📝 AZ-204 Notes

📑 Table of Contents

Expand

Develop Azure compute solutions (25–30%)
1. Implement containerized solutions
2. Implement Azure Functions
Develop for Azure storage (15–20%)
1. Develop solutions that use Azure Cosmos DB
2. Develop solutions that use Azure Blob Storage
Implement Azure security (20–25%)
1. Implement user authentication and authorization
2. Implement secure Azure solutions

Develop Azure compute solutions (25–30%)

Implement containerized solutions

Implement Azure App Service Web Apps

Implement Azure Functions

🏗️ Implement containerized solutions

Expand

🧪 Lab 05: Deploy compute workloads by using images and containers ↗️

🚢 Publish an image to the Azure Container Registry

Push your first image to your Azure container registry using the Docker CLI ↗️

Create a resource group.
Create a container registry.

# az acr login --name <acrName>
az acr login --name az204-acr-registry

Push image to Azure Container Registry.

# docker push <acrLoginServer>/<nameSpace>/<repoName>:<tag>
docker push az204-acr-registry.azurecr.io/samples/nginx:v1

🖥️ Provision virtual machines in Azure - Deprecated

Create a virtual machine by using the Azure CLI

Create a resource group with the az group create command.
```
az group create --name az204-vm-rg --location westus
```

Create a VM with the az vm create command.

az vm create \
    --resource-group az204-vm-rg \
    --name az204vm \
    --image UbuntuLTS \
    --generate-ssh-keys \
    --admin-username azureuser \
    --public-ip-sku Standard

Create and Manage Windows VMs with Azure PowerShell ↗️

Create a resource group.

New-AzResourceGroup `
  -ResourceGroupName "myResourceGroupVM" `
  -Location "EastUS"

Create a VM

Set the username and password needed for the administrator account on the VM with Get-Credential.
```
$cred = Get-Credential
```

Create the VM with New-AzVM.

New-AzVm `
    -ResourceGroupName "myResourceGroupVM" `
    -Name "myVM" `
    -Location "EastUS" `
    -VirtualNetworkName "myVnet" `
    -SubnetName "mySubnet" `
    -SecurityGroupName "myNetworkSecurityGroup" `
    -PublicIpAddressName "myPublicIpAddress" `
    -Credential $cred

Generate and store SSH keys with the Azure CLI ↗️

az sshkey create --location "westus" --resource-group "myResourceGroup" --name "mySshPublicKeyName"

⚙️ Configure container images for solutions

Build and run a container image by using Azure Container Registry Tasks ↗️

Create a resource group.

az group create --name az204-acr-rg --location westus

Create a container registry.

az acr create --resource-group az204-acr-rg --name az204-acr-registry --sku Basic --location westus

Create a Dockerfile.
Run the az acr build command to perform a quick task (Think docker build, docker push in the cloud).
```
az acr build --image sample/hello-world:v1 --registry az204-acr-registry .
```

📦 Run containers by using Azure Container Instance

Deploy a container instance by using the Azure CLI ↗️

Create a resource group.
You'll provide a DNS name to expose your container to the Internet. Your DNS name must be unique. For learning purposes, run this command from Cloud Shell to create a Bash variable that holds a unique name.
```
DNS_NAME_LABEL=aci-demo-$RANDOM
```

Run the following az container create command to start a container instance.

az container create \
    --resource-group az204-acr-rg \
    --name mycontainer \
    --image mcr.microsoft.com/azuredocs/aci-helloworld \
    --ports 80 \
    --dns-name-label $DNS_NAME_LABEL \
    --location westus

When the az container create command completes, run az container show to check its status.

az container show \
    --resource-group az204-acr-rg \
    --name mycontainer \
    --query "{FQDN:ipAddress.fqdn,ProvisioningState:provisioningState}" \
    --output table

You see your container's fully qualified domain name (FQDN) and its provisioning state. Here's an example.

FQDN                                    ProvisioningState
--------------------------------------  -------------------
aci-demo-0000.westus.azurecontainer.io  Succeeded

Container restart policy ↗️

When you create a container group in Azure Container Instances, you can specify one of three restart policy settings.

Restart policy	Description
Always	Containers in the container group are always restarted. This is the default setting applied when no restart policy is specified at container creation.
Never	Containers in the container group are never restarted. The containers run at most once.
OnFailure	Containers in the container group are restarted only when the process executed in the container fails (when it terminates with a nonzero exit code). The containers are run at least once.

Specify a restart policy

Specify the --restart-policy parameter when you call az container create.

az container create \
    --resource-group az204-acr-rg \
    --name mycontainer \
    --image mycontainerimage \
    --restart-policy OnFailure

Set environment variables in container instances ↗️

az container create \
    --resource-group az204-acr-rg \
    --name mycontainer \
    --image myimage:latest \
    --environment-variables key1=value1 key2=value2

Deploy a container instance in Azure using Azure PowerShell ↗️

Create a resource group.

Create a container.

New-AzContainerGroup `
    -ResourceGroupName "myResourceGroup" `
    -Name "mycontainer" `
    -Image "mcr.microsoft.com/windows/servercore/iis:nanoserver" `
    -OsType "Windows" `
    -DnsNameLabel "aci-demo-win"

Within a few seconds, you should receive a response from Azure. The container's ProvisioningState is initially Creating, but should move to Succeeded within a minute or two. Check the deployment state with the Get-AzContainerGroup cmdlet.

Get-AzContainerGroup -ResourceGroupName myResourceGroup -Name mycontainer

The container's provisioning state, fully qualified domain name (FQDN), and IP address appear in the cmdlet's output.

ResourceGroupName        : myResourceGroup
Id                       : /subscriptions/<Subscription ID>/resourceGroups/myResourceGroup/providers/Microsoft.ContainerInstance/containerGroups/mycontainer
Name                     : mycontainer
Type                     : Microsoft.ContainerInstance/containerGroups
Location                 : eastus
Tags                     :
ProvisioningState        : Creating
Containers               : {mycontainer}
ImageRegistryCredentials :
RestartPolicy            : Always
IpAddress                : 52.226.19.87
DnsNameLabel             : aci-demo-win
Fqdn                     : aci-demo-win.eastus.azurecontainer.io
Ports                    : {80}
OsType                   : Windows
Volumes                  :
State                    : Pending
Events                   : {}

📦 Create solutions by using Azure Container Apps ↗️

Create and deploy a container app using the CLI ↗️

⚡ Implement Azure Functions

Expand

Lab 02: Implement task processing logic by using Azure Functions ↗️

Create and configure an Azure Function App

Create a function in the Azure portal ↗️

From the Azure portal menu or the Home page, select Create a resource.
In the New page, select Compute > Function App.
On the Basics page, use the function app settings as specified in the following table ↗️.
Accept the default options of creating a new storage account on the Storage tab and a new Application Insight instance on the Monitoring tab. You can also choose to use an existing storage account or Application Insights instance.
Select Review + create to review the app configuration you chose, and then select Create to provision and deploy the function app.
Select the Notifications icon in the upper-right corner of the portal and watch for the Deployment succeeded message.
Select Go to resource to view your new function app. You can also select Pin to dashboard. Pinning makes it easier to return to this function app resource from your dashboard.

Next, create a function in the new function app.