README.md

Bicep Deployment

This directory contains the Bicep template and a deployment script for provisioning Azure services in LocalStack for Azure. For further details about the sample application, refer to the Azure Web App with Azure CosmosDB for MongoDB.

Prerequisites

Before deploying this solution, ensure you have the following tools installed:

• LocalStack for Azure: Local Azure cloud emulator for development and testing
• Visual Studio Code: Code editor installed on one of the supported platforms
• Bicep extension: VS Code extension for Bicep language support and IntelliSense
• Docker: Container runtime required for LocalStack
• Azure CLI: Azure command-line interface
• Azlocal CLI: LocalStack Azure CLI wrapper
• Python: Python runtime (version 3.12 or above)
• jq: JSON processor for scripting and parsing command outputs

Installing azlocal CLI

The deploy.sh Bash script uses the azlocal CLI instead of the standard Azure CLI to work with LocalStack. Install it using:

pip install azlocal

For more information, see Get started with the az tool on LocalStack.

Architecture Overview

The deploy.sh script creates the Azure Resource Group for all the Azure resources, while the Bicep modules create the following Azure resources:

1. Azure Virtual Network: Hosts two subnets:
   • app-subnet: Dedicated to regional VNet integration with the Function App.
   • pe-subnet: Used for hosting Azure Private Endpoints.
2. Azure Private DNS Zone: Handles DNS resolution for the CosmosDB for MongoDB Private Endpoint within the virtual network.
3. Azure Private Endpoint: Secures network access to the CosmosDB for MongoDB account via a private IP within the VNet.
4. Azure NAT Gateway: Provides deterministic outbound connectivity for the Web App. Included for completeness; the sample app does not call any external services.
5. Azure Network Security Group: Enforces inbound and outbound traffic rules across the virtual network's subnets.
6. Azure Log Analytics Workspace: Centralizes diagnostic logs and metrics from all resources in the solution.
7. Azure Cosmos DB for MongoDB: A globally distributed database account optimized for MongoDB workloads, with multi-region failover enabled.
8. MongoDB Database: The sampledb database that holds all application data.
9. MongoDB Collection: The activities collection within sampledb, used to store vacation activity records.
10. Azure App Service Plan: The underlying compute tier that hosts the web application.
11. Azure Web App: Runs the Python Flask single-page application (Vacation Planner), connected to CosmosDB for MongoDB via VNet integration.
12. App Service Source Control: (Optional) Configures continuous deployment from a public GitHub repository.

The web app enables users to plan and manage vacation activities, with all data persisted in a CosmosDB-backed MongoDB collection. For more information on the sample application, see Azure Web App with Azure CosmosDB for MongoDB.

Configuration

Before deploying the main.bicep template, update the bicep.bicepparam file with your specific values:

using 'main.bicep'

param prefix = 'local'
param suffix = 'test'
param runtimeName = 'python'
param runtimeVersion = '3.13'
param databaseName = 'sampledb'
param collectionName = 'activities'
param username = 'paolo'
param primaryRegion = 'westeurope'
param secondaryRegion = 'northeurope'

Provisioning Scripts

See deploy.sh for the complete deployment automation. The script performs:

• Detects environment (LocalStack vs Azure Cloud) and uses appropriate CLI
• Creates resource group if it doesn't exist
• Optionally validates the Bicep template
• Optionally runs what-if deployment for preview
• Deploys the main.bicep template with parameters from main.bicepparam
• Extracts deployment outputs (Web App name, CosmosDB details)
• Creates zip package of the Python application
• Deploys the zip to Azure Web App

Deployment

You can set up the Azure emulator by utilizing LocalStack for Azure Docker image. Before starting, ensure you have a valid LOCALSTACK_AUTH_TOKEN to access the Azure emulator. Refer to the Auth Token guide to obtain your Auth Token and specify it in the LOCALSTACK_AUTH_TOKEN environment variable. The Azure Docker image is available on the LocalStack Docker Hub. To pull the Azure Docker image, execute the following command:

docker pull localstack/localstack-azure-alpha

Start the LocalStack Azure emulator using the localstack CLI, execute the following command:

# Set the authentication token
export LOCALSTACK_AUTH_TOKEN=<your_auth_token>

# Start the LocalStack Azure emulator
IMAGE_NAME=localstack/localstack-azure-alpha localstack start -d
localstack wait -t 60

# Route all Azure CLI calls to the LocalStack Azure emulator
azlocal start-interception

Navigate to the bicep folder:

cd samples/web-app-cosmosdb-mongodb-api/python/bicep

Make the script executable:

chmod +x deploy.sh

Run the deployment script:

./deploy.sh

Validation

Once the deployment completes, run the validate.sh script to confirm that all resources were provisioned and configured as expected:

#!/bin/bash

# Variables
PREFIX='local'
SUFFIX='test'
RESOURCE_GROUP_NAME="${PREFIX}-rg"
LOG_ANALYTICS_NAME="${PREFIX}-log-analytics-${SUFFIX}"
WEBAPP_SUBNET_NSG_NAME="${PREFIX}-webapp-subnet-nsg-${SUFFIX}"
PE_SUBNET_NSG_NAME="${PREFIX}-pe-subnet-nsg-${SUFFIX}"
NAT_GATEWAY_NAME="${PREFIX}-nat-gateway-${SUFFIX}"
VIRTUAL_NETWORK_NAME="${PREFIX}-vnet-${SUFFIX}"
PRIVATE_DNS_ZONE_NAME="privatelink.mongo.cosmos.azure.com"
PRIVATE_ENDPOINT_NAME="${PREFIX}-mongodb-pe-${SUFFIX}"
APP_SERVICE_PLAN_NAME="${PREFIX}-app-service-plan-${SUFFIX}"
WEBAPP_NAME="${PREFIX}-webapp-${SUFFIX}"
COSMOSDB_ACCOUNT_NAME="${PREFIX}-mongodb-${SUFFIX}"
MONGODB_DATABASE_NAME="sampledb"
COLLECTION_NAME="activities"
# Check resource group
echo -e "[$RESOURCE_GROUP_NAME] resource group:\n"
az group show \
	--name "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# Check App Service Plan
echo -e "\n[$APP_SERVICE_PLAN_NAME] app service plan:\n"
az appservice plan show \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--name "$APP_SERVICE_PLAN_NAME" \
	--output table \
	--only-show-errors

# Check Azure Web App
echo -e "\n[$WEBAPP_NAME] web app:\n"
az webapp show \
	--name "$WEBAPP_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# Check Azure CosmosDB account
echo -e "\n[$COSMOSDB_ACCOUNT_NAME] cosmosdb account:\n"
az cosmosdb show \
	--name "$COSMOSDB_ACCOUNT_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--query '{Name:name,Location:location,ResourceGroup:resourceGroup,DocumentEndpoint:documentEndpoint}' \
	--output table \
	--only-show-errors

# Check MongoDB database
echo -e "\n[$MONGODB_DATABASE_NAME] mongodb database:\n"
az cosmosdb mongodb database show \
	--name "$MONGODB_DATABASE_NAME" \
	--account-name "$COSMOSDB_ACCOUNT_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--query '{Name:name,ResourceGroup:resourceGroup}' \
	--output table \
	--only-show-errors

# Check MongoDB collection
echo -e "\n[$COLLECTION_NAME] mongodb collection:\n"
az cosmosdb mongodb collection show \
	--name "$COLLECTION_NAME" \
	--database-name "$MONGODB_DATABASE_NAME" \
	--account-name "$COSMOSDB_ACCOUNT_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# Check Log Analytics Workspace
echo -e "\n[$LOG_ANALYTICS_NAME] log analytics workspace:\n"
az monitor log-analytics workspace show \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--workspace-name "$LOG_ANALYTICS_NAME" \
	--query '{Name:name,Location:location,ResourceGroup:resourceGroup}' \
	--output table \
	--only-show-errors

# Check NAT Gateway
echo -e "\n[$NAT_GATEWAY_NAME] nat gateway:\n"
az network nat gateway show \
	--name "$NAT_GATEWAY_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# Check Virtual Network
echo -e "\n[$VIRTUAL_NETWORK_NAME] virtual network:\n"
az network vnet show \
	--name "$VIRTUAL_NETWORK_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# Check Private DNS Zone
echo -e "\n[$PRIVATE_DNS_ZONE_NAME] private dns zone:\n"
az network private-dns zone show \
	--name "$PRIVATE_DNS_ZONE_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--query '{Name:name,ResourceGroup:resourceGroup,RecordSets:recordSets,VirtualNetworkLinks:virtualNetworkLinks}' \
	--output table \
	--only-show-errors

# Check Private Endpoint
echo -e "\n[$PRIVATE_ENDPOINT_NAME] private endpoint:\n"
az network private-endpoint show \
	--name "$PRIVATE_ENDPOINT_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# Check Web App Subnet NSG
echo -e "\n[$WEBAPP_SUBNET_NSG_NAME] network security group:\n"
az network nsg show \
	--name "$WEBAPP_SUBNET_NSG_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# Check Private Endpoint Subnet NSG
echo -e "\n[$PE_SUBNET_NSG_NAME] network security group:\n"
az network nsg show \
	--name "$PE_SUBNET_NSG_NAME" \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

# List resources
echo -e "\n[$RESOURCE_GROUP_NAME] all resources:\n"
az resource list \
	--resource-group "$RESOURCE_GROUP_NAME" \
	--output table \
	--only-show-errors

Cleanup

To destroy all created resources:

# Delete resource group and all contained resources
az group delete --name local-rg --yes --no-wait

# Verify deletion
az group list --output table

This will remove all Azure resources created by the CLI deployment script.

Related Documentation

• Azure Bicep Documentation
• Bicep Language Reference
• LocalStack for Azure Documentation