Azure PaaS Daily Deep Dive (Day 2)

ROOT ACCESS GUY · Azure PaaS Deep Dive

Learning Azure PaaS — A Daily Deep Dive (Day 2 of 8)

Yesterday we spun up a Web App in minutes. Today we dig into the Azure App Service family — what it includes, when to use each type, and how plans, scaling, networking, and CI/CD fit together.
RootAccessGuy.com Connect on LinkedIn
Series Index
Day 1 — What is PaaS?
Day 2 — Azure App Services
Day 3 — Azure Functions (coming soon)
Day 4 — Azure SQL Database (coming soon)
Day 5 — Azure Kubernetes Service (coming soon)
Day 6 — Logic Apps & Event Grid (coming soon)
Day 7 — App Service Plans & Scaling (coming soon)
Day 8 — Security & Identity in PaaS (coming soon)
These will turn into live buttons as each day publishes.
Day 2

Azure App Services — The Managed Web Platform

Azure App Service hosts web apps, APIs, and mobile backends without you managing servers. Deploy code; Azure handles OS, runtime, patching, and scaling.

Four App Service Types

TypeBest ForNotes
Web Apps Web sites, REST APIs .NET, Node.js, Python, Java, PHP, static sites. Custom domains & TLS.
API Apps REST services OpenAPI/Swagger friendly, easy integration with Logic Apps/Power Platform.
Mobile Apps Mobile backends Push notifications, auth, offline sync features for iOS/Android clients.
WebJobs Background tasks On-demand or scheduled jobs tied to your App Service (think cron).

Core Building Blocks

  • App Service Plan: The compute pool (size, region, tier) your apps run on. Multiple apps can share one plan.
  • Deployment Slots: Create staging and production slots; swap for zero-downtime releases.
  • Scaling: Manual or autoscale by CPU/requests/schedule. Scale up (bigger SKU) or out (more instances).
  • Networking: VNet integration, Private Endpoints, access restrictions for IP locking.
  • Secrets & Identity: Managed Identity + Key Vault for connection strings/credentials.
  • Observability: App Insights for logs, traces, metrics, and distributed tracing.

Pricing Tiers (Quick View)

TierUse CaseHighlights
Free/Shared Trials, learning Limited resources; great for demos and sandboxes.
Basic/Standard Small–medium prod apps Multiple instances, custom domains, SSL, deployment slots (Std+).
Premium High-performance prod Faster hardware, more instances, VNet features, better scaling.
Isolated (ASE v3) Strict isolation/regulatory Runs in your VNet for maximum isolation and scale.
Field Note: Coming from MSP life, I’ve lost nights to IIS patching, expiring certs, and flaky scheduled tasks. App Service killed a lot of that toil: managed TLS, deployment slots for safe releases, and autoscale so I’m not guessing capacity at 2 a.m.

CI/CD — Shipping Without Babysitting

  • Hook up GitHub Actions or Azure DevOps; build & deploy on every push.
  • Use deployment slots for blue-green or canary releases.
  • Keep secrets in Key Vault; apps use Managed Identity to fetch them.

Common Gotchas

  • Plan Sizing: Too small = throttling; too large = wasted spend. Start modest → monitor → right-size.
  • Cold Starts: For always-on workloads, enable “Always On” (non-Free tiers).
  • Networking: Private networking needs the right SKU and setup (VNet integration/Private Endpoint).
  • Logs: Turn on App Insights early; add custom telemetry so prod issues aren’t mysteries.

Hands-On (20 min)

  1. Create a new Web App on a Basic/Standard plan:
    1. In the Azure portal, search for App Services and click Create.
    2. Select your subscription and resource group (or create a new one).
    3. Enter a globally unique name for your app (e.g., my-rag-demo).
    4. Choose Code as publish option, select runtime stack (e.g., .NET, Node.js), and pick region.
    5. Under App Service Plan, create a new plan using Basic/Standard tier.
    6. Review + Create → then hit Create to deploy.
  2. Add a staging deployment slot and deploy there first:
    1. Navigate to your Web App in the Azure portal.
    2. Under Deployment, select Deployment slots.
    3. Click Add Slot, name it staging, and clone settings from production.
    4. Deploy your code to the staging slot first (via GitHub Actions, ZIP deploy, or VS Code).
    5. Verify staging is running correctly.
    6. When ready, use the Swap action to promote staging → production without downtime.
  3. Configure GitHub Actions for Azure App Service:
    1. In your app’s GitHub repo, go to Actions tab → set up a new workflow.
    2. Choose the Azure App Service deploy workflow template.
    3. Add your Azure credentials using GitHub secrets (via AZURE_CREDENTIALS JSON from Azure portal).
    4. Modify the workflow YAML to point at your app name and slot (e.g., staging).
    5. Commit changes → workflow runs and deploys code to staging.
    6. Verify build logs show a successful deploy.

    Sample workflow YAML (scrollable):

    name: Deploy to Azure Web App (staging)

on:
  push:
    branches: [ main ]

permissions:
  contents: read
  id-token: write

env:
  AZURE_WEBAPP_NAME: my-rag-demo
  AZURE_WEBAPP_PACKAGE_PATH: '.'
  SLOT_NAME: 'staging'

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      # Example: Node.js app. Swap for dotnet, python, or java as needed.
      - name: Set up Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install & build
        run: |
          npm ci
          npm run build --if-present

      - name: Azure Login
        uses: azure/login@v2
        with:
          creds: ${{ secrets.AZURE_CREDENTIALS }}

      - name: Deploy to Web App (staging slot)
        uses: azure/webapps-deploy@v3
        with:
          app-name: ${{ env.AZURE_WEBAPP_NAME }}
          slot-name: ${{ env.SLOT_NAME }}
          package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }}

      - name: Logout
        run: az logout

    Tip: For .NET apps, replace the Node steps with actions/setup-dotnet and dotnet publish. For Python, use actions/setup-python and your requirements.txt step.

  4. Skim Azure Application Insights:
    1. In the portal, open your Web App → Application Insights.
    2. Enable if not already active (creates a new resource).
    3. Check Live Metrics Stream for real-time requests and failures.
    4. Use Search to query logs and traces.
    5. Explore charts for server response time, dependency calls, and availability tests.

Extra learning: Explore the official Microsoft Learn module: Introduction to Azure App Service for a guided hands-on lab.

Interview soundbite: “App Service is more than ‘host my site’ — it’s a managed platform with plans, slots, autoscale, VNet options, and built-in CI/CD. I deploy code, monitor with App Insights, and let Azure handle the platform work.”