Serverless & Edge Computing

Azure Functions Setup

Azure Functions provides serverless compute in the Microsoft ecosystem with deep integration into Azure services, .NET runtime optimization, and Durable Functions for stateful workflows. We set up Azure Functions with proper resource groups, managed identities, Application Insights, Key Vault integration, and deployment pipelines — whether you are running Node.js, Python, C#, or Java.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Infrastructure Setup with Terraform

We provision your Azure Functions infrastructure using Terraform with proper resource naming, tagging, and environment separation.

resource "azurerm_resource_group" "functions" {
  name     = "rg-${var.project}-functions-${var.env}"
  location = var.location
  tags     = var.tags
}

resource "azurerm_storage_account" "functions" {
  name                     = "st${var.project}func${var.env}"
  resource_group_name      = azurerm_resource_group.functions.name
  location                 = azurerm_resource_group.functions.location
  account_tier             = "Standard"
  account_replication_type = "LRS"
  min_tls_version          = "TLS1_2"
}

resource "azurerm_service_plan" "functions" {
  name                = "asp-${var.project}-${var.env}"
  resource_group_name = azurerm_resource_group.functions.name
  location            = azurerm_resource_group.functions.location
  os_type             = "Linux"
  sku_name            = var.env == "production" ? "EP1" : "Y1"  # Premium for prod
}

resource "azurerm_linux_function_app" "main" {
  name                       = "func-${var.project}-${var.env}"
  resource_group_name        = azurerm_resource_group.functions.name
  location                   = azurerm_resource_group.functions.location
  service_plan_id            = azurerm_service_plan.functions.id
  storage_account_name       = azurerm_storage_account.functions.name
  storage_account_access_key = azurerm_storage_account.functions.primary_access_key

  identity {
    type = "SystemAssigned"
  }

  site_config {
    application_insights_connection_string = azurerm_application_insights.main.connection_string
    application_stack {
      node_version = "20"
    }
  }

  app_settings = {
    FUNCTIONS_WORKER_RUNTIME     = "node"
    WEBSITE_NODE_DEFAULT_VERSION = "~20"
    KEY_VAULT_URI                = azurerm_key_vault.main.vault_uri
  }
}

We use Consumption plan (Y1) for development and Premium plan (EP1) for production. Premium eliminates cold starts with pre-warmed instances and enables VNet integration for private resource access.

Managed Identity & Key Vault

Azure Managed Identities eliminate the need for connection strings and secrets in application settings. We configure system-assigned identities with RBAC role assignments.

resource "azurerm_key_vault" "main" {
  name                = "kv-${var.project}-${var.env}"
  resource_group_name = azurerm_resource_group.functions.name
  location            = azurerm_resource_group.functions.location
  tenant_id           = data.azurerm_client_config.current.tenant_id
  sku_name            = "standard"
  
  enable_rbac_authorization = true
}

# Grant Function App access to Key Vault secrets
resource "azurerm_role_assignment" "function_keyvault" {
  scope                = azurerm_key_vault.main.id
  role_definition_name = "Key Vault Secrets User"
  principal_id         = azurerm_linux_function_app.main.identity[0].principal_id
}

# Grant Function App access to Storage Queue
resource "azurerm_role_assignment" "function_storage" {
  scope                = azurerm_storage_account.functions.id
  role_definition_name = "Storage Queue Data Contributor"
  principal_id         = azurerm_linux_function_app.main.identity[0].principal_id
}

# Reference secrets in app settings using Key Vault references
# app_settings = {
#   DATABASE_URL = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault_secret.db_url.id})"
# }

Key Vault references in app settings automatically resolve secrets at runtime. Managed identities authenticate to Azure SQL, Cosmos DB, and Storage without any credentials in your code or configuration.

Application Insights & Monitoring

Application Insights provides distributed tracing, live metrics, and intelligent alerting for Azure Functions. We configure it with custom dashboards and alert rules.

resource "azurerm_application_insights" "main" {
  name                = "ai-${var.project}-${var.env}"
  resource_group_name = azurerm_resource_group.functions.name
  location            = azurerm_resource_group.functions.location
  application_type    = "Node.JS"
  workspace_id        = azurerm_log_analytics_workspace.main.id
  retention_in_days   = 30
}

# Smart detection alert for failure anomalies
resource "azurerm_monitor_smart_detector_alert_rule" "failure" {
  name                = "failure-anomaly-${var.env}"
  resource_group_name = azurerm_resource_group.functions.name
  severity            = "Sev1"
  scope_resource_ids  = [azurerm_application_insights.main.id]
  frequency           = "PT1M"
  detector_type       = "FailureAnomaliesDetector"

  action_group {
    ids = [azurerm_monitor_action_group.ops.id]
  }
}

# Custom KQL query for function performance
# requests
# | where timestamp > ago(1h)
# | summarize
#     count(),
#     avg(duration),
#     percentile(duration, 95),
#     countif(success == false)
#   by name, bin(timestamp, 5m)
# | order by timestamp desc

We create Workbooks with function execution dashboards, dependency maps showing which Azure services each function calls, and failure analysis views. Live Metrics Stream is configured for real-time debugging during incidents.

CI/CD with GitHub Actions

We build deployment pipelines using GitHub Actions with Azure OIDC authentication and slot-based deployments for zero-downtime releases.

name: Deploy Azure Functions
on:
  push:
    branches: [main]

permissions:
  id-token: write
  contents: read

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    environment: production
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: npm }

      - run: npm ci
      - run: npm run build
      - run: npm prune --production

      - uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

      # Deploy to staging slot first
      - uses: azure/functions-action@v1
        with:
          app-name: func-myapp-prod
          slot-name: staging
          package: .

      # Run smoke tests against staging slot
      - run: |
          RESPONSE=$(curl -s -o /dev/null -w '%{http_code}' \
            https://func-myapp-prod-staging.azurewebsites.net/api/health)
          [ "$RESPONSE" = "200" ] || exit 1

      # Swap staging → production
      - run: |
          az functionapp deployment slot swap \
            -g rg-myapp-functions-prod \
            -n func-myapp-prod \
            --slot staging \
            --target-slot production

Slot swaps are instant and reversible. If the new deployment has issues, swapping back takes under 5 seconds. We configure slot-specific app settings so staging and production use different database connections and feature flags.

Why Anubiz Engineering

100% async — no calls, no meetings
Delivered in days, not weeks
Full documentation included
Production-grade from day one
Security-first approach
Post-delivery support included

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a BriefDevOps Implementation Service