
- IaC module files to copy into
infra/ - App settings to add to web app configuration
- RBAC roles with exact GUIDs (never generated by LLM)
- Source code to add alongside existing application code
- Networking to add private endpoints (conditional on VNET_ENABLED)
Step 3: Wire Into Base
Bicep: Add module reference in main.bicep, pass appServicePrincipalId Terraform: Copy .tf file into infra/, merge locals into web app settings
Step 4: Deploy
azd env set AZURE_LOCATION eastus2
azd provision --no-prompt
sleep 60
azd deploy --no-promptDesign Principles
| Principle | Why |
|---|---|
| Never synthesize base IaC | Always use proven AZD template repos |
| Never modify base; only extend | Recipes are additive — no risk of breaking core |
| Recipes own their RBAC | Exact role GUIDs, no LLM guessing |
| Managed identity by default | No passwords or connection strings in app settings |
| Health checks required | Every app must expose /health |