Speed up builds and separating infrastructure (update on becoming an Azure Solution Architect)

It has been a while since I last posted an update on becoming an Azure Solution Architect. When I started this journey in 2020 I didn’t have a lot of hands on experience with Azure. One year later I still feel like I’m learning new things every day. 🙂

Working on a real project helped me a lot in understanding things better and automating the whole setup with Terraform and GitLab was a great experience. I really recommend to think about CI/CD first when starting a new project, altough it isn’t easy.

But it pays off very soon, as you just dont have to care anymore about infrastructure and you can recreate your resources any time. Just run terraform apply when starting to work on the project and run terraform destroy at the end of the coding session to avoid unnecessary costs during development. It is pretty cool watching terraform setting up and tearing down all the resources.

Terraform supports Azure quite well, altough I encountered some limitations. The documentation is really good!

Separating Infrastructure and App Deployment (and sharing data)

One lesson I had to learn (thanks to the guidance from a colleague at work): it is better to separate the cloud infrastructure and the application build and deployment. I may sound tempting to put it all together, but it grows in complexity quite fast. I ended up having two projects with two pipelines:

  • my-project
  • my-project-infra

The infra project contains the terraform declarations and a simple pipeline to run the terraform commands. The client and client secret I provide via GitLab variables. This works very well, but you will typically require some keys, URLs, connection strings or the like when deploying the application. Terraform allows to store and access the required attributes by declaring outputs

output "storage_connection_string" {
  description = "Connection string for storage account"
  value       = azurerm_storage_account.my_storage.primary_connection_string
  sensitive = true

Terraform allows us to access the connection string any time later by invoking terraform commands, as the data is kept together with the state. This is where the concept clicked for me. I use them in the pipeline like so, exporting them via dotenv

  stage: terraform_output
    name: hashicorp/terraform:1.0.8    
      - '/usr/bin/env'
      - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'    
    - terraform init  
    - echo "AZURE_STORAGE_CONNECTION_STRING=$(terraform output --raw storage_connection_string)" >> build.env        
      dotenv: build.env
    - master

When deploying the web app, I could then just access the connection string. For me this was not very intuitive, I think tools could support such use cases better, unless I’m just doing it wrong. 🙂 Happy to hear about better ways. But essentially this is the way I could access the connetion string as an environment variable in a later stage, using a different image.

  stage: deploy
  image: mcr.microsoft.com/azure-functions/node:3.0-node14-core-tools	
   - az storage blob delete-batch --connection-string $AZURE_STORAGE_CONNECTION_STRING -s "\$web"
   - az storage blob upload-batch --connection-string $AZURE_STORAGE_CONNECTION_STRING -d "\$web" -s ./dist/my-app
      - master        
    - terraform_output
    - build-web

Optimize the build

A downside of the way we are building software today: there is no built in incremental build support. At least my pipelines tend to be quite slow without optimization and proper caching and it takes minutes to build and redeploy everything, even if the project is rather simple. So, knowing which parts of the build you can cache can save you a lot of time and money, but it may also not be super intuitive.

That’s why I would like to share one pattern that I use for my Angular applications (and it should work for any node / npm based project).

Who doesn’t get sleepy waiting for npm to install all the project dependencies?

I have split up the job into two parts to only run npm install when really required, i.e. when something in the package-lock.json changes – and then cache the result for the next stage (and subsequent runs).

  stage: install_dependencies
  image: node:14-alpine
      - ./node_modules/
    - npm ci
      - ./package-lock.json

only/changes will ensure the job only runs if the package-lock.json has been changed, for example when you add or upgrade a dependency.

The cache configuration then keeps the node_modules handy for the next job or stage:

  stage: build
  image: node:14-alpine
      - ./node_modules
    policy: pull-push 
    - npm install -g @angular/cli
    - ng build
      - ./dist/my-app

Have fun speeding up your pipelines!

Moving youcode.ch to Azure – DNS configuration update

The CNAME record for the subdomain www.youcode.ch works like a charm. I was able to add the domain and the site is reachable.

The validation via TXT record worked as well, but I don’t know how I can configure the DNS record. I had to contact the support team. Worst case I have to switch to another DNS server (e.g. Azure DNS).

Moving youcode.ch to Azure

Since a few years I have this idea of youcode.ch. I never invested a lot into this side project after buying some WordPress theme and paying for the domain. I like WordPress for simple websites, but I never got warm with it for more complex stuff.

Anyhow the website stopped working and appearantly WordPress is pretty resource hungry and the company where I host my stuff suggested to go for another offering, which of course is more expensive. 🙂

Therefore, I decided to give it another try and move youcode.ch over to Azure.

In essence I want to host a static web app (Angular, custom domain) and add some magic using Azure functions (which may connect to other services like storage to read/write some data).

So the first thing to do is: setup a static web app and configure the custom domain.

Create Static Web App

Best watch my YouTube video on this topic. I followed the same steps for youcode.ch.

  1. Create a new ng app
  2. Setup Azure Static Webapp in VSC

I amable to access my brand new web app, but the domain isnot yet what I want. So let’s configure a custom domain.

Custom Domain

I already own youcode.ch – or at least I pay for it. So let’s see how simple we can get this configured! To do this, we first need to go to the Azure portal and open the static web app resource. Clicking on the custom domains will show us all registered domains.

Hitting the “add” button will open up a sidebar. Where we are guided through the necessairy steps.

Let’s go for the TXT record type, as this will allow me to add the root domain youcode.ch (and not the subdomain www.youcode.ch). On my hosting provider it is pretty simple to add this record.

Every provider has its own ways to deal with DNS configuration. You can find a lot of useful information here:
Set up a custom domain in Azure Static Web Apps | Microsoft Docs

Now I have to wait a few hours, and I’m not sure it will work as expected as I haven’t seen a way to add ALIAS records at first sight. But let’s see!

Getting Started With Azure App Services (and learning how to edit videos for YouTube)

I was playing around with Azure App Services and Visual Studio Code recently and I think this is a great service to get something up and running quickly – basically diving into the code right away. Let’s see if we can do everything just from within Visual Studio Code!

I never considered to become a Youtuber – but why not give it a shot, therefore this will be my first personal Youtube video. 🙂

What I used to record:

  • My laptop with all the development software installed
    • Visual Studio Code with some Plugins
      • Java Extension Pack
      • Spring Boot Extension Pack
    • JDK 14
    • Maven
  • OBS Studio for screen recording
  • Blender for video editing

Don’t expect anything professional, but somehow you have to get started, right?


It is pretty simple to deploy a Spring Boot application to Azure. But you need to follow some steps to be successful. I think the process could be simplified a bit: why can’t I just upload a jar file and Azure applies some meaningful defaults? What I tried first is to create the app service upfront using the VSC plugin and then just deploy the Jar – but this was not successful – I guess I would need to provide the web.config manually.

The YouTube video took much more time. It is not easy and actually a lot of work. But I learned a new things and I’m sure I can be much more productive by practicing more.

  • The software I used is pretty overloaded for a beginner, I had no idea where to look at or which buttons I had to click. Specifically Blender is very feature rich. The most important feature was to cut the video into smaller peaces so that I could remove unwanted content.
  • I think I recorded the video about 5 times. At the beginning I started over again when I made a mistake, but I soon realized that it is impossible to do a perfect run at least for me. Therefore I just repeated some steps again during the same recording.
  • Talking to myself felt a bit awkward. This is definitely an area I plan to improve.

Free Subscription Ended (and how to setup cost alerts)

I had quite a lot to do the last couple of weeks and I barely found time to continue my journey to become an Azure Solutions Architect. My free subscription ended and Microsoft asks me kindly to do an upgrade.

Understanding the Costs

I want to understand costs better! I guess this is something everyone wants to know who uses their own credit card. So the first thing I did was to delete all my resources without thinking too much, I had nothing worth keeping.

As the costs for me at the moment are a bit unpredictible I wanted to be sure not to spend too much money. In the costs management of the subscription I stumbled upon cost alerts. Sounds like a good start!

Cost Alerts

Here is a step by step guide on how I created my firt budget with a cost alert.

First we open the subscription. On the left side navigation we will see “Cost alerts”. The view wil be empty, as there are no cost alerts yet, but from there we can create a new budget.

The is empty, as there are no cost alerts yet, but from there we can create a new budget.

This will open the creation form and I think it is quite obvious what we can configure here.

If we scroll down a little bit, we will see a summary of the costs so far. This may help to define a meaningful budget.

On the next page we can now define the actual alerts. I decided to alert me once I spend a small amount of money. The alert should be sent to my email address.


Creating a budget and cost alerts is quite simple. I miss an option to send a test email to see if it passes all spam filters and to get a feeling what information I would get. If Microsoft would take this up, would be a useful extension I believe.

Getting Started with Azure

I’ve already learned quite some stuff about Azure networking on my way to become Azure Solution Architect. Reading is great, but hands on experience is really helpful to strengthen the knowledge. But how to start?

Luckily there is an Azure Free Account. Subscribing to it is very easy and you get a bit of play money. Starting on a fresh subscription makes sense in my view as you can play around with the most basic building blocks easily and it’s not yet polluted with a lot of mysterious stuff that someone else has created.

Altough I already knew about some of the basic concepts it is still great to play around with them to understand better how things relate. So here are a bunch of things I learned after playing around on my fresh subscription for a few hours.

The below may not be 100% accurate. It’s just how I personally understand the concepts after a few hours of usage. So apologies for any misinformaiton.


The Azure portal is the web application that you can use to administrate your Azure resources. Not sure if you can find every option for every little detail, but the most common tasks can be done here (creating VMs, networks, etc.). To get started I think the portal is really good. In practice you would rather use another option (PowerShell, Azure CLI, ARM templates).


Everything starts with a subscription. The subscription is the root building block for which you can have access. If you create the free Azure account they create a subscription for you and add your user as the administrator thereof. Your Azure (or Microsoft AD?) identity lives separately from the subscription, you can get access to one or many subscriptions.

Microsoft bills you based on the subscription, so you could use subscriptions to organize your organization along this dimension (e.g. one subscription per team, per solution, environment, ..). This really depends on your organization.

I’m not sure how flexible you can move resources between subscriptions (or if it is possible at all). I need to try that out later.

Resource Group

Inside a subscription you can manage resource groups. Resource groups are acting as containers for your resources (e.g. they contain your VMs). When you create a resource group you have to specify the location. For me this was not clear at first, but after reading a bit about it: the meta data about the managed resources are stored within the resource group – so you basically decide where this information is stored.


Creating a virtual machine is really simple. You just click through the wizard and you have your VM up and running. A VM is a resource like everything else. I started off creating two Linux virtual machines using the Ubuntu image. Ultimately I want to play around with the networking. But it is quite an experience to create a VM without any hurdles. After a few minutes you can SSH into your VM and do whatever you like.

Step by Step

I guess this article is more like a diary and writing stuff down helps me to describe the concepts in my own words. But I assume the value for the readers is rather limited. So to have something useful here is the step by step instructions.

1. Create a Resource Group

You can create a RG alongside creating a VM. But I decided to create it separately, starting with the subscription.first click on the subscriptions tile to get to your subscription.

List subscriptions

If you are on the home screen of the portal, click on the “subscriptions” title in the top section.

This will lead you to an overview screen where you see all your subscriptions. Here you could also add additional subscriptions. But for now just click on the subscription that was generated for you for the free account.

Which leads you to the details of the subscription. Here you can find a lot of useful information, but for now we want to create two new resource groups inside the subscription. You find the resource groups on the left hand navigation.

This brings you to the overview page for all RG in the selected subscription. Here you can create new RG.

You bascially need to pass a name. The region is relevant for storing the meta-data about the resources managed inside the resource group. So you can still create VMs wherever you like, it is not limiting you later.

2. Create a VM

Now that we have a resource group, we can create resources belonging to the group. Let’s create a Linux VM. Let’s start from the home screen.

Next hit the add button to start the VM creation wizard.

I created a Linux VM with the Ubuntu image and decided to start with a username/password login. To reach the VM from the machine I allow inbound ports via SSH and HTTP .

After hitting the review and create button, everything is validated and if your selections are OK you can hit the create button and your VM is provisioned and after a few minutes ready to use.


  1. you can have access to one or many subscriptions
  2. subscriptions are the level on which you are billed
  3. organization of subscriptions is depending on the organizational structure (e.g. per team, per environment, etc.)
  4. resource groups organize resources logically, whatever that means for you (depends on the organization in your company)
  5. VMs and other resources are bound to a resource group
  6. Creating a VM can be done in a few simple steps going through the wizard
  7. Whenever I wanted to know a bit more about an option it was really simple to find the documentation. The documentation is really good!

Becoming an Azure Solution Architect

I decided to become an Azure Solution Architet. I’m by no means an expert at this stage, but the main reason I’m writing a blog is to write down what I’ve learned.

Why Solution Architect

I haven’t checked out all the other possible certifications in detail, but I felt like this gives me the ability to navigate through the Azure world quite well. Maybe not in all details, but to a level that allows me to design proper solutions and give guidance to other teams.

I you want to know a lot of stuff to a certain level so that you can take decisions, maybe this is also the track for you.

Current Situation

I don’t know much about Azure. But I do have more than 20 years of experience with software development and I know how to build solutions from nothing to production. My hope is that this experience helps me during this journey.

I did the AZ900 fundamentals certification and it was really tough. Altough I got the certificate, the questions where quite difficult for me.

Also, I do have experience with “Cloud”. I was even interviewed 2014 as one of the first cloud providers of online accounting services by the Swiss IT Magazine. But how we thought about “Cloud” back then is nothing compared to the services we have today.


First Steps

First of all we need to take a look what is required to become an Azure Solutions Architect. Microsoft really did a great job with their documentation, and they provide a lot of free online learning material.

Here you can read about the certification and what’s required to get the certification: https://docs.microsoft.com/en-us/learn/certifications/azure-solutions-architect

We need to get two exams: AZ-303 and AZ-304.

First of all I will go through the online training material and try out as many things as possible – and hopefully I find the time to document as much as possible.

Being a top down person I usually try to get an overview of what is around and figure out how things relate and what they are good for. Therefore using mind maps is the technique I personally use a lot, this is how far I got – not that much. Looking forward to learn many new things. 🙂