App Configuration & Automated Deployment
Azure App Configuration, feature flags, and IaC with ARM/Bicep β design configuration management and deployment pipelines that enable safe, repeatable releases.
Configuration and deployment design
Configuration is the knobs and dials of your application. Connection strings, feature toggles, environment-specific settings. Azure App Configuration centralises these so you donβt scatter settings across app code, environment variables, and Key Vault.
Deployment automation means your infrastructure and applications are deployed by code (IaC), not by clicking buttons. ARM templates, Bicep, Terraform, and CI/CD pipelines make deployments repeatable, auditable, and safe.
Azure App Configuration
| Feature | Description |
|---|---|
| Key-value store | Centralised settings for all apps and environments |
| Labels | Same key, different values per environment (dev/staging/prod) |
| Feature flags | Toggle features on/off without redeployment |
| Key Vault references | Reference secrets in Key Vault β App Config stores the reference, not the secret |
| Sentinel key | Watch a single key for changes β triggers config refresh in connected apps |
| Snapshots | Point-in-time snapshots of configuration for rollback |
π Marcusβs config design: NovaSaaS uses App Configuration as the single source of truth:
- Labels:
dev,staging,prodβ same keys, environment-specific values - Feature flags: New features rolled out to 10% of tenants, then 50%, then 100%
- Key Vault references: Connection strings stored in Key Vault, referenced from App Config
- Sentinel key:
AppConfig:Versionβ when changed, all apps refresh their configuration
Infrastructure as Code
| Factor | ARM Templates | Bicep | Terraform |
|---|---|---|---|
| Language | JSON (verbose) | DSL (clean, readable) | HCL (HashiCorp) |
| Azure-native | Yes β first-party | Yes β compiles to ARM | No β multi-cloud |
| State management | Azure handles (deployment history) | Azure handles (compiles to ARM) | State file (local/remote) |
| Multi-cloud | No β Azure only | No β Azure only | Yes β AWS, GCP, Azure |
| Modules/reuse | Linked templates (complex) | Modules (simple) | Modules (mature ecosystem) |
| What-if/plan | Yes (what-if) | Yes (what-if) | Yes (plan) |
| Best for | Legacy templates, complex nested deployments | New Azure deployments, ARM migration | Multi-cloud, existing Terraform investment |
Exam tip: Bicep is the recommended Azure IaC tool
Microsoft recommends Bicep for new Azure IaC projects. It compiles to ARM JSON, so thereβs no risk β itβs syntactic sugar over ARM templates. If the exam asks about βAzure-native IaCβ or βinfrastructure as code for Azure,β Bicep is the expected answer unless the scenario mentions multi-cloud (then Terraform).
Deployment patterns
| Pattern | How It Works | Risk | Best For |
|---|---|---|---|
| Blue-Green | Deploy to inactive slot, swap when validated | Low β instant rollback by swapping back | Web apps with App Service deployment slots |
| Canary | Route small % of traffic to new version | Low β limited blast radius | APIs, microservices with traffic splitting |
| Ring-based | Deploy to ring 0 (team) β ring 1 (early adopters) β ring 2 (all) | Lowest β progressive exposure | Large-scale services, multi-tenant SaaS |
| Rolling | Update instances in batches | Medium β mixed versions during rollout | VMSS, AKS rolling updates |
ποΈ Davidβs deployment discipline: CloudPath Advisory requires:
- All infrastructure defined in Bicep β no portal clicking for production
- GitHub Actions pipelines β automated lint β validate β what-if β deploy
- Blue-green deployments for App Service β swap slots after smoke test
- Ring-based for multi-tenant updates β internal users first, then pilot tenants, then all
Knowledge check
π Marcus wants to release a new billing feature to 5% of NovaSaaS tenants first, then gradually expand to all tenants. The feature should be toggleable without redeployment. Which approach should he use?
ποΈ David's government client requires all infrastructure changes to be version-controlled, peer-reviewed, and deployed through an automated pipeline with no manual portal changes. Development, staging, and production must use identical configurations. Which approach should David recommend?
π¬ Video coming soon
Next up: Moving to the cloud β Migration Strategy & Assessment.