From 12335c05b58dc691918b1b541315932a9ce4aa78 Mon Sep 17 00:00:00 2001 From: Paolo Salvatori Date: Wed, 15 Apr 2026 17:03:40 +0200 Subject: [PATCH 1/3] Adds Front Door and Container Instance articles --- .../docs/azure/services/action-group.mdx | 215 +++++++++ .../docs/azure/services/api-management.mdx | 205 +++++++- src/content/docs/azure/services/app.mdx | 11 - .../azure/services/application-insights.mdx | 216 +++++++++ .../docs/azure/services/authorization.mdx | 11 - .../docs/azure/services/autoscale-setting.mdx | 243 ++++++++++ .../services/azure-container-registry.mdx | 11 - .../docs/azure/services/bastion-host.mdx | 290 ++++++++++++ src/content/docs/azure/services/cdn.mdx | 11 - .../azure/services/container-instance.mdx | 353 ++++++++++++++ .../azure/services/container-registry.mdx | 214 ++++++++- src/content/docs/azure/services/cosmos-db.mdx | 357 ++++++++++++++ .../azure/services/data-collection-rules.mdx | 247 ++++++++++ .../azure/services/diagnostic-setting.mdx | 227 +++++++++ .../docs/azure/services/front-door.mdx | 436 ++++++++++++++++++ .../docs/azure/services/functions-app.mdx | 250 ++++++++++ .../docs/azure/services/log-analytics.mdx | 211 +++++++++ .../docs/azure/services/metric-alert.mdx | 258 +++++++++++ src/content/docs/azure/services/monitor.mdx | 1 + .../docs/azure/services/nat-gateway.mdx | 324 +++++++++++++ .../docs/azure/services/network-interface.mdx | 308 +++++++++++++ src/content/docs/azure/services/network.mdx | 11 - .../azure/services/operational-insights.mdx | 11 - .../docs/azure/services/private-dns-zone.mdx | 334 ++++++++++++++ .../docs/azure/services/private-endpoint.mdx | 391 ++++++++++++++++ .../docs/azure/services/public-ip-address.mdx | 206 +++++++++ .../docs/azure/services/public-ip-prefix.mdx | 187 ++++++++ .../docs/azure/services/role-assignment.mdx | 189 ++++++++ .../docs/azure/services/role-definition.mdx | 171 +++++++ .../docs/azure/services/route-table.mdx | 301 ++++++++++++ .../azure/services/scheduled-query-rules.mdx | 249 ++++++++++ src/content/docs/azure/services/sql.mdx | 5 +- src/content/docs/azure/services/tables.mdx | 11 - src/content/docs/azure/services/web-test.mdx | 199 ++++++++ src/content/docs/azure/services/web.mdx | 11 - src/content/docs/azure/services/workbook.mdx | 198 ++++++++ 36 files changed, 6782 insertions(+), 91 deletions(-) create mode 100644 src/content/docs/azure/services/action-group.mdx delete mode 100644 src/content/docs/azure/services/app.mdx create mode 100644 src/content/docs/azure/services/application-insights.mdx delete mode 100644 src/content/docs/azure/services/authorization.mdx create mode 100644 src/content/docs/azure/services/autoscale-setting.mdx delete mode 100644 src/content/docs/azure/services/azure-container-registry.mdx create mode 100644 src/content/docs/azure/services/bastion-host.mdx delete mode 100644 src/content/docs/azure/services/cdn.mdx create mode 100644 src/content/docs/azure/services/container-instance.mdx create mode 100644 src/content/docs/azure/services/cosmos-db.mdx create mode 100644 src/content/docs/azure/services/data-collection-rules.mdx create mode 100644 src/content/docs/azure/services/diagnostic-setting.mdx create mode 100644 src/content/docs/azure/services/front-door.mdx create mode 100644 src/content/docs/azure/services/functions-app.mdx create mode 100644 src/content/docs/azure/services/log-analytics.mdx create mode 100644 src/content/docs/azure/services/metric-alert.mdx create mode 100644 src/content/docs/azure/services/nat-gateway.mdx create mode 100644 src/content/docs/azure/services/network-interface.mdx delete mode 100644 src/content/docs/azure/services/network.mdx delete mode 100644 src/content/docs/azure/services/operational-insights.mdx create mode 100644 src/content/docs/azure/services/private-dns-zone.mdx create mode 100644 src/content/docs/azure/services/private-endpoint.mdx create mode 100644 src/content/docs/azure/services/public-ip-address.mdx create mode 100644 src/content/docs/azure/services/public-ip-prefix.mdx create mode 100644 src/content/docs/azure/services/role-assignment.mdx create mode 100644 src/content/docs/azure/services/role-definition.mdx create mode 100644 src/content/docs/azure/services/route-table.mdx create mode 100644 src/content/docs/azure/services/scheduled-query-rules.mdx delete mode 100644 src/content/docs/azure/services/tables.mdx create mode 100644 src/content/docs/azure/services/web-test.mdx delete mode 100644 src/content/docs/azure/services/web.mdx create mode 100644 src/content/docs/azure/services/workbook.mdx diff --git a/src/content/docs/azure/services/action-group.mdx b/src/content/docs/azure/services/action-group.mdx new file mode 100644 index 00000000..c6b9b7ff --- /dev/null +++ b/src/content/docs/azure/services/action-group.mdx @@ -0,0 +1,215 @@ +--- +title: "Action Group" +description: Get started with Azure Monitor Action Groups on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Action Groups define a collection of notification preferences and actions to execute when an alert fires. +Action Groups are referenced by alert rules such as metric alerts and activity log alerts. +They support a variety of notification channels including email, SMS, voice calls, webhooks, and Azure Functions, making them the central dispatch mechanism for Azure Monitor alerts. For more information, see [Create and manage action groups](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Action Groups. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Action Groups' integration with LocalStack. + +## Getting started + +This guide walks you through creating an Action Group with an email receiver and associating it with an alert. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-monit-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-monit-demo", + "location": "eastus", + "name": "rg-monit-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create an action group + +Create an action group with an email receiver as the notification endpoint: + +```bash +az monitor action-group create \ + --name my-action-group \ + --resource-group rg-monit-demo \ + --short-name myag \ + --action email myemail admin@example.com +``` + +```bash title="Output" +{ + "emailReceivers": [ + { + "emailAddress": "admin@example.com", + "name": "myemail", + "useCommonAlertSchema": false + } + ], + "groupShortName": "myag", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-monit-demo/providers/microsoft.insights/actionGroups/my-action-group", + "name": "my-action-group", + "resourceGroup": "rg-monit-demo", + "type": "Microsoft.Insights/ActionGroups" +... +} +``` + +### Show and list action groups + +Retrieve the details of the action group, then list all action groups in the resource group: + +```bash +az monitor action-group show \ + --name my-action-group \ + --resource-group rg-monit-demo +``` + +```bash title="Output" +{ + "emailReceivers": [ + { + "emailAddress": "admin@example.com", + "name": "myemail", + "useCommonAlertSchema": false + } + ], + "groupShortName": "myag", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-monit-demo/providers/microsoft.insights/actionGroups/my-action-group", + "name": "my-action-group", + "resourceGroup": "rg-monit-demo", + "type": "Microsoft.Insights/ActionGroups" +... +} +``` + + +Then list all action groups in the resource group to confirm it appears: + +```bash +az monitor action-group list \ + --resource-group rg-monit-demo +``` + +```bash title="Output" +[ + { + "emailReceivers": [ + { + "emailAddress": "admin@example.com", + "name": "myemail", + "useCommonAlertSchema": false + } + ], + "groupShortName": "myag", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-monit-demo/providers/microsoft.insights/actionGroups/my-action-group", + "name": "my-action-group", + "resourceGroup": "rg-monit-demo", + "type": "Microsoft.Insights/ActionGroups" + } +] +``` + +### Update an action group + +Update the action group to add a second email receiver: + +```bash +az monitor action-group update \ + --name my-action-group \ + --resource-group rg-monit-demo \ + --add-action email newcontact ops@example.com +``` + +```bash title="Output" +{ + "emailReceivers": [ + { "emailAddress": "admin@example.com", "name": "myemail", "useCommonAlertSchema": false }, + { "emailAddress": "ops@example.com", "name": "newcontact", "useCommonAlertSchema": false } + ], + "groupShortName": "myag", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-monit-demo/providers/microsoft.insights/actionGroups/my-action-group", + "name": "my-action-group", + "resourceGroup": "rg-monit-demo", + "type": "Microsoft.Insights/ActionGroups" +... +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor action-group delete \ + --name my-action-group \ + --resource-group rg-monit-demo +``` + + +Then list all action groups to confirm the resource group is now empty: + +```bash +az monitor action-group list --resource-group rg-monit-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Action group lifecycle:** Create, read, list, update, and delete action groups. +- **Email receivers:** Define one or more email receiver addresses. +- **SMS receivers:** Define SMS receiver phone numbers. +- **Webhook receivers:** Define webhook receiver URLs (stored, not invoked). +- **Azure app push receivers:** Define Azure app push notification receivers. +- **Voice receivers:** Define voice notification receivers. +- **Logic app receivers:** Define Logic App action receivers. +- **Azure function receivers:** Define Azure Function receivers. +- **Event hub receivers:** Define Event Hub receivers. +- **Short name support:** Each action group has a short name (max 12 characters) for SMS and push notifications. + +## Limitations + +- **No notifications sent:** Emails, SMS messages, voice calls, and push notifications are not dispatched when an alert is triggered. +- **No webhook invocation:** Webhook URLs are stored but not called. +- **No Logic App or Azure Function invocation:** Logic App and Azure Function actions are stored but not executed. +- **No test alert simulation:** The `az monitor action-group test` command is not supported. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Creating action groups and referencing them from metric alert rules. + +## API Coverage + + diff --git a/src/content/docs/azure/services/api-management.mdx b/src/content/docs/azure/services/api-management.mdx index 7adb93d7..5fbe7a5f 100644 --- a/src/content/docs/azure/services/api-management.mdx +++ b/src/content/docs/azure/services/api-management.mdx @@ -1,11 +1,214 @@ --- title: "API Management" -description: API coverage for Microsoft.ApiManagement in LocalStack for Azure. +description: Get started with Azure API Management on LocalStack template: doc --- import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; +## Introduction + +Azure API Management (APIM) is a fully managed service for publishing, securing, and analyzing APIs at scale. +It acts as a gateway between clients and backend services, providing features such as rate limiting, policy enforcement, authentication, and developer portal integration. +APIM is commonly used to expose internal services as managed APIs, implement API versioning, and monitor API usage across organizations. For more information, see [What is Azure API Management?](https://learn.microsoft.com/en-us/azure/api-management/api-management-key-concepts). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure API Management. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of API Management's integration with LocalStack. + +## Getting started + +This guide walks you through creating an API Management service, adding an API, and registering a backend. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-apim-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-apim-demo", + "location": "eastus", + "name": "rg-apim-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create an API Management service instance + +Create an API Management instance in the Consumption tier: + +```bash +az apim create \ + --name my-apim \ + --resource-group rg-apim-demo \ + --location eastus \ + --sku-name Consumption \ + --publisher-email admin@example.com \ + --publisher-name "My Organization" +``` + +```bash title="Output" +{ + "gatewayUrl": "https://my-apim.azure-api.net", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-apim-demo/providers/Microsoft.ApiManagement/service/my-apim", + "location": "East US", + "name": "my-apim", + "provisioningState": "Succeeded", + "publisherEmail": "admin@example.com", + "publisherName": "My Organization", + "resourceGroup": "rg-apim-demo", + "sku": { "capacity": 0, "name": "Consumption" }, + "type": "Microsoft.ApiManagement/service", + ... +} +``` + +### Show and list services + +Retrieve the details of the service instance and list all instances in the resource group: + +```bash +az apim show --name my-apim --resource-group rg-apim-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-apim-demo/providers/Microsoft.ApiManagement/service/my-apim", + "location": "East US", + "name": "my-apim", + "provisioningState": "Succeeded", + "publisherEmail": "admin@example.com", + "publisherName": "My Organization", + "resourceGroup": "rg-apim-demo", + "sku": { "capacity": 0, "name": "Consumption" }, + "type": "Microsoft.ApiManagement/service" +... +} +``` + + +Then list all API Management services in the resource group: + +```bash +az apim list --resource-group rg-apim-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-apim-demo/providers/Microsoft.ApiManagement/service/my-apim", + "name": "my-apim", + "provisioningState": "Succeeded", + "resourceGroup": "rg-apim-demo", + "sku": { "capacity": 0, "name": "Consumption" }, + "type": "Microsoft.ApiManagement/service" + } +] +``` + +### Check service name availability + +Check whether the service name is globally available before creating: + +```bash +az apim check-name --name my-apim +``` + +```bash title="Output" +{ + "message": "", + "nameAvailable": true, + "reason": "Valid" +} +``` + +### Create an API + +Use the REST API or Azure SDK directly to create an API definition within the service: + +```bash +az rest --method PUT \ + --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/rg-apim-demo/providers/Microsoft.ApiManagement/service/my-apim/apis/my-api?api-version=2022-08-01" \ + --body '{ + "properties": { + "displayName": "My API", + "path": "myapi", + "protocols": ["https"], + "serviceUrl": "https://backend.example.com" + } + }' +``` + +### Create an API gateway + +Create an API gateway resource within the service instance using the REST API: + +```bash +az rest --method PUT \ + --url "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/rg-apim-demo/providers/Microsoft.ApiManagement/gateways/my-gateway?api-version=2022-08-01" \ + --body '{ + "location": "eastus", + "properties": { + "description": "Local test gateway" + } + }' +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az apim delete --name my-apim --resource-group rg-apim-demo --yes +az apim list --resource-group rg-apim-demo +``` + +## Features + +- **Full CRUD lifecycle:** Create, read, update, and delete APIM service instances. +- **API management:** Create, read, and delete API definitions within a service. +- **API operations:** Register and retrieve API operation definitions. +- **Backend management:** Define and manage backend service configurations. +- **API gateway management:** Create and manage self-hosted API gateways. +- **API policies:** Attach XML policy documents to APIs (stored but not evaluated). +- **Name availability check:** Validate service name uniqueness via the `checkNameAvailability` action. +- **Service listing:** List all APIM services in a subscription or resource group. + +## Limitations + +- **No gateway proxy:** Incoming API calls are not proxied through LocalStack. The APIM gateway does not process requests, apply policies, or forward traffic to backends. +- **No policy evaluation:** Inbound, outbound, and error policies are stored in the ARM model but are not executed. +- **No developer portal:** The APIM developer portal and its OAuth/subscription flows are not emulated. +- **No subscription keys:** API subscriptions and key-based authentication are not enforced. +- **No rate limiting or quotas:** Throttling, quota, and cache policies have no effect. +- **Consumption plan only for creation:** SKU differences between Developer, Basic, Standard, Premium, and Consumption tiers are not emulated. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Creating an API Management service and registering API definitions. +- Defining backends and associating them with API operations. + ## API Coverage diff --git a/src/content/docs/azure/services/app.mdx b/src/content/docs/azure/services/app.mdx deleted file mode 100644 index 62d23ec6..00000000 --- a/src/content/docs/azure/services/app.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "App" -description: API coverage for Microsoft.App in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/application-insights.mdx b/src/content/docs/azure/services/application-insights.mdx new file mode 100644 index 00000000..f1fc3d65 --- /dev/null +++ b/src/content/docs/azure/services/application-insights.mdx @@ -0,0 +1,216 @@ +--- +title: "Application Insights" +description: Get started with Azure Application Insights on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Application Insights is an application performance management (APM) service for monitoring live applications. +It automatically collects request rates, response times, failure rates, and dependency traces, surfacing them in a unified monitoring experience. +Application Insights is commonly used to diagnose production issues, track custom business metrics, and set up availability alerts for distributed applications. For more information, see [What is Application Insights?](https://learn.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Application Insights. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Application Insights' integration with LocalStack. + +## Getting started + +This guide walks you through creating an Application Insights component and retrieving its instrumentation key. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-insights-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-insights-demo", + "location": "eastus", + "name": "rg-insights-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create an Application Insights component + +Create an Application Insights component linked to a Log Analytics workspace: + +```bash +az monitor app-insights component create \ + --app my-app-insights \ + --resource-group rg-insights-demo \ + --location eastus \ + --kind web \ + --application-type web +``` + +```bash title="Output" +{ + "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "connectionString": "InstrumentationKey=xxxxxxxx-...;IngestionEndpoint=https://eastus.in.applicationinsights.azure.com/;...", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-insights-demo/providers/microsoft.insights/components/my-app-insights", + "instrumentationKey": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "kind": "web", + "location": "eastus", + "name": "my-app-insights", + "provisioningState": "Succeeded", + "resourceGroup": "rg-insights-demo", + "type": "microsoft.insights/components" +... +} +``` + +### Show and list components + +Retrieve the details of the component and list all components in the resource group: + +```bash +az monitor app-insights component show \ + --app my-app-insights \ + --resource-group rg-insights-demo +``` + +```bash title="Output" +{ + "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-insights-demo/providers/microsoft.insights/components/my-app-insights", + "instrumentationKey": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "kind": "web", + "name": "my-app-insights", + "provisioningState": "Succeeded", + "resourceGroup": "rg-insights-demo", + "type": "microsoft.insights/components" +... +} +``` + + +Then list all Application Insights components in the resource group: + + +Then list all components to confirm the resource group is now empty: + +```bash +az monitor app-insights component list \ + --resource-group rg-insights-demo +``` + +### Retrieve billing features + +Retrieve the current billing features and daily data volume cap for the component: + +```bash +az monitor app-insights component billing show \ + --app my-app-insights \ + --resource-group rg-insights-demo +``` + +```bash title="Output" +{ + "currentBillingFeatures": ["Basic"], + "dataVolumeCap": { + "cap": 100.0, + "maxHistoryCap": 1000.0, + "resetTime": 0, + "warningThreshold": 90 + } +} +``` + +### Update billing features + +Update the daily data volume cap to limit ingestion costs: + +```bash +az monitor app-insights component billing update \ + --app my-app-insights \ + --resource-group rg-insights-demo \ + --cap 100 +``` + +```bash title="Output" +{ + "currentBillingFeatures": ["Basic"], + "dataVolumeCap": { + "cap": 100.0, + "maxHistoryCap": 1000.0, + "resetTime": 0, + "warningThreshold": 90 + } +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor app-insights component delete \ + --app my-app-insights \ + --resource-group rg-insights-demo \ + --yes +``` + + +Then list all Application Insights components in the resource group: + + +Then list all components to confirm the resource group is now empty: + +```bash +az monitor app-insights component list \ + --resource-group rg-insights-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Component lifecycle:** Create, read, list, and delete Application Insights components. +- **Instrumentation key generation:** Each component is assigned an instrumentation key returned on creation. +- **App ID assignment:** Each component is assigned a unique application ID. +- **Billing feature configuration:** Get and update billing features such as data caps. +- **Application type support:** Accept `web`, `other`, `ios`, `java`, `phone`, `store`, and `Node.JS` application types. +- **Kind field support:** Accept `web`, `ios`, `phone`, `store`, `java`, and `other` kind values. + +## Limitations + +- **No telemetry ingestion:** The Application Insights SDK endpoint (`/v2/track`) is not emulated. Telemetry sent from instrumented applications is not stored or queryable. +- **No Live Metrics stream:** The Live Metrics (QuickPulse) endpoint is not emulated. +- **No Logs (KQL) queries:** Running KQL queries via `az monitor app-insights query` is not supported. +- **No transaction search:** Individual telemetry records are not stored or searchable. +- **No availability tests via this resource:** Availability tests are managed as a separate `web-test` resource type. +- **No continuous export:** Continuous export to Storage is not supported. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Creating an Application Insights component and configuring it as a dependency of a Function App. + +## API Coverage + + diff --git a/src/content/docs/azure/services/authorization.mdx b/src/content/docs/azure/services/authorization.mdx deleted file mode 100644 index d61a8c5e..00000000 --- a/src/content/docs/azure/services/authorization.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Authorization" -description: API coverage for Microsoft.Authorization in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/autoscale-setting.mdx b/src/content/docs/azure/services/autoscale-setting.mdx new file mode 100644 index 00000000..673f66ae --- /dev/null +++ b/src/content/docs/azure/services/autoscale-setting.mdx @@ -0,0 +1,243 @@ +--- +title: "Autoscale Setting" +description: Get started with Azure Monitor Autoscale Settings on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Autoscale Settings manage automatic scaling of compute resources based on schedule or metric-driven rules. +Autoscale settings can target Virtual Machine Scale Sets, App Service plans, and other scalable resources. +They are commonly used to adjust capacity in response to traffic patterns, reducing costs during off-peak periods while maintaining performance under load. For more information, see [Overview of autoscale in Azure](https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Autoscale Settings. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Autoscale Settings' integration with LocalStack. + +## Getting started + +This guide walks you through creating an autoscale setting targeting an App Service plan. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-autoscale-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-autoscale-demo", + "location": "eastus", + "name": "rg-autoscale-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create an App Service plan + +Create an App Service plan to use as the autoscale target: + +```bash +az appservice plan create \ + --name my-plan \ + --resource-group rg-autoscale-demo \ + --sku S1 \ + --is-linux +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-autoscale-demo/providers/Microsoft.Web/serverfarms/my-plan", + "kind": "linux", + "location": "eastus", + "name": "my-plan", + "resourceGroup": "rg-autoscale-demo", + "sku": { "capacity": 1, "name": "B1", "tier": "Basic" }, + "type": "Microsoft.Web/serverfarms" +... +} +``` + +### Create an autoscale setting + +Create an autoscale setting linked to the App Service plan: + +```bash +az monitor autoscale create \ + --name my-autoscale \ + --resource-group rg-autoscale-demo \ + --resource my-plan \ + --resource-type Microsoft.Web/serverfarms \ + --min-count 1 \ + --max-count 5 \ + --count 2 +``` + +```bash title="Output" +{ + "enabled": true, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-autoscale-demo/providers/microsoft.insights/autoscalesettings/my-autoscale", + "name": "my-autoscale", + "profiles": [ + { + "capacity": { "default": "2", "maximum": "5", "minimum": "1" }, + "name": "default", + "rules": [] + } + ], + "resourceGroup": "rg-autoscale-demo", + "targetResourceUri": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-autoscale-demo/providers/Microsoft.Web/serverfarms/my-plan", + "type": "Microsoft.Insights/autoscaleSettings" +... +} +``` + +### Add a scale-out rule + +Add a scale-out rule that increases the instance count when average CPU usage rises above 70%: + +```bash +az monitor autoscale rule create \ + --autoscale-name my-autoscale \ + --resource-group rg-autoscale-demo \ + --scale out 1 \ + --condition "CpuPercentage > 70 avg 5m" +``` + +```bash title="Output" +{ + "metricTrigger": { + "metricName": "CpuPercentage", + "operator": "GreaterThan", + "statistic": "Average", + "threshold": 70.0, + "timeAggregation": "Average", + "timeGrain": "PT1M", + "timeWindow": "PT5M" + }, + "scaleAction": { + "cooldown": "PT5M", + "direction": "Increase", + "type": "ChangeCount", + "value": "1" + } +} +``` + +### Show and list autoscale settings + +Retrieve the details of the autoscale setting and list all settings in the resource group: + +```bash +az monitor autoscale show \ + --name my-autoscale \ + --resource-group rg-autoscale-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-autoscale-demo/providers/microsoft.insights/autoscalesettings/my-autoscale", + "name": "my-autoscale", + "profiles": [ + { + "capacity": { "default": "2", "maximum": "5", "minimum": "1" }, + "name": "default", + "rules": [ + { + "metricTrigger": { "metricName": "CpuPercentage", "operator": "GreaterThan", "threshold": 70.0, ... }, + "scaleAction": { "direction": "Increase", "type": "ChangeCount", "value": "1" } + } + ] + } + ], + "resourceGroup": "rg-autoscale-demo", + "targetResourceUri": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-autoscale-demo/providers/Microsoft.Web/serverfarms/my-plan", + "type": "Microsoft.Insights/autoscaleSettings" +... +} +``` + + +Then list all autoscale settings in the resource group: + +```bash +az monitor autoscale list \ + --resource-group rg-autoscale-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-autoscale-demo/providers/microsoft.insights/autoscalesettings/my-autoscale", + "name": "my-autoscale", + "resourceGroup": "rg-autoscale-demo", + "type": "Microsoft.Insights/autoscaleSettings" + } +] +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor autoscale delete \ + --name my-autoscale \ + --resource-group rg-autoscale-demo +``` + + +Then list all autoscale settings to confirm the resource group is now empty: + +```bash +az monitor autoscale list --resource-group rg-autoscale-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Autoscale setting lifecycle:** Create, read, list, update, and delete autoscale settings. +- **Profile configuration:** Define default, fixed date, and recurring schedule profiles. +- **Scale rules:** Add metric-based scale-out and scale-in rules per profile. +- **Capacity bounds:** Define minimum, maximum, and default instance counts. +- **Notification configuration:** Attach email and webhook notifications on scale events (stored, not dispatched). +- **Resource targeting:** Attach autoscale settings to any scalable resource ID. + +## Limitations + +- **No scaling actions:** Instance counts are not changed by LocalStack. Scale-out and scale-in rules are stored but never executed. +- **No metric evaluation:** CPU, memory, and custom metric conditions in scale rules are not evaluated. +- **No scale history:** `az monitor autoscale history list` is not supported. +- **No notifications dispatched:** Email and webhook scale notifications are stored but not sent. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Defining autoscale policies for App Service plans in infrastructure as code templates. + +## API Coverage + + diff --git a/src/content/docs/azure/services/azure-container-registry.mdx b/src/content/docs/azure/services/azure-container-registry.mdx deleted file mode 100644 index 538c1788..00000000 --- a/src/content/docs/azure/services/azure-container-registry.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Azure Container Registry" -description: API coverage for Azure.ContainerRegistry in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/bastion-host.mdx b/src/content/docs/azure/services/bastion-host.mdx new file mode 100644 index 00000000..8fa94b84 --- /dev/null +++ b/src/content/docs/azure/services/bastion-host.mdx @@ -0,0 +1,290 @@ +--- +title: "Bastion Host" +description: Get started with Azure Bastion Host on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Bastion Host provides secure and seamless RDP and SSH connectivity to virtual machines directly through the Azure portal over TLS. +Bastion is deployed in a virtual network and eliminates the need for a public IP address on the VM, protecting against port scanning and other external threats. +It is the recommended approach for securely accessing Azure VMs without exposing them to the public internet. For more information, see [What is Azure Bastion?](https://learn.microsoft.com/en-us/azure/bastion/bastion-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Bastion Host. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Bastion Host's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Bastion Host and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group and virtual network + +Bastion Host requires a subnet named exactly `AzureBastionSubnet` and a Standard SKU public IP address. Create the prerequisites first: + +```bash +az group create \ + --name rg-bastion-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-bastion-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + + +Create a virtual network with a /16 address space to host the bastion subnet: + +```bash +az network vnet create \ + --name vnet-bastion-demo \ + --resource-group rg-bastion-demo \ + --location westeurope \ + --address-prefixes 10.0.0.0/16 +``` + +```bash title="Output" +{ + "newVNet": { + "addressSpace": { "addressPrefixes": [ "10.0.0.0/16" ] }, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/virtualNetworks/vnet-bastion-demo", + "location": "westeurope", + "name": "vnet-bastion-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-bastion-demo", + "subnets": [], + "type": "Microsoft.Network/virtualNetworks", + ... + } +} +``` + + +Create the `AzureBastionSubnet` subnet, which is required by Azure Bastion: + +```bash +az network vnet subnet create \ + --name AzureBastionSubnet \ + --resource-group rg-bastion-demo \ + --vnet-name vnet-bastion-demo \ + --address-prefixes 10.0.255.0/27 +``` + +```bash title="Output" +{ + "addressPrefix": "10.0.255.0/27", + "delegations": [], + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/virtualNetworks/vnet-bastion-demo/subnets/AzureBastionSubnet", + "name": "AzureBastionSubnet", + "privateEndpointNetworkPolicies": "Disabled", + "privateLinkServiceNetworkPolicies": "Enabled", + "provisioningState": "Succeeded", + "resourceGroup": "rg-bastion-demo", + "type": "Microsoft.Network/virtualNetworks/subnets" +... +} +``` + +### Create a Standard public IP address + +Create a Standard SKU static public IP address required by the Bastion host: + +```bash +az network public-ip create \ + --name pip-bastion \ + --resource-group rg-bastion-demo \ + --location westeurope \ + --sku Standard \ + --allocation-method Static +``` + +```bash title="Output" +{ + "publicIp": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/publicIPAddresses/pip-bastion", + "idleTimeoutInMinutes": 4, + "ipAddress": "20.56.137.218", + "location": "westeurope", + "name": "pip-bastion", + "provisioningState": "Succeeded", + "publicIPAllocationMethod": "Static", + "resourceGroup": "rg-bastion-demo", + "sku": { "name": "Standard", "tier": "Regional" }, + "type": "Microsoft.Network/publicIPAddresses", + ... + } +} +``` + +### Create a bastion host + +Create the Bastion host, linking it to the virtual network and the public IP address: + +```bash +az network bastion create \ + --name bastion-demo \ + --resource-group rg-bastion-demo \ + --location westeurope \ + --vnet-name vnet-bastion-demo \ + --public-ip-address pip-bastion +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/bastionHosts/bastion-demo", + "ipConfigurations": [ + { + "name": "bastion_ip_config", + "provisioningState": "Succeeded", + "publicIPAddress": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/publicIPAddresses/pip-bastion", + "resourceGroup": "rg-bastion-demo" + }, + "subnet": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/virtualNetworks/vnet-bastion-demo/subnets/AzureBastionSubnet", + "resourceGroup": "rg-bastion-demo" + } + } + ], + "location": "westeurope", + "name": "bastion-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-bastion-demo", + "scaleUnits": 2, + "sku": { "name": "Standard" }, + "zones": [] +} +``` + +### Get and list bastion hosts + +Retrieve the details of the Bastion host and list all Bastion instances in the resource group: + +```bash +az network bastion show \ + --name bastion-demo \ + --resource-group rg-bastion-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/bastionHosts/bastion-demo", + "ipConfigurations": [ + { + "name": "bastion_ip_config", + "provisioningState": "Succeeded", + "publicIPAddress": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/publicIPAddresses/pip-bastion", + "resourceGroup": "rg-bastion-demo" + }, + "subnet": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/virtualNetworks/vnet-bastion-demo/subnets/AzureBastionSubnet", + "resourceGroup": "rg-bastion-demo" + } + } + ], + "location": "westeurope", + "name": "bastion-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-bastion-demo", + "scaleUnits": 2, + "sku": { "name": "Standard" }, + "zones": [] +} +``` + + +Then list all Bastion instances in the resource group: + +```bash +az network bastion list \ + --resource-group rg-bastion-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-bastion-demo/providers/Microsoft.Network/bastionHosts/bastion-demo", + "ipConfigurations": [ + { + "name": "bastion_ip_config", + "provisioningState": "Succeeded", + "publicIPAddress": { "id": "...pip-bastion...", "resourceGroup": "rg-bastion-demo" }, + "subnet": { "id": "...AzureBastionSubnet...", "resourceGroup": "rg-bastion-demo" } + } + ], + "location": "westeurope", + "name": "bastion-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-bastion-demo", + "scaleUnits": 2, + "sku": { "name": "Standard" }, + "zones": [] + } +] +``` + +### Delete the bastion host + +Delete the Bastion host and verify it no longer appears in the list: + +```bash +az network bastion delete \ + --name bastion-demo \ + --resource-group rg-bastion-demo +``` + +## Features + +The Bastion Host emulator supports the following features: + +- **Create and manage bastion hosts**: Full lifecycle management including create, get, update, list, and delete. +- **Subnet name validation**: Enforces that the target subnet is named `AzureBastionSubnet`, matching Azure's requirement. +- **Standard SKU public IP validation**: Enforces that the associated public IP address uses the Standard SKU and Static allocation. +- **IP configuration storage**: Records and returns the subnet and public IP address associations in `ipConfigurations`. +- **Tags**: Apply and update resource tags on bastion host resources. +- **SKU tiers**: Support for `Basic` and `Standard` bastion SKUs. + +## Limitations + +- **No RDP or SSH connectivity**: Bastion Host is a mock implementation. No actual remote desktop or SSH sessions are established through the emulator. +- **No TLS tunnel**: The secure TLS tunneling behavior of Azure Bastion is not simulated. +- **No VM connectivity verification**: The emulator does not verify that the target VM exists or is reachable. +- **No data persistence**: Bastion Host resources are not persisted and are lost when the emulator is stopped or restarted. + +## Samples + +The following samples demonstrate how to use Bastion Host with LocalStack for Azure: + +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/cdn.mdx b/src/content/docs/azure/services/cdn.mdx deleted file mode 100644 index 0bbbfe5c..00000000 --- a/src/content/docs/azure/services/cdn.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "CDN" -description: API coverage for Microsoft.Cdn in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/container-instance.mdx b/src/content/docs/azure/services/container-instance.mdx new file mode 100644 index 00000000..50205642 --- /dev/null +++ b/src/content/docs/azure/services/container-instance.mdx @@ -0,0 +1,353 @@ +--- +title: "Container Instances" +description: Get started with Azure Container Instances on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Container Instances is a serverless container service that lets you run Docker containers on demand without managing any underlying virtual machines or orchestration infrastructure. +Each deployment unit is called a container group and can host one or more containers that share a network and lifecycle. +Container Instances is well-suited for short-lived tasks, CI workloads, and event-driven processing. For more information, see [About Azure Container Instances](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-overview). + +LocalStack for Azure provides a local environment for building and testing applications that use Azure Container Instances. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Container Instances' integration with LocalStack. + +## Getting started + +This guide is designed for users new to Container Instances and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group that will contain your Container Instances resources: + +```bash +az group create \ + --name rg-aci-demo \ + --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-aci-demo", + "location": "eastus", + "name": "rg-aci-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a container group + +Create a container group with a single container, a public IP address, and port 80 exposed: + +```bash +az container create \ + --name mycontainer \ + --resource-group rg-aci-demo \ + --image mcr.microsoft.com/cbl-mariner/base/core:2.0 \ + --cpu 1 --memory 1 \ + --ports 80 \ + --ip-address Public \ + --restart-policy Never \ + --command-line "/bin/sh -c 'echo hello && sleep 3600'" +``` + +```bash title="Output" +{ + "containers": [ + { + "command": [ + "/bin/sh", + "-c", + "echo hello && sleep 3600" + ], + "environmentVariables": [], + "image": "mcr.microsoft.com/cbl-mariner/base/core:2.0", + "instanceView": { + "currentState": { + "detailStatus": "", + "exitCode": null, + "finishTime": null, + "startTime": "2026-04-15T13:05:28+00:00", + "state": "Running" + }, + "events": [], + "previousState": null, + "restartCount": 0 + }, + "name": "mycontainer", + "ports": [ + { + "port": 80, + "protocol": null + } + ], + "resources": { + "limits": null, + "requests": { + "cpu": 1.0, + "memoryInGb": 1.0 + } + } + } + ], + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-aci-demo/providers/Microsoft.ContainerInstance/containerGroups/mycontainer", + "instanceView": { + "events": [], + "state": "Running" + }, + "ipAddress": { + "ip": "10.0.0.1", + "ports": [ + { + "port": 80, + "protocol": "TCP" + } + ], + "type": "Public" + }, + "location": "eastus", + "name": "mycontainer", + "osType": "Linux", + "provisioningState": "Succeeded", + "restartPolicy": "Never", + "sku": "Standard", + "type": "Microsoft.ContainerInstance/containerGroups" + ... +} +``` + +### Show and list container groups + +Retrieve the full details of the container group to inspect its current state: + +```bash +az container show \ + --name mycontainer \ + --resource-group rg-aci-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-aci-demo/providers/Microsoft.ContainerInstance/containerGroups/mycontainer", + "instanceView": { + "events": [], + "state": "Running" + }, + "ipAddress": { + "ip": "10.0.0.1", + "ports": [ + { + "port": 80, + "protocol": "TCP" + } + ], + "type": "Public" + }, + "location": "eastus", + "name": "mycontainer", + "osType": "Linux", + "provisioningState": "Succeeded", + "restartPolicy": "Never", + "type": "Microsoft.ContainerInstance/containerGroups" + ... +} +``` + +List all container groups within the resource group to see a summary of each one: + +```bash +az container list \ + --resource-group rg-aci-demo +``` + +```bash title="Output" +[ + { + "ipAddress": { + "ip": "10.0.0.1", + "ports": [ + { + "port": 80, + "protocol": "TCP" + } + ], + "type": "Public" + }, + "location": "eastus", + "name": "mycontainer", + "osType": "Linux", + "provisioningState": "Succeeded" + } +] +``` + +### Retrieve container logs + +Fetch the standard output from a running container to verify it started correctly: + +```bash +az container logs \ + --name mycontainer \ + --resource-group rg-aci-demo \ + --container-name mycontainer +``` + +```bash title="Output" +hello +``` + +### Stop, start, and restart + +Stop a running container group to release its compute resources without deleting the group: + +```bash +az container stop \ + --name mycontainer \ + --resource-group rg-aci-demo +``` + +Verify that the container group state has changed to `Stopped`: + +```bash +az container show \ + --name mycontainer \ + --resource-group rg-aci-demo \ + --query "{name:name, provisioningState:provisioningState, instanceView:instanceView}" +``` + +```bash title="Output" +{ + "instanceView": { + "events": [], + "state": "Stopped" + }, + "name": "mycontainer", + "provisioningState": "Succeeded" +} +``` + +Start the container group again to resume the containers from their stopped state: + +```bash +az container start \ + --name mycontainer \ + --resource-group rg-aci-demo +``` + +Verify the container group is running again: + +```bash +az container show \ + --name mycontainer \ + --resource-group rg-aci-demo \ + --query "{name:name, provisioningState:provisioningState, instanceView:instanceView}" +``` + +```bash title="Output" +{ + "instanceView": { + "events": [], + "state": "Running" + }, + "name": "mycontainer", + "provisioningState": "Succeeded" +} +``` + +Restart all containers in the group without re-creating the group itself: + +```bash +az container restart \ + --name mycontainer \ + --resource-group rg-aci-demo +``` + +Confirm the group is running after the restart: + +```bash +az container show \ + --name mycontainer \ + --resource-group rg-aci-demo \ + --query "{name:name, provisioningState:provisioningState, instanceView:instanceView}" +``` + +```bash title="Output" +{ + "instanceView": { + "events": [], + "state": "Running" + }, + "name": "mycontainer", + "provisioningState": "Succeeded" +} +``` + +### Delete and verify + +Delete the container group to remove all associated containers and Docker resources from the emulator: + +```bash +az container delete \ + --name mycontainer \ + --resource-group rg-aci-demo \ + --yes +``` + +Verify the resource group is now empty: + +```bash +az container list \ + --resource-group rg-aci-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Real Docker execution:** Container groups are backed by real Docker containers running on the local Docker engine. +- **Full container group lifecycle:** Stop, start, and restart operations are supported. +- **Container logs:** Logs are streamed directly from the Docker container and returned via the `containers__list_logs` API. +- **Volume types:** Both `emptyDir` and `secret` volume types are implemented using bind mounts from temporary directories on the host. +- **Private registries:** Image registry credentials passed via `--registry-login-server`, `--registry-username`, and `--registry-password` are used to pull images from private registries. +- **Init containers:** Init containers run sequentially before main containers and must exit with code 0 for group creation to succeed. + +## Limitations + +- **No interactive exec sessions:** `az container exec` and the `containers__execute_command` API return a stub WebSocket URI but do not provide a real terminal session. +- **No interactive attach:** `containers__attach` returns a stub WebSocket URI and does not stream container output interactively. +- **Linux containers only:** Windows containers are not supported. +- **No VNet integration:** Subnet-based networking is not emulated; all container groups are assigned an IP address from a local address pool. +- **No `az container update`:** Tag updates must be performed via `az rest PATCH`. + +## Samples + +The following samples demonstrate how to use Azure Container Instances with LocalStack for Azure: + +- [Azure Container Instances quickstart](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-quickstart) + +## API Coverage + + diff --git a/src/content/docs/azure/services/container-registry.mdx b/src/content/docs/azure/services/container-registry.mdx index 35ea223f..a51c34b9 100644 --- a/src/content/docs/azure/services/container-registry.mdx +++ b/src/content/docs/azure/services/container-registry.mdx @@ -1,11 +1,223 @@ --- title: "Container Registry" -description: API coverage for Microsoft.ContainerRegistry in LocalStack for Azure. +description: Get started with Azure Container Registry on LocalStack template: doc --- import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; +## Introduction + +Azure Container Registry (ACR) is a managed, private OCI-compatible registry for storing container images and Helm charts. +It integrates natively with Azure Kubernetes Service, Azure Container Instances, and Azure App Service to streamline container-based application deployments. +ACR is commonly used to build, store, and manage container images as part of a continuous integration and deployment pipeline. For more information, see [What is Azure Container Registry?](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-intro). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Container Registry. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Container Registry's integration with LocalStack. + +## Getting started + +This guide walks you through creating a registry, logging in with Docker, pushing an image, and listing repositories. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-acr-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-acr-demo", + "location": "eastus", + "name": "rg-acr-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a container registry + +Create a Standard-tier Azure Container Registry: + +```bash +az acr create \ + --name myacrdemo \ + --resource-group rg-acr-demo \ + --sku Basic \ + --admin-enabled true +``` + +```bash title="Output" +{ + "adminUserEnabled": true, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-acr-demo/providers/Microsoft.ContainerRegistry/registries/myacrdemo", + "location": "eastus", + "loginServer": "myacrdemo.azurecr.azure.localhost.localstack.cloud:4566", + "name": "myacrdemo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-acr-demo", + "sku": { "name": "Basic", "tier": "Basic" }, + "type": "Microsoft.ContainerRegistry/registries" +... +} +``` + +### Log in with Docker + +Authenticate the local Docker daemon to the registry using the Azure CLI: + +```bash +az acr login --name myacrdemo +``` + +### Build and push an image + +Build a local Docker image and push it to the registry endpoint: + +```bash +docker build -t myacrdemo.azurecr.io/hello:v1 . +docker push myacrdemo.azurecr.io/hello:v1 +``` + +Alternatively build directly within the emulated registry: + +```bash +az acr build \ + --image hello:v1 \ + --registry myacrdemo \ + . +``` + +### Pull an image + +Pull the image back from the registry to confirm it was pushed correctly: + +```bash +docker pull myacrdemo.azurecr.io/hello:v1 +``` + +### List repositories + +List all image repositories stored in the registry: + +```bash +az acr repository list --name myacrdemo +``` + +```bash title="Output" +[] +``` + +### Check name availability + +Check that the registry name is globally available before creating: + +```bash +az acr check-name --name myacrdemo +``` + +```bash title="Output" +{ + "message": "The registry myacrdemo is already in use.", + "nameAvailable": false, + "reason": "AlreadyExists" +} +``` + +### Update registry settings + +Enable the admin user account on the registry: + +```bash +az acr update --name myacrdemo --resource-group rg-acr-demo --admin-enabled false +``` + +```bash title="Output" +{ + "adminUserEnabled": false, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-acr-demo/providers/Microsoft.ContainerRegistry/registries/myacrdemo", + "loginServer": "myacrdemo.azurecr.azure.localhost.localstack.cloud:4566", + "name": "myacrdemo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-acr-demo", + "sku": { "name": "Basic", "tier": "Basic" }, + "type": "Microsoft.ContainerRegistry/registries" +... +} +``` + +### Show registry usage + +Show current storage usage statistics for the registry: + +```bash +az acr show-usage --name myacrdemo --resource-group rg-acr-demo +``` + +```bash title="Output" +{ + "value": [ + { "currentValue": 0, "limit": 10737418240, "name": "Size", "unit": "Bytes" }, + { "currentValue": 0, "limit": 2, "name": "Webhooks", "unit": "Count" }, + { "currentValue": 0, "limit": 100, "name": "ScopeMaps", "unit": "Count" }, + { "currentValue": 0, "limit": 100, "name": "Tokens", "unit": "Count" } + ] +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az acr delete --name myacrdemo --resource-group rg-acr-demo --yes +az acr list --resource-group rg-acr-demo +``` + +## Features + +- **Full CRUD lifecycle:** Create, read, update, and delete registry resources using the Azure CLI or ARM API. +- **Admin user management:** Enable or disable admin user access and retrieve admin credentials. +- **Name availability check:** Validate registry name uniqueness via `az acr check-name`. +- **Image push and pull:** Push and pull OCI-compliant container images using the standard Docker CLI. +- **In-registry builds:** Build images directly in the emulated registry using `az acr build`. +- **Repository listing:** List repositories and image tags stored in the registry. +- **Registry usage reporting:** Retrieve storage and limit usage via `az acr show-usage`. +- **Registry update:** Modify registry properties such as admin enabled and SKU. +- **Multiple SKUs accepted:** Basic, Standard, and Premium SKU names are accepted (all backed by the same local registry). + +## Limitations + +- **Geo-replication not supported:** Multi-region registry replication is not emulated. +- **ACR Tasks beyond basic build:** Task scheduling, triggers, and multi-step task workflows are mocked at the ARM level but not executed. +- **Private endpoints for ACR:** Private Link–based network isolation is not supported. +- **Webhook notifications:** Registry webhooks defined via the ARM API are stored but not fired on push events. +- **Content trust and quarantine:** Image signing and quarantine policies are not enforced. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Pushing and pulling Docker images from a local container registry. +- Building and running containerized applications using ACR and Azure Container Instances. + ## API Coverage diff --git a/src/content/docs/azure/services/cosmos-db.mdx b/src/content/docs/azure/services/cosmos-db.mdx new file mode 100644 index 00000000..4fa19c78 --- /dev/null +++ b/src/content/docs/azure/services/cosmos-db.mdx @@ -0,0 +1,357 @@ +--- +title: "Cosmos DB" +description: Get started with Azure Cosmos DB on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Cosmos DB is a globally distributed, multi-model NoSQL database service designed for high availability and low latency. +It supports multiple APIs including SQL (NoSQL), MongoDB, Cassandra, Gremlin, and Table, enabling teams to choose the data model that best fits their application. +Cosmos DB is commonly used for real-time applications, globally replicated datasets, and multi-tenant SaaS platforms that require predictable performance at any scale. For more information, see [Welcome to Azure Cosmos DB](https://learn.microsoft.com/en-us/azure/cosmos-db/introduction). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Cosmos DB. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Cosmos DB's integration with LocalStack. + +## Getting started + +This guide walks you through creating Cosmos DB accounts, databases, and containers using the SQL and MongoDB APIs. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### SQL (NoSQL) API + +This section walks through creating a Cosmos DB account with the SQL API, creating a database and a container, and listing resources. + +#### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-cosmos-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo", + "location": "eastus", + "name": "rg-cosmos-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +#### Create a Cosmos DB account + +Create a Cosmos DB account configured for the SQL API: + +```bash +az cosmosdb create \ + --name mycosmosaccount \ + --resource-group rg-cosmos-demo \ + --locations regionName=eastus +``` + +```bash title="Output" +{ + "databaseAccountOfferType": "Standard", + "documentEndpoint": "https://mycosmosaccount.documents.azure.com:8081/", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mycosmosaccount", + "kind": "GlobalDocumentDB", + "location": "East US", + "name": "mycosmosaccount", + "provisioningState": "Succeeded", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts", + ... +} +``` + +#### List account keys + +Retrieve the primary and secondary access keys for the account: + +```bash +az cosmosdb keys list \ + --name mycosmosaccount \ + --resource-group rg-cosmos-demo +``` + +```bash title="Output" +{ + "primaryMasterKey": "C2y6yDjf5/R+ob0N8A7C...", + "primaryReadonlyMasterKey": "C2y6yDjf5/R+ob0N8A7C...", + "secondaryMasterKey": "C2y6yDjf5/R+ob0N8A7C...", + "secondaryReadonlyMasterKey": "C2y6yDjf5/R+ob0N8A7C..." +} +``` + +#### Create a SQL database + +Create a SQL API database within the Cosmos DB account: + +```bash +az cosmosdb sql database create \ + --account-name mycosmosaccount \ + --resource-group rg-cosmos-demo \ + --name mydb +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mycosmosaccount/sqlDatabases/mydb", + "name": "mydb", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases" +... +} +``` + +#### Create a SQL container + +Create a SQL container with a partition key path of `/id`: + +```bash +az cosmosdb sql container create \ + --account-name mycosmosaccount \ + --resource-group rg-cosmos-demo \ + --database-name mydb \ + --name mycontainer \ + --partition-key-path /id +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mycosmosaccount/sqlDatabases/mydb/containers/mycontainer", + "name": "mycontainer", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers" +... +} +``` + +#### List databases and containers + +List all SQL databases in the account and all containers within the database: + +```bash +az cosmosdb sql database list \ + --account-name mycosmosaccount \ + --resource-group rg-cosmos-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mycosmosaccount/sqlDatabases/mydb", + "name": "mydb", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases" + } +] +``` + + +Then list all containers in the database: + +```bash +az cosmosdb sql container list \ + --account-name mycosmosaccount \ + --resource-group rg-cosmos-demo \ + --database-name mydb +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mycosmosaccount/sqlDatabases/mydb/containers/mycontainer", + "name": "mycontainer", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers" + } +] +``` + +### MongoDB API + +This section walks through creating a Cosmos DB account with the MongoDB API, creating a database, and connecting with a MongoDB client. + +#### Create a MongoDB Cosmos DB account + +Create a second Cosmos DB account configured for the MongoDB API: + +```bash +az cosmosdb create \ + --name mymongoacccount \ + --resource-group rg-cosmos-demo \ + --locations regionName=eastus \ + --kind MongoDB +``` + +```bash title="Output" +{ + "databaseAccountOfferType": "Standard", + "documentEndpoint": "https://mymongoacccount.documents.azure.com:443/", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mymongoacccount", + "kind": "MongoDB", + "location": "East US", + "name": "mymongoacccount", + "provisioningState": "Succeeded", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts", + ... +} +``` + +#### Retrieve connection string + +Retrieve the MongoDB-compatible connection string for the account: + +```bash +az cosmosdb keys list \ + --name mymongoacccount \ + --resource-group rg-cosmos-demo \ + --type connection-strings \ + --query "connectionStrings[0].connectionString" \ + --output tsv +``` + +```bash title="Output" +mongodb://primary:@172.17.0.10:27017/ +``` + +#### Create a MongoDB database + +Create a MongoDB database within the account: + +```bash +az cosmosdb mongodb database create \ + --account-name mymongoacccount \ + --resource-group rg-cosmos-demo \ + --name mymongodb +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mymongoacccount/mongodbDatabases/mymongodb", + "name": "mymongodb", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases" +... +} +``` + +#### Create a MongoDB collection + +Create a MongoDB collection inside the database with a shard key: + +```bash +az cosmosdb mongodb collection create \ + --account-name mymongoacccount \ + --resource-group rg-cosmos-demo \ + --database-name mymongodb \ + --name mycollection \ + --shard /userId \ + --throughput 400 +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mymongoacccount/mongodbDatabases/mymongodb/collections/mycollection", + "name": "mycollection", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections" +... +} +``` + +#### Connect with the MongoDB client + +Extract the connection string and connect to the MongoDB database using `mongosh`: + +```bash +CONN_STR=$(az cosmosdb keys list \ + --name mymongoacccount \ + --resource-group rg-cosmos-demo \ + --type connection-strings \ + --query "connectionStrings[0].connectionString" \ + --output tsv) + +mongosh "$CONN_STR" +``` + +### Delete and verify + +Delete the Cosmos DB account and confirm it no longer appears in the list: + +```bash +az cosmosdb delete \ + --name mycosmosaccount \ + --resource-group rg-cosmos-demo \ + --yes + +az cosmosdb list --resource-group rg-cosmos-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-cosmos-demo/providers/Microsoft.DocumentDB/databaseAccounts/mymongoacccount", + "kind": "MongoDB", + "name": "mymongoacccount", + "provisioningState": "Succeeded", + "resourceGroup": "rg-cosmos-demo", + "type": "Microsoft.DocumentDB/databaseAccounts" + } +] +``` + +## Features + +- **Account lifecycle:** Create, read, list, and delete Cosmos DB accounts for both SQL and MongoDB API kinds. +- **Account key management:** Retrieve primary and secondary master keys and read-only keys. +- **Connection strings:** Retrieve connection strings for MongoDB accounts via `az cosmosdb keys list --type connection-strings`. +- **Name availability check:** Validate account name uniqueness. +- **SQL databases:** Create, read, list, and delete SQL (NoSQL) databases within an account. +- **SQL containers:** Create, read, list, and delete SQL containers with partition key configuration. +- **SQL indexing policy:** Create containers with custom indexing policies. +- **MongoDB databases:** Create, read, list, and delete MongoDB databases within an account. +- **MongoDB collections:** Create, read, list, and delete MongoDB collections with shard key and throughput settings. +- **Native MongoDB access:** Connect directly to the local MongoDB backend using a standard MongoDB client. + +## Limitations + +- **PostgreSQL API not supported:** The Azure Cosmos DB for PostgreSQL (formerly Citus) API is not emulated. +- **Table API not supported:** The Cosmos DB Table API is not emulated. +- **Cassandra API not supported:** The Cosmos DB Cassandra API is not emulated. +- **Gremlin API not supported:** The Cosmos DB Gremlin (graph) API is not emulated. +- **Global distribution not emulated:** Multi-region replication and conflict resolution are accepted at the model level but not executed. +- **Change feed and triggers:** Change feed processing and Cosmos DB triggers for Azure Functions are not emulated. +- **Throughput and RU metering:** Request unit (RU) consumption is not tracked or enforced. +- **RBAC for data plane:** Data plane RBAC (built-in Cosmos DB roles) is not enforced. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Provisioning a Cosmos DB SQL account and inserting documents with the Azure SDK. +- Connecting to the Cosmos DB MongoDB API with a standard MongoDB driver. + +## API Coverage + + diff --git a/src/content/docs/azure/services/data-collection-rules.mdx b/src/content/docs/azure/services/data-collection-rules.mdx new file mode 100644 index 00000000..ba84ceca --- /dev/null +++ b/src/content/docs/azure/services/data-collection-rules.mdx @@ -0,0 +1,247 @@ +--- +title: "Data Collection Rules" +description: Get started with Azure Monitor Data Collection Rules on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Data Collection Rules (DCR) define the data to collect, how to transform it, and where to send it. +Data Collection Endpoints (DCE) provide the ingestion URL used to receive data in DCR-based pipelines, while Data Collection Rule Associations (DCRA) link a DCR to a specific monitored resource. +Together, DCRs, DCEs, and DCRAs form the foundation of the Azure Monitor Logs ingestion pipeline. For more information, see [Data collection rules in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/data-collection-rule-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Data Collection Rules. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Data Collection Rules' integration with LocalStack. + +## Getting started + +This guide walks you through creating a Data Collection Endpoint, a Data Collection Rule, and associating the rule with a virtual machine. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-dcr-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo", + "location": "eastus", + "name": "rg-dcr-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a data collection endpoint + +Create a data collection endpoint (DCE) to serve as the ingestion target: + +```bash +az monitor data-collection endpoint create \ + --name my-dce \ + --resource-group rg-dcr-demo \ + --location eastus \ + --public-network-access Enabled +``` + +```bash title="Output" +{ + "configurationAccess": { "endpoint": "https://my-dce.eastus-1.handler.control.monitor.azure.com" }, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.Insights/dataCollectionEndpoints/my-dce", + "immutableId": "dce-82f06343382a4872ba2270b5dba2eee7", + "location": "eastus", + "logsIngestion": { "endpoint": "https://my-dce.eastus-1.ingest.monitor.azure.com" }, + "name": "my-dce", + "networkAcls": { "publicNetworkAccess": "Enabled" }, + "provisioningState": "Succeeded", + "resourceGroup": "rg-dcr-demo", + "type": "Microsoft.Insights/dataCollectionEndpoints" +... +} +``` + +### Create a data collection rule + +Save the following JSON to `my-dcr.json`: + +```json title="my-dcr.json" +{ + "location": "eastus", + "properties": { + "dataSources": { + "performanceCounters": [ + { + "name": "perfCounterDataSource", + "samplingFrequencyInSeconds": 60, + "counterSpecifiers": ["\\Processor(_Total)\\% Processor Time"], + "streams": ["Microsoft-Perf"] + } + ] + }, + "destinations": { + "logAnalytics": [ + { + "workspaceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "name": "myWorkspace" + } + ] + }, + "dataFlows": [ + { + "streams": ["Microsoft-Perf"], + "destinations": ["myWorkspace"] + } + ] + } +} +``` + + +Create the data collection rule from the configuration file: + +```bash +az monitor data-collection rule create \ + --name my-dcr \ + --resource-group rg-dcr-demo \ + --location eastus \ + --rule-file my-dcr.json +``` + +```bash title="Output" +{ + "dataFlows": [ { "destinations": ["myWorkspace"], "streams": ["Microsoft-Perf"] } ], + "dataSources": { + "performanceCounters": [ + { "counterSpecifiers": ["\\Processor(_Total)\\% Processor Time"], "name": "perfCounterDataSource", "samplingFrequencyInSeconds": 60, "streams": ["Microsoft-Perf"] } + ] + }, + "destinations": { + "logAnalytics": [ + { "name": "myWorkspace", "workspaceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace" } + ] + }, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.Insights/dataCollectionRules/my-dcr", + "immutableId": "dcr-d7f9c291105845b8b470d40631e5c883", + "location": "eastus", + "name": "my-dcr", + "provisioningState": "Succeeded", + "resourceGroup": "rg-dcr-demo", + "type": "Microsoft.Insights/dataCollectionRules" +... +} +``` + +### List data collection rules + +List all data collection rules in the resource group: + + +Then list all data collection rules to confirm the resource group is now empty: + +```bash +az monitor data-collection rule list --resource-group rg-dcr-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.Insights/dataCollectionRules/my-dcr", + "location": "eastus", + "name": "my-dcr", + "provisioningState": "Succeeded", + "resourceGroup": "rg-dcr-demo", + "type": "Microsoft.Insights/dataCollectionRules", + ... + } +] +``` + +### Create a data collection rule association + +Associate the rule with a virtual machine: + +```bash +VM_ID="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.Compute/virtualMachines/my-vm" + +az monitor data-collection rule association create \ + --name my-dcra \ + --resource "$VM_ID" \ + --rule-id "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.Insights/dataCollectionRules/my-dcr" +``` + +```bash title="Output" +{ + "dataCollectionRuleId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.Insights/dataCollectionRules/my-dcr", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dcr-demo/providers/Microsoft.Compute/virtualMachines/my-vm/providers/Microsoft.Insights/dataCollectionRuleAssociations/my-dcra", + "name": "my-dcra", + "resourceGroup": "rg-dcr-demo", + "type": "Microsoft.Insights/dataCollectionRuleAssociations" +... +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor data-collection rule delete \ + --name my-dcr \ + --resource-group rg-dcr-demo +``` + + +Then list all data collection rules to confirm the resource group is now empty: + +```bash +az monitor data-collection rule list --resource-group rg-dcr-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Data Collection Rule lifecycle:** Create, read, list, update, and delete DCRs. +- **Data Collection Endpoint lifecycle:** Create, read, list, and delete DCEs. +- **Data Collection Rule Association lifecycle:** Create, read, list, and delete DCRAs linking a DCR to a resource. +- **Data source configuration:** Accept performance counter, Windows event log, Syslog, and custom log data sources. +- **Destination configuration:** Accept Log Analytics workspace and storage account destinations. +- **Data flow configuration:** Define stream-to-destination routing in the data flow section. + +## Limitations + +- **No data ingestion:** Data sent to a DCE ingestion URL is not processed or stored. +- **No transformation:** KQL-based data transformations defined in DCRs are not executed. +- **No agent-managed collection:** The Azure Monitor Agent (AMA) interacting with LocalStack does not collect or forward real metrics or logs. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Defining data collection pipelines with DCRs and DCEs for infrastructure testing. + +## API Coverage + + diff --git a/src/content/docs/azure/services/diagnostic-setting.mdx b/src/content/docs/azure/services/diagnostic-setting.mdx new file mode 100644 index 00000000..10ffc555 --- /dev/null +++ b/src/content/docs/azure/services/diagnostic-setting.mdx @@ -0,0 +1,227 @@ +--- +title: "Diagnostic Setting" +description: Get started with Azure Monitor Diagnostic Settings on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Diagnostic Settings configure where a resource sends its platform logs and metrics. +Supported destinations include Log Analytics Workspaces, Storage Accounts, Event Hubs, and partner solutions. +Diagnostic settings are commonly used to enable centralized log collection and compliance auditing across Azure deployments. For more information, see [Diagnostic settings in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/diagnostic-settings). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Diagnostic Settings. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Diagnostic Settings' integration with LocalStack. + +## Getting started + +This guide uses the existing `monitor.mdx` article workflow as a reference. +See also the [Monitor](/azure/services/monitor) page for a broader overview of diagnostic settings alongside activity log examples. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-diag-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo", + "location": "eastus", + "name": "rg-diag-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a storage account as the destination + +Create a storage account to serve as the export destination for the logs and metrics: + +```bash +az storage account create \ + --name sadiagdemo \ + --resource-group rg-diag-demo \ + --location eastus \ + --sku Standard_LRS +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo", + "kind": "StorageV2", + "location": "eastus", + "name": "sadiagdemo", + "resourceGroup": "rg-diag-demo", + "sku": { "name": "Standard_LRS", "tier": "Standard" }, + "type": "Microsoft.Storage/storageAccounts" +... +} +``` + +### Create a diagnostic setting on a resource + +The following example creates a diagnostic setting on a storage account (nested blob service) that routes `StorageRead` logs to a storage account: + +```bash +RESOURCE_ID="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo/blobServices/default" +DEST_ID="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo" + +az monitor diagnostic-settings create \ + --name my-diag-setting \ + --resource "$RESOURCE_ID" \ + --storage-account "$DEST_ID" \ + --logs '[{"category": "StorageRead", "enabled": true}]' \ + --metrics '[{"category": "Transaction", "enabled": true}]' +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo/blobServices/default/providers/microsoft.insights/diagnosticSettings/my-diag-setting", + "logs": [ { "category": "StorageRead", "enabled": true } ], + "metrics": [ { "category": "Transaction", "enabled": true } ], + "name": "my-diag-setting", + "storageAccountId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo", + "type": "microsoft.insights/diagnosticSettings" +... +} +``` + +### List diagnostic settings + +List all diagnostic settings attached to the target resource: + + +Then list all diagnostic settings to confirm the setting was removed: + +```bash +az monitor diagnostic-settings list --resource "$RESOURCE_ID" +``` + +```bash title="Output" +{ + "value": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo/blobServices/default/providers/microsoft.insights/diagnosticSettings/my-diag-setting", + "logs": [ { "category": "StorageRead", "enabled": true } ], + "metrics": [ { "category": "Transaction", "enabled": true } ], + "name": "my-diag-setting", + "storageAccountId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo", + "type": "microsoft.insights/diagnosticSettings" + } + ] +... +} +``` + +### Show a diagnostic setting + +Retrieve the full configuration of the diagnostic setting: + +```bash +az monitor diagnostic-settings show \ + --name my-diag-setting \ + --resource "$RESOURCE_ID" +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo/blobServices/default/providers/microsoft.insights/diagnosticSettings/my-diag-setting", + "logs": [ { "category": "StorageRead", "enabled": true } ], + "metrics": [ { "category": "Transaction", "enabled": true } ], + "name": "my-diag-setting", + "storageAccountId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo", + "type": "microsoft.insights/diagnosticSettings" +... +} +``` + +### Update a diagnostic setting + +Update the setting to also route to an Event Hub (stored, not routed): + +```bash +az monitor diagnostic-settings update \ + --name my-diag-setting \ + --resource "$RESOURCE_ID" \ + --logs '[{"category": "StorageRead", "enabled": false}]' +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo/blobServices/default/providers/microsoft.insights/diagnosticSettings/my-diag-setting", + "logs": [ { "category": "StorageRead", "enabled": false } ], + "metrics": [ { "category": "Transaction", "enabled": true } ], + "name": "my-diag-setting", + "storageAccountId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-diag-demo/providers/Microsoft.Storage/storageAccounts/sadiagdemo", + "type": "microsoft.insights/diagnosticSettings" +... +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor diagnostic-settings delete \ + --name my-diag-setting \ + --resource "$RESOURCE_ID" +``` + + +Then list all diagnostic settings to confirm the setting was removed: + +```bash +az monitor diagnostic-settings list --resource "$RESOURCE_ID" +``` + +```bash title="Output" +{ + "value": [] +} +``` + +## Features + +- **Diagnostic setting lifecycle:** Create, read, list, update, and delete diagnostic settings on any resource. +- **Multiple destinations:** Accept Storage Account, Log Analytics Workspace, and Event Hub as destinations. +- **Log category configuration:** Enable or disable individual log categories per setting. +- **Metric category configuration:** Enable or disable individual metric categories per setting. +- **Retention policy support:** Accept retention day settings per log and metric category. +- **Resource-scoped settings:** Settings are scoped to a specific resource (by resource ID). + +## Limitations + +- **No data routing:** Logs and metrics are not routed to the configured Storage Account, Log Analytics Workspace, or Event Hub. The setting is stored in the emulator only. +- **No log ingestion:** Platform logs emitted by Azure services within LocalStack are not captured or forwarded. +- **No subscription diagnostic settings:** The subscription-level diagnostic settings endpoint (`PUT /subscriptions/{id}/providers/microsoft.insights/diagnosticSettings`) is not currently supported. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Configuring diagnostic settings to route audit logs to a storage account. + +## API Coverage + + diff --git a/src/content/docs/azure/services/front-door.mdx b/src/content/docs/azure/services/front-door.mdx new file mode 100644 index 00000000..fd5f19b9 --- /dev/null +++ b/src/content/docs/azure/services/front-door.mdx @@ -0,0 +1,436 @@ +--- +title: "Front Door" +description: Get started with Azure Front Door on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Front Door is a global content delivery network and load balancer that routes client traffic to the fastest available origin using Microsoft's global network. +It combines HTTP load balancing, SSL offloading, URL-based routing, and traffic acceleration into a single entry point for your web applications. +Front Door Standard and Premium profiles are configured through the `Microsoft.Cdn` resource provider and managed using the `az afd` CLI command group. For more information, see [What is Azure Front Door?](https://learn.microsoft.com/en-us/azure/frontdoor/front-door-overview). + +LocalStack for Azure provides a local environment for building and testing applications that use Azure Front Door. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Front Door's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Azure Front Door and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold your Front Door resources: + +```bash +az group create \ + --name rg-afd-demo \ + --location global +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-afd-demo", + "location": "global", + "name": "rg-afd-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a Front Door profile + +Create a Front Door Standard profile to serve as the top-level container for all Front Door resources: + +```bash +az afd profile create \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --sku Standard_AzureFrontDoor +``` + +```bash title="Output" +{ + "frontDoorId": "a3664ef5-d8cb-4930-b7f8-8a762d24acf9", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo", + "kind": "frontdoor", + "location": "Global", + "name": "afd-demo", + "originResponseTimeoutSeconds": 30, + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "resourceState": "Active", + "sku": { + "name": "Standard_AzureFrontDoor" + }, + "tags": {}, + "type": "Microsoft.Cdn/profiles" +} +``` + +### Create an endpoint + +Create an endpoint to expose a publicly accessible hostname for your Front Door profile: + +```bash +az afd endpoint create \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --endpoint-name my-endpoint \ + --enabled-state Enabled +``` + +```bash title="Output" +{ + "deploymentStatus": "NotStarted", + "enabledState": "Enabled", + "hostName": "my-endpoint-08621c35aa0147f0.z01.azurefd.net", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/afdendpoints/my-endpoint", + "location": "Global", + "name": "my-endpoint", + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "tags": {}, + "type": "Microsoft.Cdn/profiles/afdendpoints" +} +``` + +The `hostName` field contains the generated `*.azurefd.net` domain assigned to this endpoint. + +### Create an origin group + +Create an origin group to define the set of backend servers that Front Door will load-balance across, including a health probe configuration: + +```bash +az afd origin-group create \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --origin-group-name my-origin-group \ + --probe-path "/health" \ + --probe-request-type GET \ + --probe-protocol Http \ + --probe-interval-in-seconds 120 \ + --sample-size 2 \ + --successful-samples-required 2 +``` + +```bash title="Output" +{ + "deploymentStatus": "NotStarted", + "healthProbeSettings": { + "probeIntervalInSeconds": 120, + "probePath": "/health", + "probeProtocol": "Http", + "probeRequestType": "GET" + }, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/origingroups/my-origin-group", + "loadBalancingSettings": { + "additionalLatencyInMilliseconds": 0, + "sampleSize": 2, + "successfulSamplesRequired": 2 + }, + "name": "my-origin-group", + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "sessionAffinityState": "Disabled", + "type": "Microsoft.Cdn/profiles/origingroups" +} +``` + +### Add an origin + +Add an origin to the origin group to specify the backend host that Front Door will forward traffic to: + +```bash +az afd origin create \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --origin-group-name my-origin-group \ + --origin-name my-origin \ + --host-name example.com \ + --http-port 80 \ + --https-port 443 +``` + +```bash title="Output" +{ + "deploymentStatus": "NotStarted", + "enabledState": "Enabled", + "enforceCertificateNameCheck": true, + "hostName": "example.com", + "httpPort": 80, + "httpsPort": 443, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/origingroups/my-origin-group/origins/my-origin", + "name": "my-origin", + "originGroupName": "my-origin-group", + "priority": 1, + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "type": "Microsoft.Cdn/profiles/origingroups/origins", + "weight": 50 +} +``` + +### Create a route + +Create a route to wire the endpoint to the origin group and define which protocols and path patterns are accepted. +The `--origin-group` flag requires the full ARM resource ID: + +```bash +SUBSCRIPTION_ID=$(az account show --query id -o tsv) +ORIGIN_GROUP_ID="/subscriptions/$SUBSCRIPTION_ID/resourceGroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/originGroups/my-origin-group" + +az afd route create \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --endpoint-name my-endpoint \ + --route-name my-route \ + --origin-group "$ORIGIN_GROUP_ID" \ + --supported-protocols Http Https \ + --link-to-default-domain Enabled \ + --https-redirect Disabled +``` + +```bash title="Output" +{ + "customDomains": [], + "deploymentStatus": "NotStarted", + "enabledState": "Enabled", + "forwardingProtocol": "MatchRequest", + "httpsRedirect": "Disabled", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/afdendpoints/my-endpoint/routes/my-route", + "linkToDefaultDomain": "Enabled", + "name": "my-route", + "originGroup": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/originGroups/my-origin-group", + "resourceGroup": "rg-afd-demo" + }, + "patternsToMatch": [ + "/*" + ], + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "ruleSets": [], + "supportedProtocols": [ + "Http", + "Https" + ], + "type": "Microsoft.Cdn/profiles/afdendpoints/routes" +} +``` + +### Work with rule sets and rules + +Create a rule set to group related routing rules under the profile. +Rule set names must be alphanumeric only: + +```bash +az afd rule-set create \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --rule-set-name myruleset +``` + +```bash title="Output" +{ + "deploymentStatus": "NotStarted", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/rulesets/myruleset", + "name": "myruleset", + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "type": "Microsoft.Cdn/profiles/rulesets" +} +``` + +Add a rule to the rule set with an execution order and match processing behaviour: + +```bash +az afd rule create \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --rule-set-name myruleset \ + --rule-name myrule \ + --order 1 \ + --match-processing-behavior Continue +``` + +```bash title="Output" +{ + "actions": [], + "conditions": [], + "deploymentStatus": "NotStarted", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/rulesets/myruleset/rules/myrule", + "matchProcessingBehavior": "Continue", + "name": "myrule", + "order": 1, + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "ruleSetName": "myruleset", + "type": "Microsoft.Cdn/profiles/rulesets/rules" +} +``` + +List all rule sets and rules under the profile to confirm their state: + +```bash +az afd rule-set list \ + --resource-group rg-afd-demo \ + --profile-name afd-demo +``` + +```bash title="Output" +[ + { + "deploymentStatus": "NotStarted", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/rulesets/myruleset", + "name": "myruleset", + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "type": "Microsoft.Cdn/profiles/rulesets" + } +] +``` + +```bash +az afd rule list \ + --resource-group rg-afd-demo \ + --profile-name afd-demo \ + --rule-set-name myruleset +``` + +```bash title="Output" +[ + { + "actions": [], + "conditions": [], + "deploymentStatus": "NotStarted", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo/rulesets/myruleset/rules/myrule", + "matchProcessingBehavior": "Continue", + "name": "myrule", + "order": 1, + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "ruleSetName": "myruleset", + "type": "Microsoft.Cdn/profiles/rulesets/rules" + } +] +``` + +### Show and list + +Show the Front Door profile to inspect its current state: + +```bash +az afd profile show \ + --resource-group rg-afd-demo \ + --profile-name afd-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo", + "kind": "frontdoor", + "location": "Global", + "name": "afd-demo", + "provisioningState": "Succeeded", + "resourceState": "Active", + "sku": { + "name": "Standard_AzureFrontDoor" + }, + "type": "Microsoft.Cdn/profiles" +} +``` + +List all profiles in the resource group to verify the profile appears in results: + +```bash +az afd profile list --resource-group rg-afd-demo +``` + +```bash title="Output" +[ + { + "frontDoorId": "083e606f-cec4-481b-b1d2-781b4428e52c", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/rg-afd-demo/providers/Microsoft.Cdn/profiles/afd-demo", + "kind": "frontdoor", + "location": "Global", + "name": "afd-demo", + "originResponseTimeoutSeconds": 30, + "provisioningState": "Succeeded", + "resourceGroup": "rg-afd-demo", + "resourceState": "Active", + "sku": { + "name": "Standard_AzureFrontDoor" + }, + "tags": {}, + "type": "Microsoft.Cdn/profiles" + } +] +``` + +### Delete and verify + +Delete the Front Door profile to remove the profile and all child resources from the emulator: + +```bash +az afd profile delete \ + --resource-group rg-afd-demo \ + --profile-name afd-demo +``` + +Verify the resource group no longer contains any profiles: + +```bash +az afd profile list --resource-group rg-afd-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Full resource hierarchy:** Profiles, endpoints, origin groups, origins, routes, rule sets, and rules can all be created, updated, listed, and deleted under `Microsoft.Cdn/profiles`. +- **Hostname generation:** A realistic `*.azurefd.net` hostname is generated for each endpoint, matching the format used by the real Azure service. +- **Health probe settings:** Origin group health probe configuration — path, protocol, request type, and probe interval — is stored and returned on all get and list operations. +- **Load balancing settings:** `sampleSize`, `successfulSamplesRequired`, and `additionalLatencyInMilliseconds` are stored and returned correctly. +- **Route configuration:** Pattern matching, supported protocols, HTTPS redirect behaviour, and origin group linkage are fully supported. +- **Rule sets and rules:** Match processing behaviour and ordering are stored and returned. +- **Endpoint name availability:** Availability checks via `afd_profiles__check_endpoint_name_availability` reflect the real availability state. + +## Limitations + +- **Rules not enforced at data plane:** Rule conditions and actions are stored by the management plane but are not evaluated; rules do not affect how requests are proxied. +- **No custom domain validation:** Custom domain binding is stored but DNS validation and certificate provisioning are not performed. +- **No HTTPS certificate management:** Managed certificates and bring-your-own-certificate flows are not emulated. +- **Classic CDN data plane not emulated:** Classic CDN profiles (`az cdn`) can be created under the same `Microsoft.Cdn` namespace, but traffic acceleration behaviour is not emulated. +- **Deployment status always `NotStarted`:** There is no asynchronous deployment pipeline behind profile or endpoint state changes. +- **No WAF policy support:** WAF policy association is not supported. + +## Samples + +The following samples demonstrate how to use Azure Front Door with LocalStack for Azure: + +- [Azure Front Door quickstart](https://learn.microsoft.com/en-us/azure/frontdoor/create-front-door-cli) + +## API Coverage + + diff --git a/src/content/docs/azure/services/functions-app.mdx b/src/content/docs/azure/services/functions-app.mdx new file mode 100644 index 00000000..2956a9ca --- /dev/null +++ b/src/content/docs/azure/services/functions-app.mdx @@ -0,0 +1,250 @@ +--- +title: "Function Apps" +description: Get started with Azure Function Apps on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Function Apps are serverless compute resources that host and execute Azure Functions in response to events. +They support multiple runtime environments including Python, Node.js, and .NET, and integrate with a wide range of trigger sources such as HTTP requests, queues, and timers. +Function Apps are commonly used to build event-driven microservices, scheduled background jobs, and lightweight API backends. For more information, see [Introduction to Azure Functions](https://learn.microsoft.com/en-us/azure/azure-functions/functions-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Function Apps. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Function Apps' integration with LocalStack. + +## Getting started + +This guide walks you through creating a Function App backed by a Storage Account, deploying a Python HTTP-trigger function, and invoking it. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-func-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-func-demo", + "location": "eastus", + "name": "rg-func-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a storage account + +Function Apps require a Storage Account for internal bookkeeping. + +```bash +az storage account create \ + --name safuncdemo \ + --resource-group rg-func-demo \ + --location eastus \ + --sku Standard_LRS +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-func-demo/providers/Microsoft.Storage/storageAccounts/safuncdemo", + "kind": "StorageV2", + "location": "eastus", + "name": "safuncdemo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-func-demo", + "sku": { "name": "Standard_LRS", "tier": "Standard" }, + "type": "Microsoft.Storage/storageAccounts", + ... +} +``` + +### Create a function app + +Create a function app and associate it with the storage account and App Service plan: + +```bash +az functionapp create \ + --name my-func-app \ + --resource-group rg-func-demo \ + --consumption-plan-location eastus \ + --runtime python \ + --runtime-version 3.11 \ + --functions-version 4 \ + --os-type linux \ + --storage-account safuncdemo +``` + +```bash title="Output" +{ + "defaultHostName": "my-func-app.azurewebsites.azure.localhost.localstack.cloud:4566", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-func-demo/providers/Microsoft.Web/sites/my-func-app", + "kind": "functionapp,linux", + "location": "eastus", + "name": "my-func-app", + "resourceGroup": "rg-func-demo", + "state": "Running", + "type": "Microsoft.Web/sites", + ... +} +``` + +### Configure app settings + +Add environment variables as application settings on the function app: + +```bash +az functionapp config appsettings set \ + --name my-func-app \ + --resource-group rg-func-demo \ + --settings \ + FUNCTIONS_WORKER_RUNTIME=python \ + MY_CUSTOM_SETTING=hello-world +``` + +```bash title="Output" +[ + { "name": "FUNCTIONS_WORKER_RUNTIME", "slotSetting": false, "value": "python" }, + { "name": "MY_CUSTOM_SETTING", "slotSetting": false, "value": "hello-world" }, + { "name": "AzureWebJobsStorage", "slotSetting": false, "value": "DefaultEndpointsProtocol=https;..." }, + ... +] +``` + +### List application settings + +List all application settings currently configured on the function app: + +```bash +az functionapp config appsettings list \ + --name my-func-app \ + --resource-group rg-func-demo +``` + +```bash title="Output" +[ + { "name": "FUNCTIONS_WORKER_RUNTIME", "slotSetting": false, "value": "python" }, + { "name": "FUNCTIONS_EXTENSION_VERSION", "slotSetting": false, "value": "~4" }, + { "name": "AzureWebJobsStorage", "slotSetting": false, "value": "DefaultEndpointsProtocol=https;..." }, + { "name": "MY_CUSTOM_SETTING", "slotSetting": false, "value": "hello-world" }, + ... +] +``` + +### Deploy function code + +Use the Azure Functions Core Tools to deploy a zip package containing your function code: + +```bash +az functionapp deploy \ + --resource-group rg-func-demo \ + --name my-func-app \ + --src-path ./my_func.zip \ + --type zip +``` + +### Invoke an HTTP-trigger function + +After deployment, invoke the function via its default hostname: + +```bash +curl "http://my-func-app.azurewebsites.azure.localhost.localstack.cloud:4566/api/MyHttpTrigger?name=LocalStack" +``` + +### List and inspect function apps + +List all function apps in the resource group in table format and retrieve the full configuration of the app: + +```bash +az functionapp list --resource-group rg-func-demo --output table +``` + +```bash title="Output" +Name Location State ResourceGroup DefaultHostName AppServicePlan +----------- ---------- ------- --------------- ---------------------------------------------------------------- ---------------- +my-func-app East US Running rg-func-demo my-func-app.azurewebsites.azure.localhost.localstack.cloud:4566 Default1pn +``` + + +Then retrieve the full configuration of the function app: + +```bash +az functionapp show --name my-func-app --resource-group rg-func-demo +``` + +```bash title="Output" +{ + "defaultHostName": "my-func-app.azurewebsites.azure.localhost.localstack.cloud:4566", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-func-demo/providers/Microsoft.Web/sites/my-func-app", + "kind": "functionapp,linux", + "location": "East US", + "name": "my-func-app", + "resourceGroup": "rg-func-demo", + "state": "Running", + "type": "Microsoft.Web/sites" +... +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az functionapp delete --name my-func-app --resource-group rg-func-demo +az functionapp list --resource-group rg-func-demo --output table +``` + +## Features + +- **Full CRUD lifecycle:** Create, read, update, and delete Function App resources using the Azure CLI or ARM API. +- **App settings management:** Set and list application settings via `az functionapp config appsettings`. +- **Site configuration:** Configure site properties including `linuxFxVersion`, `use32BitWorkerProcess`, and `alwaysOn`. +- **Publishing credentials:** Retrieve deployment credentials via the `listPublishingCredentials` action. +- **Publishing profile:** Download publish profiles via the `listPublishingProfileXmlWithSecrets` action. +- **SCM access control:** Get and configure source control manager (SCM) access policy. +- **Diagnostic logs:** Configure logging via `az functionapp log config`. +- **Consumption plan auto-provisioning:** An App Service Plan is automatically created for the Function App when using a consumption plan location. +- **Docker container execution:** Actual function execution is backed by a Docker container spawned on deploy. +- **HTTP trigger invocation:** HTTP-triggered functions are accessible via the default host name after deployment. +- **Multiple runtimes:** Python, Node.js, and .NET function runtimes are supported for execution. + +## Limitations + +- **Docker required for execution:** Function code execution requires Docker to be running. Without Docker, the Function App resource can be created and managed, but code will not run. +- **Durable Functions not supported:** Stateful orchestration via Durable Functions is not emulated. +- **Timer and non-HTTP triggers:** Timer, Blob, Queue, Service Bus, Event Hub, Event Grid, and Cosmos DB triggers are not automatically fired by LocalStack. They must be invoked manually or by external tooling. +- **Deployment slots:** Staging slots and slot swaps are not supported. +- **Log streaming:** Live log streaming via `az functionapp log tail` is not supported. +- **Managed identities for functions:** Assigning a managed identity to a Function App is accepted at the ARM level but authentication tokens are not issued for bindings. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Python HTTP-trigger function deployed with the Azure Functions Core Tools. +- Node.js function app with `func azure functionapp publish`. +- .NET isolated worker function app deployment. + +## API Coverage + + diff --git a/src/content/docs/azure/services/log-analytics.mdx b/src/content/docs/azure/services/log-analytics.mdx new file mode 100644 index 00000000..c10f78a0 --- /dev/null +++ b/src/content/docs/azure/services/log-analytics.mdx @@ -0,0 +1,211 @@ +--- +title: "Log Analytics" +description: Get started with Azure Log Analytics on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Log Analytics Workspaces are the primary data store for Azure Monitor log data. +They collect, index, and query log and metric data from Azure resources, virtual machines, and custom sources. +Log Analytics Workspaces are commonly used as the central destination for diagnostic settings, Azure Monitor agents, and security audit logs in enterprise monitoring architectures. For more information, see [Log Analytics workspace overview](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-workspace-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Log Analytics Workspaces. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Log Analytics' integration with LocalStack. + +## Getting started + +This guide walks you through creating a Log Analytics Workspace, retrieving its shared keys, and deleting the workspace. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-laws-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo", + "location": "eastus", + "name": "rg-laws-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a Log Analytics Workspace + +Create a Log Analytics workspace with a 30-day data retention period: + +```bash +az monitor log-analytics workspace create \ + --name my-workspace \ + --resource-group rg-laws-demo \ + --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "location": "eastus", + "name": "my-workspace", + "provisioningState": "Succeeded", + "resourceGroup": "rg-laws-demo", + "retentionInDays": 30, + "sku": { "name": "PerGB2018" }, + "type": "Microsoft.OperationalInsights/workspaces", + ... +} +``` + +### Retrieve workspace shared keys + +Retrieve the primary and secondary shared keys used to send logs directly to the workspace: + +```bash +az monitor log-analytics workspace get-shared-keys \ + --workspace-name my-workspace \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +{ + "primarySharedKey": "466ea8d8-cdb5-4cca-a1fc-52589bc6656f", + "secondarySharedKey": "92b87aac-a029-4c98-b992-4d36a52eb2a5" +} +``` + +### List workspaces + +List all Log Analytics workspaces in the resource group: + + +Then list all workspaces to confirm the resource group is now empty: + +```bash +az monitor log-analytics workspace list \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "location": "eastus", + "name": "my-workspace", + "provisioningState": "Succeeded", + "resourceGroup": "rg-laws-demo", + "type": "Microsoft.OperationalInsights/workspaces" + } +] +``` + +### Show a workspace + +Retrieve the full details of the workspace, including its unique customer ID: + +```bash +az monitor log-analytics workspace show \ + --workspace-name my-workspace \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-laws-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "location": "eastus", + "name": "my-workspace", + "provisioningState": "Succeeded", + "resourceGroup": "rg-laws-demo", + "retentionInDays": 30, + "sku": { "name": "PerGB2018" }, + "type": "Microsoft.OperationalInsights/workspaces" +... +} +``` + +### Query Activity Logs + +Activity Logs from within the emulator can be queried using the Azure Monitor Activity Log API: + +```bash +az monitor activity-log list \ + --resource-group rg-laws-demo \ + --output table +``` + +```bash title="Output" +Caller EventTimestamp Level OperationId ResourceGroup +-------------------------------------- -------------------------- ------- ------------------------------------- --------------- +00000000-0000-0000-0000-000000000000 2026-04-15T08:30:33.177... default bc6c4768-1af7-49a0-9088-00bb57ea5bb0 rg-laws-demo +... +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor log-analytics workspace delete \ + --workspace-name my-workspace \ + --resource-group rg-laws-demo \ + --yes +``` + + +Then list all workspaces to confirm the resource group is now empty: + +```bash +az monitor log-analytics workspace list \ + --resource-group rg-laws-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Workspace lifecycle:** Create, read, list, update, and delete Log Analytics Workspaces. +- **Shared key retrieval:** Retrieve primary and secondary shared keys via `get-shared-keys`. +- **SKU configuration:** Accept `PerGB2018`, `Free`, `Standard`, `Premium`, `PerNode`, and `Standalone` SKUs. +- **Retention configuration:** Configure log retention period in days. +- **Activity Logs:** Activity log events generated by LocalStack operations are fully emulated and queryable via the Activity Log API. + +## Limitations + +- **No log ingestion:** Data sent to the Log Analytics HTTP Data Collector API is not stored. +- **No KQL query execution:** Running `az monitor log-analytics query` is not supported. +- **No table or schema management:** Custom tables, table schemas, and retention policies per table are not managed. +- **No saved searches:** Saved queries and search functions are not supported. +- **No linked services:** Linking Automation accounts or Security Center to a workspace is not emulated. +- **No Azure Sentinel / Microsoft Defender:** Security information and event management (SIEM) features are not emulated. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Provisioning Log Analytics Workspaces linked to Diagnostic Settings and Data Collection Rules. + +## API Coverage + + diff --git a/src/content/docs/azure/services/metric-alert.mdx b/src/content/docs/azure/services/metric-alert.mdx new file mode 100644 index 00000000..8cfbc0de --- /dev/null +++ b/src/content/docs/azure/services/metric-alert.mdx @@ -0,0 +1,258 @@ +--- +title: "Metric Alert" +description: Get started with Azure Monitor Metric Alerts on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Metric Alerts trigger notifications when a monitored metric crosses a defined threshold. +They evaluate metric data at configurable intervals and route notifications through Action Groups when conditions are met. +Metric Alerts are commonly used to detect anomalies in CPU usage, memory pressure, request latency, and other resource metrics across Azure workloads. For more information, see [Overview of metric alerts in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-metric-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Metric Alerts. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Metric Alerts' integration with LocalStack. + +## Getting started + +This guide walks you through creating a metric alert rule referencing an action group. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-alert-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo", + "location": "eastus", + "name": "rg-alert-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create an action group + +Create an action group to use as the notification target for the metric alert: + +```bash +az monitor action-group create \ + --name my-ag \ + --resource-group rg-alert-demo \ + --short-name myag \ + --action email admin admin@example.com +``` + +```bash title="Output" +{ + "groupShortName": "myag", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/microsoft.insights/actionGroups/my-ag", + "name": "my-ag", + "resourceGroup": "rg-alert-demo", + "type": "Microsoft.Insights/ActionGroups" +... +} +``` + +### Create a metric alert + +The following alert fires when CPU percentage on a virtual machine exceeds 80%: + +```bash +SCOPE="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/Microsoft.Compute/virtualMachines/my-vm" +AG_ID="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/microsoft.insights/actionGroups/my-ag" + +az monitor metrics alert create \ + --name cpu-alert \ + --resource-group rg-alert-demo \ + --scopes "$SCOPE" \ + --condition "avg Percentage CPU > 80" \ + --action "$AG_ID" \ + --description "Alert when CPU > 80%" +``` + +```bash title="Output" +{ + "criteria": { + "allOf": [ + { + "criterionType": "StaticThresholdCriterion", + "metricName": "Percentage CPU", + "name": "cond0", + "operator": "GreaterThan", + "threshold": 80.0, + "timeAggregation": "Average" + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "description": "Alert when CPU > 80%", + "enabled": true, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/Microsoft.Insights/metricAlerts/cpu-alert", + "name": "cpu-alert", + "resourceGroup": "rg-alert-demo", + "severity": 2, + "type": "Microsoft.Insights/metricAlerts", + ... +} +``` + +### Show and list metric alerts + +Retrieve the details of the metric alert and list all alerts in the resource group: + +```bash +az monitor metrics alert show \ + --name cpu-alert \ + --resource-group rg-alert-demo +``` + +```bash title="Output" +{ + "criteria": { + "allOf": [ + { + "metricName": "Percentage CPU", + "operator": "GreaterThan", + "threshold": 80.0, + "timeAggregation": "Average", + ... + } + ], + "odata.type": "Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria" + }, + "description": "Alert when CPU > 80%", + "enabled": true, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/Microsoft.Insights/metricAlerts/cpu-alert", + "name": "cpu-alert", + "resourceGroup": "rg-alert-demo", + "severity": 2, + "type": "Microsoft.Insights/metricAlerts" +... +} +``` + + +Then list all metric alerts in the resource group: + +```bash +az monitor metrics alert list \ + --resource-group rg-alert-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/Microsoft.Insights/metricAlerts/cpu-alert", + "name": "cpu-alert", + "resourceGroup": "rg-alert-demo", + "severity": 2, + "type": "Microsoft.Insights/metricAlerts" + } +] +``` + +### Create an activity log alert + +Create an activity log alert that fires when a virtual machine is deleted in the resource group: + +```bash +az monitor activity-log alert create \ + --name service-health-alert \ + --resource-group rg-alert-demo \ + --scope "/subscriptions/00000000-0000-0000-0000-000000000000" \ + --condition category=ServiceHealth \ + --action-group "$AG_ID" +``` + +```bash title="Output" +{ + "actions": { + "actionGroups": [ + { + "actionGroupId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/microsoft.insights/actionGroups/my-ag" + } + ] + }, + "condition": { + "allOf": [ { "equals": "ServiceHealth", "field": "category" } ] + }, + "enabled": true, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-alert-demo/providers/Microsoft.Insights/activityLogAlerts/service-health-alert", + "name": "service-health-alert", + "resourceGroup": "rg-alert-demo", + "scopes": ["/subscriptions/00000000-0000-0000-0000-000000000000"], + "type": "Microsoft.Insights/ActivityLogAlerts" +... +} +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor metrics alert delete \ + --name cpu-alert \ + --resource-group rg-alert-demo +``` + + +Then list all metric alerts to confirm the resource group is now empty: + +```bash +az monitor metrics alert list --resource-group rg-alert-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Metric alert lifecycle:** Create, read, list, update, and delete metric alert rules. +- **Activity log alert lifecycle:** Create, read, list, and delete activity log alert rules. +- **Single and multi-resource scopes:** Define alerts scoped to a single resource or multiple resources. +- **Action group references:** Associate action groups with alert rules. +- **Dynamic threshold support:** Accept dynamic threshold criteria in the alert condition. +- **Severity configuration:** Set alert severity from 0 (Critical) to 4 (Verbose). +- **Auto-mitigation:** Configure whether alerts auto-resolve when the condition clears. +- **Frequency and window size:** Configure evaluation frequency and aggregation window size. + +## Limitations + +- **No alert evaluation:** Metric conditions are not evaluated against real or simulated metric data. Alerts never fire. +- **No state transitions:** Alert state (Fired, Resolved) is not tracked or updated. +- **No email or webhook dispatch:** Even if an alert were to fire, no notifications would be sent. +- **Metrics not ingested:** Metric data is not ingested, stored, or queryable from LocalStack. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Creating metric alert rules and activity log alerts for infrastructure monitoring. + +## API Coverage + + diff --git a/src/content/docs/azure/services/monitor.mdx b/src/content/docs/azure/services/monitor.mdx index 16d9958b..233fc3ce 100644 --- a/src/content/docs/azure/services/monitor.mdx +++ b/src/content/docs/azure/services/monitor.mdx @@ -155,6 +155,7 @@ az monitor diagnostic-settings create \ "metrics": [], "storageAccountId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-monitor-demo/providers/microsoft.Storage/storageAccounts/stmonitordoc79", "type": "microsoft.insights/diagnosticSettings" +... } ``` diff --git a/src/content/docs/azure/services/nat-gateway.mdx b/src/content/docs/azure/services/nat-gateway.mdx new file mode 100644 index 00000000..e6403a60 --- /dev/null +++ b/src/content/docs/azure/services/nat-gateway.mdx @@ -0,0 +1,324 @@ +--- +title: "NAT Gateway" +description: Get started with Azure NAT Gateway on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure NAT Gateway provides outbound connectivity for virtual machines and other resources in a virtual network. +It enables all resources in a subnet to share one or more static public IP addresses or public IP prefixes for outbound internet connections. +NAT Gateway is commonly used to give private workloads consistent and predictable outbound IP addresses without exposing individual resources to the internet. For more information, see [What is Azure NAT Gateway?](https://learn.microsoft.com/en-us/azure/nat-gateway/nat-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of NAT Gateway. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of NAT Gateway's integration with LocalStack. + +## Getting started + +This guide is designed for users new to NAT Gateway and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create \ + --name rg-nat-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-nat-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a public IP prefix + +NAT Gateway requires a public IP address or public IP prefix to route outbound traffic. Create a public IP prefix: + +```bash +az network public-ip prefix create \ + --name pip-prefix-nat \ + --resource-group rg-nat-demo \ + --location westeurope \ + --length 29 +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-nat", + "ipPrefix": "20.163.121.0/29", + "ipTags": [], + "location": "westeurope", + "name": "pip-prefix-nat", + "prefixLength": 29, + "provisioningState": "Succeeded", + "publicIPAddressVersion": "IPv4", + "resourceGroup": "rg-nat-demo", + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "type": "Microsoft.Network/publicIPPrefixes", + "zones": [] +... +} +``` + +### Create a NAT gateway + +Create a NAT gateway attached to the public IP prefix: + +```bash +az network nat gateway create \ + --name nat-gw-demo \ + --resource-group rg-nat-demo \ + --location westeurope \ + --public-ip-prefixes pip-prefix-nat \ + --idle-timeout 4 +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/natGateways/nat-gw-demo", + "idleTimeoutInMinutes": 4, + "location": "westeurope", + "name": "nat-gw-demo", + "provisioningState": "Succeeded", + "publicIpPrefixes": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-nat", + "resourceGroup": "rg-nat-demo" + } + ], + "resourceGroup": "rg-nat-demo", + "sku": { + "name": "Standard" + }, + "type": "Microsoft.Network/natGateways" +... +} +``` + +### Get and list NAT gateways + +Retrieve the details of the NAT gateway and list all NAT gateways in the resource group: + +```bash +az network nat gateway show \ + --name nat-gw-demo \ + --resource-group rg-nat-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/natGateways/nat-gw-demo", + "idleTimeoutInMinutes": 4, + "location": "westeurope", + "name": "nat-gw-demo", + "provisioningState": "Succeeded", + "publicIpPrefixes": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-nat", + "resourceGroup": "rg-nat-demo" + } + ], + "resourceGroup": "rg-nat-demo", + "sku": { + "name": "Standard" + }, + "type": "Microsoft.Network/natGateways" +... +} +``` + + +Then list all NAT gateways in the resource group: + +```bash +az network nat gateway list \ + --resource-group rg-nat-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/natGateways/nat-gw-demo", + "idleTimeoutInMinutes": 4, + "location": "westeurope", + "name": "nat-gw-demo", + "provisioningState": "Succeeded", + "publicIpPrefixes": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-nat", + "resourceGroup": "rg-nat-demo" + } + ], + "resourceGroup": "rg-nat-demo", + "sku": { + "name": "Standard" + }, + "type": "Microsoft.Network/natGateways" + } +] + +### Create a NAT gateway + +Create a NAT gateway attached to the public IP prefix: + +```bash +az network nat gateway create \ + --name nat-gw-demo \ + --resource-group rg-nat-demo \ + --location westeurope \ + --public-ip-prefixes pip-prefix-nat \ + --idle-timeout 4 +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/natGateways/nat-gw-demo", + "idleTimeoutInMinutes": 4, + "location": "westeurope", + "name": "nat-gw-demo", + "provisioningState": "Succeeded", + "publicIpPrefixes": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-nat", + "resourceGroup": "rg-nat-demo" + } + ], + "resourceGroup": "rg-nat-demo", + "sku": { + "name": "Standard" + }, + "type": "Microsoft.Network/natGateways" +... +} +``` + +### Get and list NAT gateways + +Retrieve the details of the NAT gateway and list all NAT gateways in the resource group: + +```bash +az network nat gateway show \ + --name nat-gw-demo \ + --resource-group rg-nat-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/natGateways/nat-gw-demo", + "idleTimeoutInMinutes": 4, + "location": "westeurope", + "name": "nat-gw-demo", + "provisioningState": "Succeeded", + "publicIpPrefixes": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-nat", + "resourceGroup": "rg-nat-demo" + } + ], + "resourceGroup": "rg-nat-demo", + "sku": { + "name": "Standard" + }, + "type": "Microsoft.Network/natGateways" +... +} +``` + + +Then list all NAT gateways in the resource group: + +```bash +az network nat gateway list \ + --resource-group rg-nat-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/natGateways/nat-gw-demo", + "idleTimeoutInMinutes": 4, + "location": "westeurope", + "name": "nat-gw-demo", + "provisioningState": "Succeeded", + "publicIpPrefixes": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nat-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-nat", + "resourceGroup": "rg-nat-demo" + } + ], + "resourceGroup": "rg-nat-demo", + "sku": { + "name": "Standard" + }, + "type": "Microsoft.Network/natGateways" + } +] +``` + +### Delete the NAT gateway + +Delete the NAT gateway and verify it no longer appears in the list: + +```bash +az network nat gateway delete \ + --name nat-gw-demo \ + --resource-group rg-nat-demo +``` + +## Features + +The NAT Gateway emulator supports the following features: + +- **Create and manage NAT gateways**: Full lifecycle management including create, get, update, list, and delete. +- **Public IP and prefix associations**: Attach public IP addresses or public IP prefixes to a NAT gateway at creation or update time. +- **Idle timeout configuration**: Set the TCP idle timeout (in minutes) for outbound connections. +- **Tags**: Apply and update resource tags on NAT Gateway resources. +- **Subscription-scoped listing**: List all NAT gateways across a subscription using `az network nat gateway list`. + +## Limitations + +- **No outbound traffic routing**: NAT Gateway is a mock implementation. State is persisted in memory and returned faithfully, but no outbound network traffic is routed through the gateway. +- **No data persistence**: NAT Gateway resources are not persisted and are lost when the emulator is stopped or restarted. +- **No subnet association enforcement**: Associating a NAT gateway with a subnet is accepted but not enforced at the network level. + +## Samples + +The following samples demonstrate how to use NAT Gateway with LocalStack for Azure: + +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/network-interface.mdx b/src/content/docs/azure/services/network-interface.mdx new file mode 100644 index 00000000..fa230491 --- /dev/null +++ b/src/content/docs/azure/services/network-interface.mdx @@ -0,0 +1,308 @@ +--- +title: "Network Interface" +description: Get started with Azure Network Interface on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Network Interface (NIC) is the interconnection between a virtual machine and a virtual network. +A NIC enables an Azure VM to communicate with the internet, Azure, and on-premises resources. +Each NIC can have one or more IP configurations, an associated subnet, optional network security group (NSG), and optional public IP address. For more information, see [Network interfaces](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Network Interfaces. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Network Interface's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Network Interfaces and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group and virtual network + +A network interface must be associated with a subnet. Create the prerequisite resources first: + +```bash +az group create \ + --name rg-nic-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-nic-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + + +Create a virtual network for the network interfaces: + +```bash +az network vnet create \ + --name vnet-nic-demo \ + --resource-group rg-nic-demo \ + --location westeurope \ + --address-prefixes 10.0.0.0/16 +``` + +```bash title="Output" +{ + "newVNet": { + "addressSpace": { + "addressPrefixes": [ + "10.0.0.0/16" + ] + }, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/virtualNetworks/vnet-nic-demo", + "location": "westeurope", + "name": "vnet-nic-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-nic-demo", + "subnets": [], + "type": "Microsoft.Network/virtualNetworks", + ... + } +} +``` + + +Create a subnet within the virtual network to attach the NICs to: + +```bash +az network vnet subnet create \ + --name subnet-nic \ + --resource-group rg-nic-demo \ + --vnet-name vnet-nic-demo \ + --address-prefixes 10.0.1.0/24 +``` + +```bash title="Output" +{ + "addressPrefix": "10.0.1.0/24", + "delegations": [], + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/virtualNetworks/vnet-nic-demo/subnets/subnet-nic", + "name": "subnet-nic", + "privateEndpointNetworkPolicies": "Disabled", + "privateLinkServiceNetworkPolicies": "Enabled", + "provisioningState": "Succeeded", + "resourceGroup": "rg-nic-demo", + "type": "Microsoft.Network/virtualNetworks/subnets" +... +} +``` + +### Create a network interface + +Create a NIC attached to the subnet: + +```bash +az network nic create \ + --name nic-demo \ + --resource-group rg-nic-demo \ + --location westeurope \ + --vnet-name vnet-nic-demo \ + --subnet subnet-nic +``` + +```bash title="Output" +{ + "NewNIC": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/networkInterfaces/nic-demo", + "ipConfigurations": [ + { + "name": "ipconfig1", + "primary": true, + "privateIPAddressVersion": "IPV4", + "privateIPAllocationMethod": "Dynamic", + "provisioningState": "Succeeded", + "subnet": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/virtualNetworks/vnet-nic-demo/subnets/subnet-nic", + "resourceGroup": "rg-nic-demo" + }, + ... + } + ], + "location": "westeurope", + "name": "nic-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-nic-demo", + "type": "Microsoft.Network/networkInterfaces", + ... + } +} +``` + +### Create a NIC with a static private IP + +Create a second network interface and assign a static private IP address from the subnet: + +```bash +az network nic create \ + --name nic-static \ + --resource-group rg-nic-demo \ + --location westeurope \ + --vnet-name vnet-nic-demo \ + --subnet subnet-nic \ + --private-ip-address 10.0.1.10 +``` + +```bash title="Output" +{ + "NewNIC": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/networkInterfaces/nic-static", + "ipConfigurations": [ + { + "name": "ipconfig1", + "primary": true, + "privateIPAddress": "10.0.1.10", + "privateIPAddressVersion": "IPV4", + "privateIPAllocationMethod": "Static", + "provisioningState": "Succeeded", + "subnet": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/virtualNetworks/vnet-nic-demo/subnets/subnet-nic", + "resourceGroup": "rg-nic-demo" + }, + ... + } + ], + "location": "westeurope", + "name": "nic-static", + "provisioningState": "Succeeded", + "resourceGroup": "rg-nic-demo", + "type": "Microsoft.Network/networkInterfaces", + ... + } +} +``` + +### Get and list network interfaces + +Retrieve the details of a network interface and list all NICs in the resource group: + +```bash +az network nic show \ + --name nic-demo \ + --resource-group rg-nic-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/networkInterfaces/nic-demo", + "ipConfigurations": [ + { + "name": "ipconfig1", + "primary": true, + "privateIPAddressVersion": "IPV4", + "privateIPAllocationMethod": "Dynamic", + "provisioningState": "Succeeded", + "subnet": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/virtualNetworks/vnet-nic-demo/subnets/subnet-nic", + "resourceGroup": "rg-nic-demo" + }, + ... + } + ], + "location": "westeurope", + "name": "nic-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-nic-demo", + "type": "Microsoft.Network/networkInterfaces", + ... +} +``` + + +Then list all network interfaces in the resource group: + +```bash +az network nic list \ + --resource-group rg-nic-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/networkInterfaces/nic-demo", + "ipConfigurations": [ { "name": "ipconfig1", "privateIPAllocationMethod": "Dynamic", ... } ], + "location": "westeurope", + "name": "nic-demo", + "provisioningState": "Succeeded", + "type": "Microsoft.Network/networkInterfaces", + ... + }, + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-nic-demo/providers/Microsoft.Network/networkInterfaces/nic-static", + "ipConfigurations": [ { "name": "ipconfig1", "privateIPAddress": "10.0.1.10", "privateIPAllocationMethod": "Static", ... } ], + "location": "westeurope", + "name": "nic-static", + "provisioningState": "Succeeded", + "type": "Microsoft.Network/networkInterfaces", + ... + } +] +``` + +### Delete a network interface + +Delete the network interface and verify it no longer appears in the list: + +```bash +az network nic delete \ + --name nic-demo \ + --resource-group rg-nic-demo +``` + +## Features + +The Network Interface emulator supports the following features: + +- **Create and manage NICs**: Full lifecycle management including create, get, update, list, and delete. +- **Dynamic IP allocation**: Automatically assigns a private IP address from the associated subnet address space. +- **Static IP configuration**: Assign a fixed private IP address from the subnet range. +- **Public IP association**: Attach a public IP address resource to a NIC IP configuration. +- **NSG association**: Associate a network security group with a NIC. +- **IP forwarding**: Configure IP forwarding on the NIC for routing scenarios. +- **Accelerated networking**: Store and return the `enableAcceleratedNetworking` flag. +- **Tags**: Apply and update resource tags. +- **Subscription-scoped listing**: List all NICs across a subscription. + +## Limitations + +- **No actual networking**: Network Interface is a mock implementation. State is persisted in memory and returned faithfully, but no network packets are routed through the interface. +- **No VM attachment enforcement**: Associating a NIC with a virtual machine is accepted but VM resources are not implemented. +- **No data persistence**: NIC resources are not persisted and are lost when the emulator is stopped or restarted. + +## Samples + +The following samples demonstrate how to use Network Interfaces with LocalStack for Azure: + +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/network.mdx b/src/content/docs/azure/services/network.mdx deleted file mode 100644 index 7d1905cd..00000000 --- a/src/content/docs/azure/services/network.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Network" -description: API coverage for Microsoft.Network in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/operational-insights.mdx b/src/content/docs/azure/services/operational-insights.mdx deleted file mode 100644 index 00759fa1..00000000 --- a/src/content/docs/azure/services/operational-insights.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Operational Insights" -description: API coverage for Microsoft.OperationalInsights in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/private-dns-zone.mdx b/src/content/docs/azure/services/private-dns-zone.mdx new file mode 100644 index 00000000..9c0f51ba --- /dev/null +++ b/src/content/docs/azure/services/private-dns-zone.mdx @@ -0,0 +1,334 @@ +--- +title: "Private DNS Zone" +description: Get started with Azure Private DNS Zone on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Private DNS Zone provides a reliable and secure DNS service to manage and resolve domain names in a virtual network without the need to add a custom DNS solution. +Private DNS zones allow you to use your own custom domain names instead of the Azure-provided names, and to resolve DNS names across linked virtual networks. +They are commonly paired with Private Endpoints to enable name resolution for privately-accessed PaaS services within a virtual network. For more information, see [What is an Azure Private DNS Zone?](https://learn.microsoft.com/en-us/azure/dns/private-dns-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Private DNS Zones. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Private DNS Zone's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Private DNS Zone and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group and virtual network + +Create a resource group and a virtual network to link to the private DNS zone: + +```bash +az group create \ + --name rg-dns-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-dns-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + + +Create a virtual network to link to the private DNS zone: + +```bash +az network vnet create \ + --name vnet-dns-demo \ + --resource-group rg-dns-demo \ + --location westeurope \ + --address-prefixes 10.0.0.0/16 +``` + +```bash title="Output" +{ + "newVNet": { + "addressSpace": { "addressPrefixes": [ "10.0.0.0/16" ] }, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/virtualNetworks/vnet-dns-demo", + "location": "westeurope", + "name": "vnet-dns-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-dns-demo", + "subnets": [], + "type": "Microsoft.Network/virtualNetworks", + ... + } +} +``` + +### Create a private DNS zone + +Create a private DNS zone and link it to the virtual network for internal name resolution: + + +Create a DNS zone in the second resource group to demonstrate cleanup: + +```bash +az network private-dns zone create \ + --name privatelink.blob.core.windows.net \ + --resource-group rg-dns-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net", + "location": "global", + "name": "privatelink.blob.core.windows.net", + "numberOfRecordSets": 1, + "numberOfVirtualNetworkLinks": 0, + "provisioningState": "Succeeded", + "resourceGroup": "rg-dns-demo", + "type": "Microsoft.Network/privateDnsZones" +... +} +``` + +### Link the DNS zone to a virtual network + +Create a virtual network link to enable DNS resolution from the linked VNet: + +```bash +VNET_ID=$(az network vnet show \ + --name vnet-dns-demo \ + --resource-group rg-dns-demo \ + --query id \ + --output tsv) + +az network private-dns link vnet create \ + --name link-to-vnet-dns-demo \ + --resource-group rg-dns-demo \ + --zone-name privatelink.blob.core.windows.net \ + --virtual-network "$VNET_ID" \ + --registration-enabled false +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/link-to-vnet-dns-demo", + "location": "global", + "name": "link-to-vnet-dns-demo", + "provisioningState": "Succeeded", + "registrationEnabled": false, + "resourceGroup": "rg-dns-demo", + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "virtualNetwork": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/virtualNetworks/vnet-dns-demo" + }, + "virtualNetworkLinkState": "Completed" +... +} +``` + +### Show and list DNS zones + +Retrieve the details of the DNS zone and list all private DNS zones in the resource group: + +```bash +az network private-dns zone show \ + --name privatelink.blob.core.windows.net \ + --resource-group rg-dns-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net", + "location": "global", + "name": "privatelink.blob.core.windows.net", + "numberOfRecordSets": 1, + "numberOfVirtualNetworkLinks": 1, + "provisioningState": "Succeeded", + "resourceGroup": "rg-dns-demo", + "type": "Microsoft.Network/privateDnsZones" +... +} +``` + + +Then list all private DNS zones in the resource group: + +```bash +az network private-dns zone list \ + --resource-group rg-dns-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net", + "location": "global", + "name": "privatelink.blob.core.windows.net", + "numberOfRecordSets": 1, + "numberOfVirtualNetworkLinks": 1, + "provisioningState": "Succeeded", + "resourceGroup": "rg-dns-demo", + "type": "Microsoft.Network/privateDnsZones" + } +] +``` + +### Show and list virtual network links + +Retrieve the details of the virtual network link and list all links for the zone: + +```bash +az network private-dns link vnet show \ + --name link-to-vnet-dns-demo \ + --resource-group rg-dns-demo \ + --zone-name privatelink.blob.core.windows.net +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/link-to-vnet-dns-demo", + "location": "global", + "name": "link-to-vnet-dns-demo", + "provisioningState": "Succeeded", + "registrationEnabled": false, + "resourceGroup": "rg-dns-demo", + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "virtualNetwork": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/virtualNetworks/vnet-dns-demo" + }, + "virtualNetworkLinkState": "Completed" +... +} +``` + + +Then list all virtual network links for the zone: + +```bash +az network private-dns link vnet list \ + --resource-group rg-dns-demo \ + --zone-name privatelink.blob.core.windows.net +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net/virtualNetworkLinks/link-to-vnet-dns-demo", + "location": "global", + "name": "link-to-vnet-dns-demo", + "provisioningState": "Succeeded", + "registrationEnabled": false, + "resourceGroup": "rg-dns-demo", + "type": "Microsoft.Network/privateDnsZones/virtualNetworkLinks", + "virtualNetwork": { "id": "...vnet-dns-demo...", "resourceGroup": "rg-dns-demo" }, + "virtualNetworkLinkState": "Completed" + } +] +``` + +### Create the same zone name across different resource groups + +Private DNS zones with the same name can coexist in different resource groups: + +```bash +az group create \ + --name rg-dns-demo-2 \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo-2", + "location": "westeurope", + "name": "rg-dns-demo-2", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + + +Create a DNS zone in the second resource group to demonstrate cleanup: + +```bash +az network private-dns zone create \ + --name privatelink.blob.core.windows.net \ + --resource-group rg-dns-demo-2 +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-dns-demo-2/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net", + "location": "global", + "name": "privatelink.blob.core.windows.net", + "provisioningState": "Succeeded", + "resourceGroup": "rg-dns-demo-2", + "type": "Microsoft.Network/privateDnsZones" +... +} +``` + +### Delete a virtual network link and DNS zone + +Delete the virtual network link first, then delete the DNS zone: + +```bash +az network private-dns link vnet delete \ + --name link-to-vnet-dns-demo \ + --resource-group rg-dns-demo \ + --zone-name privatelink.blob.core.windows.net + +az network private-dns zone delete \ + --name privatelink.blob.core.windows.net \ + --resource-group rg-dns-demo +``` + +## Features + +The Private DNS Zone emulator supports the following features: + +- **Create and manage private DNS zones**: Full lifecycle management including create, get, list, and delete. +- **Virtual network links**: Create, get, list, and delete virtual network links that associate a DNS zone with a virtual network. +- **Auto-registration**: Store and return the `registrationEnabled` flag on virtual network links. +- **Zone isolation by resource group**: The same DNS zone name can exist independently in multiple resource groups. +- **Tags**: Apply and update resource tags on private DNS zone resources. +- **Cross-virtual-network support**: Link a single DNS zone to multiple virtual networks. + +## Limitations + +- **No DNS resolution**: Private DNS Zone is a mock implementation. DNS queries are not resolved using the zone's records; no actual DNS lookup behavior is simulated. +- **No record set management**: Creating DNS records (A, AAAA, CNAME, etc.) within a private DNS zone is not currently supported. +- **No auto-registration**: The `registrationEnabled` flag is stored and returned, but no automatic DNS record registration from linked VMs is performed. +- **No data persistence**: Private DNS zone resources are not persisted and are lost when the emulator is stopped or restarted. + +## Samples + +The following samples demonstrate how to use Private DNS Zones with LocalStack for Azure: + +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/private-endpoint.mdx b/src/content/docs/azure/services/private-endpoint.mdx new file mode 100644 index 00000000..f4c2b332 --- /dev/null +++ b/src/content/docs/azure/services/private-endpoint.mdx @@ -0,0 +1,391 @@ +--- +title: "Private Endpoint" +description: Get started with Azure Private Endpoint on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. +Private endpoints use a private IP address from your virtual network, effectively bringing the service into your virtual network and eliminating exposure to the public internet. +They are commonly used to access Azure PaaS services, such as Storage or Cosmos DB, from within a private network without internet connectivity. For more information, see [What is Azure Private Endpoint?](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Private Endpoints. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Private Endpoint's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Private Endpoint and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group, virtual network, and subnet + +Private endpoints are assigned a private IP from a subnet. Create the prerequisites first: + +```bash +az group create \ + --name rg-pe-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-pe-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + + +Create a virtual network for the private endpoint: + +```bash +az network vnet create \ + --name vnet-pe-demo \ + --resource-group rg-pe-demo \ + --location westeurope \ + --address-prefixes 10.0.0.0/16 +``` + +```bash title="Output" +{ + "newVNet": { + "addressSpace": { "addressPrefixes": [ "10.0.0.0/16" ] }, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/virtualNetworks/vnet-pe-demo", + "location": "westeurope", + "name": "vnet-pe-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo", + "subnets": [], + "type": "Microsoft.Network/virtualNetworks", + ... + } +} +``` + + +Create a subnet within the virtual network to host the private endpoint: + +```bash +az network vnet subnet create \ + --name subnet-pe \ + --resource-group rg-pe-demo \ + --vnet-name vnet-pe-demo \ + --address-prefixes 10.0.1.0/24 +``` + +```bash title="Output" +{ + "addressPrefix": "10.0.1.0/24", + "delegations": [], + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/virtualNetworks/vnet-pe-demo/subnets/subnet-pe", + "name": "subnet-pe", + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo", + "type": "Microsoft.Network/virtualNetworks/subnets" +... +} +``` + +### Create a storage account (target resource) + +Private endpoints connect to a specific Azure resource. Create a storage account as the target: + +```bash +az storage account create \ + --name stpedemo \ + --resource-group rg-pe-demo \ + --location westeurope \ + --sku Standard_LRS +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Storage/storageAccounts/stpedemo", + "kind": "StorageV2", + "location": "westeurope", + "name": "stpedemo", + "primaryEndpoints": { + "blob": "https://stpedemo.blob.core.azure.localhost.localstack.cloud:4566", + "file": "https://stpedemo.file.core.azure.localhost.localstack.cloud:4566", + "queue": "https://stpedemo.queue.core.azure.localhost.localstack.cloud:4566", + "table": "https://stpedemo.table.core.azure.localhost.localstack.cloud:4566", + ... + }, + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo", + "sku": { "name": "Standard_LRS", "tier": "Standard" }, + "type": "Microsoft.Storage/storageAccounts", + ... +} +``` + +### Create a private endpoint + +Retrieve the storage account resource ID and create a private endpoint targeting the blob sub-resource: + +```bash +STORAGE_ID=$(az storage account show \ + --name stpedemo \ + --resource-group rg-pe-demo \ + --query id \ + --output tsv) + +az network private-endpoint create \ + --name pe-storage-blob \ + --resource-group rg-pe-demo \ + --location westeurope \ + --vnet-name vnet-pe-demo \ + --subnet subnet-pe \ + --private-connection-resource-id "$STORAGE_ID" \ + --group-id blob \ + --connection-name stpedemo-blob-connection +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateEndpoints/pe-storage-blob", + "location": "westeurope", + "name": "pe-storage-blob", + "networkInterfaces": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/networkInterfaces/pe-storage-blob.nic.8388c53a-14fc-4a02-a517-5e462aab03be", + "resourceGroup": "rg-pe-demo" + } + ], + "privateLinkServiceConnections": [ + { + "groupIds": [ "blob" ], + "name": "stpedemo-blob-connection", + "privateLinkServiceConnectionState": { + "actionsRequired": "None", + "description": "Auto-Approved", + "status": "Approved" + }, + "privateLinkServiceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Storage/storageAccounts/stpedemo", + "provisioningState": "Succeeded" + } + ], + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo", + "subnet": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/virtualNetworks/vnet-pe-demo/subnets/subnet-pe" + }, + "type": "Microsoft.Network/privateEndpoints" +... +} +``` + +### Configure a private DNS zone group + +Link the private endpoint to a private DNS zone for name resolution: + +```bash +az network private-dns zone create \ + --name privatelink.blob.core.windows.net \ + --resource-group rg-pe-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net", + "location": "global", + "name": "privatelink.blob.core.windows.net", + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo", + "type": "Microsoft.Network/privateDnsZones" +... +} +``` + + +Create a DNS zone group to associate the private DNS zone with the private endpoint: + +```bash +az network private-endpoint dns-zone-group create \ + --name dns-zone-group-blob \ + --resource-group rg-pe-demo \ + --endpoint-name pe-storage-blob \ + --private-dns-zone privatelink.blob.core.windows.net \ + --zone-name blob-zone +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateEndpoints/pe-storage-blob/privateDnsZoneGroups/dns-zone-group-blob", + "name": "dns-zone-group-blob", + "privateDnsZoneConfigs": [ + { + "name": "blob-zone", + "privateDnsZoneId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net", + "recordSets": [ + { + "fqdn": "stpedemo.privatelink.blob.core.windows.net", + "ipAddresses": [ "10.0.1.4" ], + "provisioningState": "Succeeded", + "recordSetName": "stpedemo", + "recordType": "A", + "ttl": 10 + } + ] + } + ], + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo" +} +``` + +### Show and list private endpoints + +Retrieve the details of the private endpoint and list all endpoints in the resource group: + +```bash +az network private-endpoint show \ + --name pe-storage-blob \ + --resource-group rg-pe-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateEndpoints/pe-storage-blob", + "location": "westeurope", + "name": "pe-storage-blob", + "privateLinkServiceConnections": [ + { + "groupIds": [ "blob" ], + "name": "stpedemo-blob-connection", + "privateLinkServiceConnectionState": { "status": "Approved", ... }, + "privateLinkServiceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Storage/storageAccounts/stpedemo", + "provisioningState": "Succeeded" + } + ], + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo", + "type": "Microsoft.Network/privateEndpoints" +... +} +``` + + +Then list all private endpoints in the resource group: + +```bash +az network private-endpoint list \ + --resource-group rg-pe-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateEndpoints/pe-storage-blob", + "location": "westeurope", + "name": "pe-storage-blob", + "privateLinkServiceConnections": [ { "groupIds": [ "blob" ], "name": "stpedemo-blob-connection", ... } ], + "provisioningState": "Succeeded", + "resourceGroup": "rg-pe-demo", + "type": "Microsoft.Network/privateEndpoints", + ... + } +] +``` + +### List DNS zone groups + +List the DNS zone groups associated with the private endpoint: + +```bash +az network private-endpoint dns-zone-group list \ + --resource-group rg-pe-demo \ + --endpoint-name pe-storage-blob +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateEndpoints/pe-storage-blob/privateDnsZoneGroups/dns-zone-group-blob", + "name": "dns-zone-group-blob", + "privateDnsZoneConfigs": [ + { + "name": "blob-zone", + "privateDnsZoneId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pe-demo/providers/Microsoft.Network/privateDnsZones/privatelink.blob.core.windows.net", + "recordSets": [ + { "fqdn": "stpedemo.privatelink.blob.core.windows.net", "ipAddresses": [ "10.0.1.4" ], "recordType": "A", ... } + ] + } + ], + "provisioningState": "Succeeded" + } +] +``` + +### Delete a private endpoint + +Delete the private endpoint and verify it no longer appears in the list: + +```bash +az network private-endpoint delete \ + --name pe-storage-blob \ + --resource-group rg-pe-demo +``` +``` + +### Delete a private endpoint + +Delete the private endpoint and verify it no longer appears in the list: + +```bash +az network private-endpoint delete \ + --name pe-storage-blob \ + --resource-group rg-pe-demo +``` + +## Features + +The Private Endpoint emulator supports the following features: + +- **Create and manage private endpoints**: Full lifecycle management including create, get, update, list, and delete. +- **Private Link service connections**: Store and return `privateLinkServiceConnections` with group IDs and connection names. +- **DNS zone group management**: Create, get, list, and delete private DNS zone groups for a private endpoint. +- **Group IDs**: Support for any service group ID (e.g., `blob`, `file`, `queue`, `table`, `sqlServer`). +- **Resource group-scoped listing**: List all private endpoints in a resource group. +- **Tags**: Apply and update resource tags on private endpoint resources. + +## Limitations + +- **No private DNS resolution**: Private Endpoint is a mock implementation. DNS names are not automatically registered in private DNS zones. +- **No private IP assignment enforcement**: A private IP is stored but no actual address is reserved from the subnet range. +- **No target service connectivity**: The emulator does not verify that the target resource or connection is valid. +- **No data persistence**: Private endpoint resources are not persisted and are lost when the emulator is stopped or restarted. + +## Samples + +The following samples demonstrate how to use Private Endpoints with LocalStack for Azure: + +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/public-ip-address.mdx b/src/content/docs/azure/services/public-ip-address.mdx new file mode 100644 index 00000000..742063ea --- /dev/null +++ b/src/content/docs/azure/services/public-ip-address.mdx @@ -0,0 +1,206 @@ +--- +title: "Public IP Address" +description: Get started with Azure Public IP Address on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Public IP Address is a resource that provides a static or dynamic IP address reachable from the internet. +Public IP addresses are assigned to Azure resources such as virtual machines, load balancers, application gateways, VPN gateways, and bastion hosts. +They are commonly used when resources need to accept inbound internet connections or require a stable outbound identity. For more information, see [Public IP addresses](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Public IP Addresses. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Public IP Address's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Public IP Addresses and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create \ + --name rg-pip-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-pip-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a public IP address + +Create a static Standard SKU public IP address: + +```bash +az network public-ip create \ + --name pip-demo \ + --resource-group rg-pip-demo \ + --location westeurope \ + --sku Standard \ + --allocation-method Static +``` + +```bash title="Output" +{ + "publicIp": { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-demo/providers/Microsoft.Network/publicIPAddresses/pip-demo", + "idleTimeoutInMinutes": 4, + "ipAddress": "20.115.40.220", + "location": "westeurope", + "name": "pip-demo", + "provisioningState": "Succeeded", + "publicIPAddressVersion": "IPv4", + "publicIPAllocationMethod": "Static", + "resourceGroup": "rg-pip-demo", + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "type": "Microsoft.Network/publicIPAddresses", + ... + } +} +``` + +### Get and list public IP addresses + +Retrieve the details of the public IP address and list all public IPs in the resource group: + +```bash +az network public-ip show \ + --name pip-demo \ + --resource-group rg-pip-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-demo/providers/Microsoft.Network/publicIPAddresses/pip-demo", + "idleTimeoutInMinutes": 4, + "ipAddress": "20.115.40.220", + "location": "westeurope", + "name": "pip-demo", + "provisioningState": "Succeeded", + "publicIPAddressVersion": "IPv4", + "publicIPAllocationMethod": "Static", + "resourceGroup": "rg-pip-demo", + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "type": "Microsoft.Network/publicIPAddresses", + ... +} +``` + + +Then list all public IP addresses in the resource group: + +```bash +az network public-ip list \ + --resource-group rg-pip-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-demo/providers/Microsoft.Network/publicIPAddresses/pip-demo", + "ipAddress": "20.115.40.220", + "location": "westeurope", + "name": "pip-demo", + "provisioningState": "Succeeded", + "publicIPAllocationMethod": "Static", + "sku": { "name": "Standard", "tier": "Regional" }, + "type": "Microsoft.Network/publicIPAddresses", + ... + } +] +``` + +### List all public IPs in a subscription + +List every public IP address across the entire subscription: + + +Then list all public IP addresses in the resource group: + +```bash +az network public-ip list \ + --output table +``` + +```bash title="Output" +Name ResourceGroup Location Zones Address IdleTimeoutInMinutes ProvisioningState +-------- --------------- ---------- ------- ------------- ---------------------- ------------------- +pip-demo rg-pip-demo westeurope 20.115.40.220 4 Succeeded +``` + +### Delete the public IP address + +Delete the public IP address and verify it no longer appears in the list: + +```bash +az network public-ip delete \ + --name pip-demo \ + --resource-group rg-pip-demo +``` + +## Features + +The Public IP Address emulator supports the following features: + +- **Create and manage public IPs**: Full lifecycle management including create, get, update, list, and delete. +- **Static and dynamic allocation**: Configure `Static` or `Dynamic` IP allocation methods. +- **SKU tiers**: Support for `Basic` and `Standard` SKUs. +- **IPv4 and IPv6**: Store and return the IP address version. +- **DNS name labels**: Associate a DNS name label with a public IP. +- **Tags**: Apply and update resource tags on public IP address resources. +- **Resource group and subscription-scoped listing**: List public IPs scoped to a resource group or across the entire subscription. +- **Zone configuration**: Record and return availability zone assignments. + +## Limitations + +- **No real IP allocation**: Public IP Address is a mock implementation. No actual IP addresses are allocated from Azure's public IP pools, and no public internet connectivity is provided. +- **Allocation method not enforced**: Dynamic and Static allocation methods are stored and returned, but no real IP assignment behavior is simulated. +- **No data persistence**: Public IP address resources are not persisted and are lost when the emulator is stopped or restarted. + +## Samples + +The following samples demonstrate how to use Public IP Addresses with LocalStack for Azure: + +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/public-ip-prefix.mdx b/src/content/docs/azure/services/public-ip-prefix.mdx new file mode 100644 index 00000000..1aabdb56 --- /dev/null +++ b/src/content/docs/azure/services/public-ip-prefix.mdx @@ -0,0 +1,187 @@ +--- +title: "Public IP Prefix" +description: Get started with Azure Public IP Prefix on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Public IP Prefix is a contiguous range of Standard SKU static public IP addresses. +When you create a public IP address from a prefix, the address is guaranteed to stay within the prefix range, making it useful for allow-listing IP ranges in external firewalls. +Public IP Prefixes are commonly used with NAT Gateway to provide predictable outbound IP addresses for entire subnets. For more information, see [Public IP address prefixes](https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-address-prefix). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Public IP Prefixes. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Public IP Prefix's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Public IP Prefixes and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create \ + --name rg-pip-prefix-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-prefix-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-pip-prefix-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a public IP prefix + +Create a /29 public IP prefix (8 IP addresses): + +```bash +az network public-ip prefix create \ + --name pip-prefix-demo \ + --resource-group rg-pip-prefix-demo \ + --location westeurope \ + --length 29 +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-prefix-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-demo", + "ipPrefix": "20.184.13.0/29", + "ipTags": [], + "location": "westeurope", + "name": "pip-prefix-demo", + "prefixLength": 29, + "provisioningState": "Succeeded", + "publicIPAddressVersion": "IPv4", + "resourceGroup": "rg-pip-prefix-demo", + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "type": "Microsoft.Network/publicIPPrefixes", + "zones": [] +... +} +``` + +### Get and list public IP prefixes + +Retrieve the details of the public IP prefix and list all prefixes in the resource group: + +```bash +az network public-ip prefix show \ + --name pip-prefix-demo \ + --resource-group rg-pip-prefix-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-prefix-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-demo", + "ipPrefix": "20.184.13.0/29", + "ipTags": [], + "location": "westeurope", + "name": "pip-prefix-demo", + "prefixLength": 29, + "provisioningState": "Succeeded", + "publicIPAddressVersion": "IPv4", + "resourceGroup": "rg-pip-prefix-demo", + "sku": { + "name": "Standard", + "tier": "Regional" + }, + "type": "Microsoft.Network/publicIPPrefixes", + "zones": [] +... +} +``` + + +Then list all public IP prefixes in the resource group: + +```bash +az network public-ip prefix list \ + --resource-group rg-pip-prefix-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-pip-prefix-demo/providers/Microsoft.Network/publicIPPrefixes/pip-prefix-demo", + "ipPrefix": "20.184.13.0/29", + "ipTags": [], + "location": "westeurope", + "name": "pip-prefix-demo", + "prefixLength": 29, + "provisioningState": "Succeeded", + "publicIPAddressVersion": "IPv4", + "resourceGroup": "rg-pip-prefix-demo", + "sku": { "name": "Standard", "tier": "Regional" }, + "type": "Microsoft.Network/publicIPPrefixes", + "zones": [] + } +] +``` + +### Delete the public IP prefix + +Delete the public IP prefix and verify it no longer appears in the list: + +```bash +az network public-ip prefix delete \ + --name pip-prefix-demo \ + --resource-group rg-pip-prefix-demo +``` + +## Features + +The Public IP Prefix emulator supports the following features: + +- **Create and manage prefixes**: Full lifecycle management including create, get, update, list, and delete. +- **Configurable prefix length**: Set any prefix length from /28 to /31 to define the size of the IP range. +- **Tags**: Apply and update resource tags on public IP prefix resources. +- **Subscription-scoped listing**: List all public IP prefixes across a subscription. +- **Multiple prefix lengths**: Create prefixes of different lengths within the same resource group. + +## Limitations + +- **No real IP range allocation**: Public IP Prefix is a mock implementation. No actual IP address ranges are allocated from Azure's public IP pools, and no public internet connectivity is provided. +- **No IP address derivation**: Creating individual public IP addresses from a prefix is not enforced; both resources are stored independently. +- **No data persistence**: Public IP prefix resources are not persisted and are lost when the emulator is stopped or restarted. + +## Samples + +The following samples demonstrate how to use Public IP Prefixes with LocalStack for Azure: + +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/role-assignment.mdx b/src/content/docs/azure/services/role-assignment.mdx new file mode 100644 index 00000000..816a85fa --- /dev/null +++ b/src/content/docs/azure/services/role-assignment.mdx @@ -0,0 +1,189 @@ +--- +title: "Role Assignment" +description: Get started with Azure Role Assignments on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Role Assignments grant an identity (user, group, or service principal) the permissions defined by a role definition at a specific scope. +Together with Role Definitions, Role Assignments form the foundation of Azure RBAC. +They are commonly used to grant managed identities access to storage accounts, key vaults, and other Azure resources in infrastructure automation scenarios. For more information, see [Assign Azure roles using the Azure CLI](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Role Assignments. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Role Assignments' integration with LocalStack. + +## Getting started + +This guide walks you through assigning a built-in role to a managed identity, listing assignments, and removing the assignment. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-rbac-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rbac-demo", + "location": "eastus", + "name": "rg-rbac-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a user-assigned managed identity + +Create a user-assigned managed identity to use as the role assignee: + +```bash +az identity create \ + --name my-identity \ + --resource-group rg-rbac-demo +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rbac-demo/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-identity", + "name": "my-identity", + "principalId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "resourceGroup": "rg-rbac-demo", + "tenantId": "00000000-0000-0000-0000-000000000000", + "type": "Microsoft.ManagedIdentity/userAssignedIdentities" +... +} +``` + +Capture the identity's principal ID: + +```bash +PRINCIPAL_ID=$(az identity show \ + --name my-identity \ + --resource-group rg-rbac-demo \ + --query principalId \ + --output tsv) +``` + +### Assign a built-in role + +Assign the `Contributor` role to the identity at the resource group scope: + +```bash +az role assignment create \ + --assignee "$PRINCIPAL_ID" \ + --role Contributor \ + --scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rbac-demo" +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "principalId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "principalType": "ServicePrincipal", + "roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rbac-demo", + "type": "Microsoft.Authorization/roleAssignments" +... +} +``` + +### List role assignments + +List all role assignments scoped to the resource group: + +```bash +az role assignment list \ + --scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rbac-demo" +``` + +### Filter by assignee + +Filter the role assignments to show only assignments for the managed identity's principal ID: + +```bash +az role assignment list \ + --assignee "$PRINCIPAL_ID" \ + --all +``` + +### List all role assignments for the subscription + +List every role assignment across the entire subscription: + +```bash +az role assignment list --all +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "principalId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "principalType": "ServicePrincipal", + "roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "roleDefinitionName": "Contributor", + "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rbac-demo", + "type": "Microsoft.Authorization/roleAssignments" + } +] +``` + +### Delete a role assignment + +Delete the role assignment and confirm it no longer appears in the list: + +```bash +az role assignment delete \ + --assignee "$PRINCIPAL_ID" \ + --role Contributor \ + --scope "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rbac-demo" +``` + +## Features + +- **Role assignment creation:** Create role assignments by specifying an assignee principal ID, role name or ID, and scope. +- **Assignment listing:** List role assignments at subscription scope, resource group scope, or filtered by assignee. +- **Assignee filtering:** Filter assignments by principal ID or display name. +- **Subscription-wide listing:** Retrieve all role assignments across a subscription via `--all`. +- **Role assignment deletion:** Delete assignments by role name, assignee, and scope. +- **Custom role support:** Assign custom role definitions alongside built-in roles. + +## Limitations + +- **RBAC not enforced:** Role assignments are stored but not evaluated. All operations on LocalStack succeed regardless of assigned roles. +- **Condition-based assignments:** Attribute-based access control (ABAC) conditions in assignments are accepted at the model level but are not evaluated. +- **Deny assignments:** `Microsoft.Authorization/denyAssignments` are not supported. +- **Management group scopes:** Assignments at management group scope are not supported. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Creating custom RBAC roles and assigning them to service principals. +- Assigning built-in roles to managed identities for infrastructure automation tests. + +## API Coverage + + diff --git a/src/content/docs/azure/services/role-definition.mdx b/src/content/docs/azure/services/role-definition.mdx new file mode 100644 index 00000000..e575e5c8 --- /dev/null +++ b/src/content/docs/azure/services/role-definition.mdx @@ -0,0 +1,171 @@ +--- +title: "Role Definition" +description: Get started with Azure Role Definitions on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Role Definitions are the building blocks of Azure role-based access control (RBAC). +A role definition is a collection of permissions that can be assigned to identities at a specific scope. +They allow organizations to grant least-privilege access to Azure resources by defining precisely which operations an identity is permitted to perform. For more information, see [What is Azure RBAC?](https://learn.microsoft.com/en-us/azure/role-based-access-control/overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Role Definitions. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Role Definitions' integration with LocalStack. + +## Getting started + +This guide walks you through creating a custom role definition, listing role definitions, and deleting the custom role. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### List built-in role definitions + +List all built-in Azure role definitions available in the current subscription: + +```bash +az role definition list --output table +``` + +```bash title="Output" +Name Type Description +--------------------------------------- --------------------------------------- ----------------------------------------------------------- +Contributor Microsoft.Authorization/roleDefinitions Grants full access to manage all resources... +Owner Microsoft.Authorization/roleDefinitions Grants full access to manage all resources... +Reader Microsoft.Authorization/roleDefinitions View all resources, but does not allow you to make changes. +... +``` + +### Create a custom role definition + +Save the following JSON to `custom-role.json`: + +```json title="custom-role.json" +{ + "Name": "Custom Storage Reader", + "Description": "Can read storage blobs.", + "Actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + ], + "NotActions": [], + "AssignableScopes": [ + "/subscriptions/00000000-0000-0000-0000-000000000000" + ] +} +``` + +Then create the role: + +```bash +az role definition create --role-definition @custom-role.json +``` + +```bash title="Output" +{ + "assignableScopes": ["/subscriptions/00000000-0000-0000-0000-000000000000"], + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + ], + "notActions": [] + } + ], + "roleName": "Custom Storage Reader", + "roleType": "CustomRole", + "type": "Microsoft.Authorization/roleDefinitions" +... +} +``` + +### List role definitions + +List all role definitions that match the custom role name: + +```bash +az role definition list --name "Custom Storage Reader" +``` + +```bash title="Output" +[ + { + "assignableScopes": ["/subscriptions/00000000-0000-0000-0000-000000000000"], + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "name": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", + "permissions": [ + { + "actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + ], + "notActions": [] + } + ], + "roleName": "Custom Storage Reader", + "roleType": "CustomRole", + "type": "Microsoft.Authorization/roleDefinitions" + } +] +``` + +### Update a custom role definition + +Update the custom role definition by passing a modified JSON definition file: + +```bash +az role definition update --role-definition @custom-role.json +``` + +### Delete a custom role definition + +Delete the custom role definition by name: + +```bash +az role definition delete --name "Custom Storage Reader" +az role definition list --name "Custom Storage Reader" +``` + +## Features + +- **Custom role creation:** Create custom role definitions with `Actions`, `NotActions`, `DataActions`, and `NotDataActions`. +- **Built-in roles pre-populated:** Standard Azure built-in roles are available via `az role definition list`. +- **Role listing and filtering:** List role definitions by name, scope, or custom flag. +- **Role update:** Update existing custom role definitions including permissions and assignable scopes. +- **Role deletion:** Delete custom role definitions by name or ID. +- **Assignable scopes support:** Roles specify assignable scopes at subscription or resource group level. + +## Limitations + +- **RBAC not enforced:** Role definitions and assignments are stored in the emulator but are not enforced. All API calls succeed regardless of whether the caller has the required permissions. +- **No built-in role permission evaluation:** Checking effective permissions via `az role assignment list-access` is not supported. +- **Management group scopes:** Management group–level assignable scopes are not supported. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Creating custom RBAC roles and assigning them to service principals. +- Combining role definitions and role assignments for least-privilege access patterns. + +## API Coverage + + diff --git a/src/content/docs/azure/services/route-table.mdx b/src/content/docs/azure/services/route-table.mdx new file mode 100644 index 00000000..20ad5686 --- /dev/null +++ b/src/content/docs/azure/services/route-table.mdx @@ -0,0 +1,301 @@ +--- +title: "Route Table" +description: Get started with Azure Route Table on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Route Table contains a set of rules (routes) that specify how packets should be routed in a virtual network. +You can associate a route table with a subnet to override Azure's default system routes and direct traffic to specific next-hop targets such as virtual appliances, VPN gateways, or other virtual networks. +Route tables are commonly used in hub-and-spoke topologies to force traffic through a central network virtual appliance for inspection. For more information, see [Virtual network traffic routing](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Route Tables. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Route Table's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Route Tables and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create \ + --name rg-rt-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-rt-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a route table + +Create an empty route table to hold the custom routing rules: + +```bash +az network route-table create \ + --name rt-demo \ + --resource-group rg-rt-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "disableBgpRoutePropagation": false, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-demo", + "location": "westeurope", + "name": "rt-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-rt-demo", + "routes": [], + "type": "Microsoft.Network/routeTables" +... +} +``` + +### Create a route table with inline routes + +Create a route table with a custom route to send all internet traffic via a virtual appliance: + +```bash +az network route-table create \ + --name rt-with-routes \ + --resource-group rg-rt-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "disableBgpRoutePropagation": false, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-with-routes", + "location": "westeurope", + "name": "rt-with-routes", + "provisioningState": "Succeeded", + "resourceGroup": "rg-rt-demo", + "routes": [], + "type": "Microsoft.Network/routeTables" +... +} +``` + + +Add a route that directs internet-bound traffic to a virtual appliance: + +```bash +az network route-table route create \ + --name route-to-internet \ + --route-table-name rt-with-routes \ + --resource-group rg-rt-demo \ + --address-prefix 0.0.0.0/0 \ + --next-hop-type VirtualAppliance \ + --next-hop-ip-address 10.0.2.4 +``` + +```bash title="Output" +{ + "addressPrefix": "0.0.0.0/0", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-with-routes/routes/route-to-internet", + "name": "route-to-internet", + "nextHopIpAddress": "10.0.2.4", + "nextHopType": "VirtualAppliance", + "provisioningState": "Succeeded", + "resourceGroup": "rg-rt-demo", + "type": "Microsoft.Network/routeTables/routes" +... +} +``` + +### Manage individual routes + +Add, show, and delete individual routes on an existing route table: + + +Add a route that directs internet-bound traffic to a virtual appliance: + +```bash +az network route-table route create \ + --name route-to-spoke \ + --route-table-name rt-demo \ + --resource-group rg-rt-demo \ + --address-prefix 172.16.0.0/16 \ + --next-hop-type VnetLocal +``` + +```bash title="Output" +{ + "addressPrefix": "172.16.0.0/16", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-demo/routes/route-to-spoke", + "name": "route-to-spoke", + "nextHopType": "VnetLocal", + "provisioningState": "Succeeded", + "resourceGroup": "rg-rt-demo", + "type": "Microsoft.Network/routeTables/routes" +... +} +``` + + +Then retrieve the details of the `route-to-spoke` route within the table: + +```bash +az network route-table route show \ + --name route-to-spoke \ + --route-table-name rt-demo \ + --resource-group rg-rt-demo +``` + +```bash title="Output" +{ + "addressPrefix": "172.16.0.0/16", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-demo/routes/route-to-spoke", + "name": "route-to-spoke", + "nextHopType": "VnetLocal", + "provisioningState": "Succeeded", + "resourceGroup": "rg-rt-demo", + "type": "Microsoft.Network/routeTables/routes" +... +} +``` + + +Delete the `route-to-spoke` route from the route table: + +```bash +az network route-table route delete \ + --name route-to-spoke \ + --route-table-name rt-demo \ + --resource-group rg-rt-demo +``` + +### Get and list route tables + +Retrieve the details of a route table and list all route tables in the resource group: + +```bash +az network route-table show \ + --name rt-demo \ + --resource-group rg-rt-demo +``` + +```bash title="Output" +{ + "disableBgpRoutePropagation": false, + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-demo", + "location": "westeurope", + "name": "rt-demo", + "provisioningState": "Succeeded", + "resourceGroup": "rg-rt-demo", + "routes": [ + { + "addressPrefix": "172.16.0.0/16", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-demo/routes/route-to-spoke", + "name": "route-to-spoke", + "nextHopType": "VnetLocal", + "provisioningState": "Succeeded", + "type": "Microsoft.Network/routeTables/routes" + } + ], + "type": "Microsoft.Network/routeTables" +... +} +``` + + +Then list all route tables to confirm the resource group is now empty: + +```bash +az network route-table list \ + --resource-group rg-rt-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-demo", + "location": "westeurope", + "name": "rt-demo", + "provisioningState": "Succeeded", + "routes": [ { "name": "route-to-spoke", "nextHopType": "VnetLocal", ... } ], + "type": "Microsoft.Network/routeTables", + ... + }, + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-rt-demo/providers/Microsoft.Network/routeTables/rt-with-routes", + "location": "westeurope", + "name": "rt-with-routes", + "provisioningState": "Succeeded", + "routes": [ { "name": "route-to-internet", "nextHopType": "VirtualAppliance", "nextHopIpAddress": "10.0.2.4", ... } ], + "type": "Microsoft.Network/routeTables", + ... + } +] +``` + +### Delete the route table + +Delete the route table and verify it no longer appears in the list: + +```bash +az network route-table delete \ + --name rt-demo \ + --resource-group rg-rt-demo +``` + +## Features + +The Route Table emulator supports the following features: + +- **Create and manage route tables**: Full lifecycle management including create, get, update, list, and delete. +- **Sub-resource route management**: Create, get, update, list, and delete individual routes within a route table. +- **Next-hop types**: Support for `VirtualAppliance`, `VnetLocal`, `VirtualNetworkGateway`, `Internet`, and `None`. +- **Next-hop IP addresses**: Store and return the next-hop IP address for `VirtualAppliance` routes. +- **Address prefix ranges**: Store and return the address prefix for each route. +- **Tags**: Apply and update resource tags on route table resources. +- **Subscription-scoped listing**: List all route tables across a subscription. + +## Limitations + +- **No traffic routing**: Route Table is a mock implementation. State is persisted in memory and returned faithfully, but no actual network traffic is routed according to the configured routes. +- **No subnet association enforcement**: Associating a route table with a subnet is accepted but not enforced at the network level. +- **No data persistence**: Route table resources and their routes are not persisted and are lost when the emulator is stopped or restarted. + +## Samples + +The following samples demonstrate how to use Route Tables with LocalStack for Azure: + +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) + +## API Coverage + + diff --git a/src/content/docs/azure/services/scheduled-query-rules.mdx b/src/content/docs/azure/services/scheduled-query-rules.mdx new file mode 100644 index 00000000..3b972887 --- /dev/null +++ b/src/content/docs/azure/services/scheduled-query-rules.mdx @@ -0,0 +1,249 @@ +--- +title: "Scheduled Query Rules" +description: Get started with Azure Monitor Scheduled Query Rules on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Scheduled Query Rules (SQR) evaluate KQL log queries stored in a Log Analytics Workspace on a defined schedule. +When query results meet a configured condition, an alert is fired and routed through an Action Group. +Scheduled Query Rules are commonly used to detect patterns in application logs, audit events, and custom metrics that cannot be captured by standard metric alerts. For more information, see [Log alerts in Azure Monitor](https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-log). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Scheduled Query Rules. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Scheduled Query Rules' integration with LocalStack. + +## Getting started + +This guide walks you through creating a Scheduled Query Rule that targets a Log Analytics workspace. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-sqr-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-sqr-demo", + "location": "eastus", + "name": "rg-sqr-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a Log Analytics workspace + +Create a Log Analytics workspace to use as the scheduled query target: + +```bash +az monitor log-analytics workspace create \ + --name my-workspace \ + --resource-group rg-sqr-demo \ + --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-sqr-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace", + "location": "eastus", + "name": "my-workspace", + "provisioningState": "Succeeded", + "resourceGroup": "rg-sqr-demo", + "type": "Microsoft.OperationalInsights/workspaces" +... +} +``` + +### Create an action group + +Create an action group to serve as the notification target when the alert fires: + +```bash +az monitor action-group create \ + --name my-ag \ + --resource-group rg-sqr-demo \ + --short-name myag \ + --action email admin admin@example.com +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-sqr-demo/providers/microsoft.insights/actionGroups/my-ag", + "name": "my-ag", + "resourceGroup": "rg-sqr-demo", + "type": "microsoft.insights/actionGroups" +... +} +``` + +### Create a scheduled query rule + +Retrieve the workspace and action group resource IDs, then create a scheduled query rule that fires when the error count exceeds the threshold: + +```bash +WORKSPACE_ID=$(az monitor log-analytics workspace show \ + --workspace-name my-workspace \ + --resource-group rg-sqr-demo \ + --query id \ + --output tsv) + +AG_ID=$(az monitor action-group show \ + --name my-ag \ + --resource-group rg-sqr-demo \ + --query id \ + --output tsv) + +az monitor scheduled-query create \ + --name my-sqr \ + --resource-group rg-sqr-demo \ + --scopes "$WORKSPACE_ID" \ + --condition "count 'Placeholder' from 'Heartbeat | where TimeGenerated > ago(5m)' greater than 5" \ + --condition-query "Heartbeat | where TimeGenerated > ago(5m)" \ + --description "Alert on Heartbeat count" \ + --action-groups "$AG_ID" \ + --evaluation-frequency PT5M \ + --window-size PT5M \ + --severity 2 +``` + +```bash title="Output" +{ + "criteria": { + "allOf": [ + { + "operator": "GreaterThan", + "query": "Heartbeat | where TimeGenerated > ago(5m)", + "threshold": 5.0, + "timeAggregation": "Count" + } + ] + }, + "enabled": true, + "evaluationFrequency": "0:05:00", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-sqr-demo/providers/microsoft.insights/scheduledqueryrules/my-sqr", + "location": "eastus", + "name": "my-sqr", + "resourceGroup": "rg-sqr-demo", + "scopes": [ "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-sqr-demo/providers/Microsoft.OperationalInsights/workspaces/my-workspace" ], + "severity": 2, + "type": "Microsoft.Insights/scheduledQueryRules", + "windowSize": "0:05:00" +... +} +``` + +### Show and list query rules + +Retrieve the details of the scheduled query rule and list all rules in the resource group: + +```bash +az monitor scheduled-query show \ + --name my-sqr \ + --resource-group rg-sqr-demo +``` + +```bash title="Output" +{ + "criteria": { "allOf": [ { "operator": "GreaterThan", "query": "Heartbeat | where TimeGenerated > ago(5m)", "threshold": 5.0, "timeAggregation": "Count" } ] }, + "enabled": true, + "evaluationFrequency": "0:05:00", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-sqr-demo/providers/microsoft.insights/scheduledqueryrules/my-sqr", + "name": "my-sqr", + "resourceGroup": "rg-sqr-demo", + "severity": 2, + "type": "Microsoft.Insights/scheduledQueryRules", + "windowSize": "0:05:00", + ... +} +``` + + +Then list all scheduled query rules in the resource group: + +```bash +az monitor scheduled-query list \ + --resource-group rg-sqr-demo +``` + +```bash title="Output" +[ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-sqr-demo/providers/microsoft.insights/scheduledqueryrules/my-sqr", + "name": "my-sqr", + "resourceGroup": "rg-sqr-demo", + "severity": 2, + "type": "Microsoft.Insights/scheduledQueryRules", + ... + } +] +``` + +### Delete and verify + +Delete the resource and confirm it no longer appears in the list: + +```bash +az monitor scheduled-query delete \ + --name my-sqr \ + --resource-group rg-sqr-demo \ + --yes +``` + + +Then list all scheduled query rules to confirm the resource group is now empty: + +```bash +az monitor scheduled-query list --resource-group rg-sqr-demo +``` + +```bash title="Output" +[] +``` + +## Features + +- **Scheduled Query Rule lifecycle:** Create, read, list, update, and delete SQR resources. +- **KQL query storage:** Store the KQL query definition within the rule (not executed). +- **Condition configuration:** Define threshold, operator, time aggregation, and evaluation period. +- **Action group references:** Associate one or more action groups with a query rule. +- **Severity levels:** Set alert severity from 0 (Critical) to 4 (Verbose). +- **Evaluation frequency:** Configure how often the rule is evaluated via ISO 8601 duration. +- **Cross-resource queries:** Define rules targeting multiple scopes. + +## Limitations + +- **No KQL execution:** The query defined in the rule is never run against Log Analytics data. +- **No alert firing:** Alert thresholds are never evaluated and no alerts are triggered. +- **No notifications dispatched:** Action group notifications are not sent even when the rule fires. +- **No alert history:** Alert instance history and state transitions are not recorded. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Defining scheduled query alert rules for log-based monitoring scenarios. + +## API Coverage + + diff --git a/src/content/docs/azure/services/sql.mdx b/src/content/docs/azure/services/sql.mdx index e2b77d23..3afc783a 100644 --- a/src/content/docs/azure/services/sql.mdx +++ b/src/content/docs/azure/services/sql.mdx @@ -1,5 +1,5 @@ --- -title: "SQL" +title: "SQL Database" description: Get started with Azure SQL in LocalStack for Azure. template: doc --- @@ -233,6 +233,7 @@ az sql db tde set \ ... "state": "Enabled", "type": "Microsoft.Sql/servers/databases/transparentDataEncryption" +... } ``` @@ -257,6 +258,7 @@ az sql db str-policy set \ "resourceGroup": "rg-sql-demo", "retentionDays": 7, "type": "Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies" +... } ``` @@ -285,6 +287,7 @@ az sql db ltr-policy set \ "weekOfYear": 16, "weeklyRetention": "P4W", "yearlyRetention": "P5Y" +... } ``` diff --git a/src/content/docs/azure/services/tables.mdx b/src/content/docs/azure/services/tables.mdx deleted file mode 100644 index 0d1aa80a..00000000 --- a/src/content/docs/azure/services/tables.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Tables" -description: API coverage for Microsoft.Tables in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/web-test.mdx b/src/content/docs/azure/services/web-test.mdx new file mode 100644 index 00000000..3fa206a8 --- /dev/null +++ b/src/content/docs/azure/services/web-test.mdx @@ -0,0 +1,199 @@ +--- +title: "Web Test" +description: Get started with Azure Monitor Web Tests on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Web Tests (availability tests) send HTTP probes to a URL from multiple geographic locations and alert when the endpoint is unavailable or slow. +Web Tests are associated with an Application Insights component and report availability data alongside application telemetry. +They are commonly used to monitor public-facing APIs and web applications for uptime and response time from a global perspective. For more information, see [Application Insights availability tests](https://learn.microsoft.com/en-us/azure/azure-monitor/app/availability-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Web Tests. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Web Tests' integration with LocalStack. + +## Getting started + +This guide walks you through creating a web test linked to an Application Insights component. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-webtest-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-webtest-demo", + "location": "eastus", + "name": "rg-webtest-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create an Application Insights component + +Create an Application Insights component to attach the web test to: + +```bash +az monitor app-insights component create \ + --app my-app-insights \ + --resource-group rg-webtest-demo \ + --location eastus \ + --kind web +``` + +```bash title="Output" +{ + "appId": "c62300bc-c7ae-5dd1-9f6c-08016bcbfbd9", + "applicationType": "web", + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-webtest-demo/providers/microsoft.insights/components/my-app-insights", + "kind": "web", + "location": "eastus", + "name": "my-app-insights", + "provisioningState": "Succeeded", + "resourceGroup": "rg-webtest-demo", + "type": "microsoft.insights/components", + ... +} +``` + +### Create a web test + +Use the REST API to create a standard availability test: + +```bash +AI_ID=$(az monitor app-insights component show \ + --app my-app-insights \ + --resource-group rg-webtest-demo \ + --query id \ + --output tsv) + +az rest --method PUT \ + --url "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-webtest-demo/providers/microsoft.insights/webtests/my-web-test?api-version=2022-06-15" \ + --body '{ + "location": "eastus", + "kind": "standard", + "properties": { + "Name": "my-web-test", + "Enabled": true, + "Frequency": 300, + "Timeout": 30, + "Kind": "standard", + "Locations": [{"Id": "us-tx-sn1-azr"}], + "Request": { + "RequestUrl": "https://example.com", + "HttpVerb": "GET" + }, + "HiddenLink": "'"$AI_ID"'" + } + }' +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-webtest-demo/providers/microsoft.insights/webtests/my-web-test", + "kind": "standard", + "location": "eastus", + "name": "my-web-test", + "properties": { + "Enabled": true, + "Frequency": 300, + "Kind": "standard", + "Name": "my-web-test", + "Request": { "HttpVerb": "GET", "RequestUrl": "https://example.com" }, + "Timeout": 30 + }, + "type": "Microsoft.Insights/webtests" +... +} +``` + +### List web tests + +List all web tests associated with the Application Insights component using the REST API: + +```bash +az rest --method GET \ + --url "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-webtest-demo/providers/microsoft.insights/webtests?api-version=2022-06-15" +``` + +```bash title="Output" +{ + "value": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-webtest-demo/providers/Microsoft.Insights/webtests/my-web-test", + "kind": "standard", + "location": "eastus", + "name": "my-web-test", + "properties": { + "Enabled": true, + "Frequency": 300, + "Kind": "standard", + "Name": "my-web-test", + "Request": { "HttpVerb": "GET", "RequestUrl": "https://example.com" }, + ... + }, + "type": "Microsoft.Insights/webtests" + } + ] +... +} +``` + +### Delete a web test + +Delete the web test using the REST API and verify it no longer appears in the list: + +```bash +az rest --method DELETE \ + --url "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-webtest-demo/providers/microsoft.insights/webtests/my-web-test?api-version=2022-06-15" +``` + +## Features + +- **Web test lifecycle:** Create, read, list, and delete web test resources. +- **Classic ping and standard test kinds:** Accept `ping`, `multistep`, and `standard` test kinds. +- **Test location configuration:** Accept one or more agent location IDs per test. +- **Request configuration:** Define URL, HTTP verb, headers, and body for standard tests. +- **Frequency and timeout settings:** Configure probing frequency and response timeout. +- **Application Insights linking:** Associate web tests with an Application Insights component via the `HiddenLink` tag. +- **Enable/disable flag:** Enable or disable a web test without deleting it. + +## Limitations + +- **No HTTP probes sent:** LocalStack does not send HTTP requests to the configured URL. +- **No availability data collected:** Pass, fail, and response time data is not recorded. +- **No availability alerts fired:** Alert rules associated with a web test are not triggered. +- **No synthetic transactions:** Multi-step and Playwright-based tests are stored but not executed. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Configuring web tests linked to Application Insights components for IaC testing. + +## API Coverage + + diff --git a/src/content/docs/azure/services/web.mdx b/src/content/docs/azure/services/web.mdx deleted file mode 100644 index 9d2ebbd5..00000000 --- a/src/content/docs/azure/services/web.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Web" -description: API coverage for Microsoft.Web in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/workbook.mdx b/src/content/docs/azure/services/workbook.mdx new file mode 100644 index 00000000..30ff8b6b --- /dev/null +++ b/src/content/docs/azure/services/workbook.mdx @@ -0,0 +1,198 @@ +--- +title: "Workbook" +description: Get started with Azure Monitor Workbooks on LocalStack +template: doc +--- + +import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; + +## Introduction + +Azure Monitor Workbooks are interactive reports that combine text, KQL queries, metrics, and visualizations into a single shareable document. +Workbook Templates allow organizations to share reusable workbook definitions across workspaces and resource groups. +They are commonly used to create operational dashboards, cost reports, and compliance summaries that surface data from multiple Azure Monitor sources. For more information, see [Azure Workbooks overview](https://learn.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview). + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Monitor Workbooks. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Workbooks' integration with LocalStack. + +## Getting started + +This guide walks you through creating a workbook and a workbook template. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +```bash +azlocal stop-interception +``` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. + +### Create a resource group + +Create a resource group to hold all resources created in this guide: + +```bash +az group create --name rg-workbook-demo --location eastus +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo", + "location": "eastus", + "name": "rg-workbook-demo", + "properties": { "provisioningState": "Succeeded" }, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a workbook + +Create a workbook using the ARM REST API, passing a JSON-serialized content body: + +```bash +az rest --method PUT \ + --url "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo/providers/microsoft.insights/workbooks/my-workbook?api-version=2022-04-01" \ + --body '{ + "location": "eastus", + "kind": "shared", + "properties": { + "displayName": "My Workbook", + "description": "A sample workbook.", + "category": "workbook", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[],\"isLocked\":false}", + "version": "1.0", + "sourceId": "Azure Monitor" + } + }' +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo/providers/microsoft.insights/workbooks/my-workbook", + "kind": "shared", + "location": "eastus", + "name": "my-workbook", + "properties": { + "category": "workbook", + "description": "A sample workbook.", + "displayName": "My Workbook", + "serializedData": "{\"version\":\"Notebook/1.0\",\"items\":[],\"isLocked\":false}", + "sourceId": "Azure Monitor", + "version": "1.0" + } +} +``` + +### List workbooks + +List all workbooks in the resource group by querying the ARM REST API: + +```bash +az rest --method GET \ + --url "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo/providers/microsoft.insights/workbooks?api-version=2022-04-01&category=workbook" +``` + +```bash title="Output" +{ + "value": [ + { + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo/providers/microsoft.insights/workbooks/my-workbook", + "kind": "shared", + "location": "eastus", + "name": "my-workbook", + "properties": { + "category": "workbook", + "description": "A sample workbook.", + "displayName": "My Workbook", + ... + } + } + ] +} + +```bash +az rest --method PUT \ + --url "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo/providers/microsoft.insights/workbookTemplates/my-template?api-version=2020-11-20" \ + --body '{ + "location": "eastus", + "properties": { + "priority": 1, + "author": "My Team", + "templateData": {}, + "galleries": [ + { + "name": "My Template", + "category": "General", + "type": "workbook", + "order": 100, + "resourceType": "Azure Monitor" + } + ] + } + }' +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo/providers/microsoft.insights/workbooktemplates/my-template", + "location": "eastus", + "name": "my-template", + "properties": { + "author": "My Team", + "galleries": [ + { + "category": "General", + "name": "My Template", + "order": 100, + "resourceType": "Azure Monitor", + "type": "workbook" + } + ], + "priority": 1, + "templateData": {} + }, + "type": "microsoft.insights/workbooktemplates" +... +} +``` + +### Delete resources + +Delete the workbook using the ARM REST API, then delete the resource group: + +```bash +az rest --method DELETE \ + --url "https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-workbook-demo/providers/microsoft.insights/workbooks/my-workbook?api-version=2022-04-01" +``` + +## Features + +- **Workbook lifecycle:** Create, read, list, update, and delete workbooks. +- **Workbook template lifecycle:** Create, read, list, update, and delete workbook templates. +- **Shared and private workbooks:** Accept both `shared` and `user` kind values. +- **Category filtering:** List workbooks by category such as `workbook`, `sentinel`, or `vm-insights`. +- **Serialized data storage:** Store the full workbook JSON definition in the `serializedData` field. +- **Gallery configuration:** Define workbook templates with gallery metadata for easy discovery. + +## Limitations + +- **No rendering or query execution:** The workbook content is stored as a JSON string but KQL queries within the workbook are not executed. +- **No Azure Portal integration:** Workbooks cannot be previewed or rendered via LocalStack. +- **No linked resource validation:** Source ID references to Application Insights components or subscriptions are accepted but not validated. + +## Samples + +Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: + +- Deploying workbook resources via Bicep or ARM templates for observability dashboards. + +## API Coverage + + From e26883d1f5b701812fc984efc28cc880118347f8 Mon Sep 17 00:00:00 2001 From: Paolo Salvatori Date: Wed, 15 Apr 2026 17:39:10 +0200 Subject: [PATCH 2/3] Fix samples for all the articles --- .../docs/azure/services/action-group.mdx | 4 +- .../docs/azure/services/api-management.mdx | 5 +- .../azure/services/application-insights.mdx | 4 +- .../docs/azure/services/autoscale-setting.mdx | 4 +- .../docs/azure/services/bastion-host.mdx | 5 +- .../docs/azure/services/blob-storage.mdx | 1 + .../azure/services/container-registry.mdx | 5 +- .../docs/azure/services/container-service.mdx | 11 - src/content/docs/azure/services/cosmos-db.mdx | 6 +- .../azure/services/data-collection-rules.mdx | 4 +- .../azure/services/diagnostic-setting.mdx | 5 +- .../docs/azure/services/documentdb.mdx | 11 - .../docs/azure/services/front-door.mdx | 2 +- .../docs/azure/services/functions-app.mdx | 9 +- src/content/docs/azure/services/key-vault.mdx | 1 + .../docs/azure/services/log-analytics.mdx | 5 +- .../docs/azure/services/managed-identity.mdx | 6 +- .../docs/azure/services/metric-alert.mdx | 4 +- src/content/docs/azure/services/monitor.mdx | 5 +- .../docs/azure/services/network-interface.mdx | 4 +- .../docs/azure/services/queue-storage.mdx | 266 +++++++++++++++++- .../docs/azure/services/resource-manager.mdx | 6 +- .../docs/azure/services/role-assignment.mdx | 6 +- .../docs/azure/services/role-definition.mdx | 5 +- .../azure/services/scheduled-query-rules.mdx | 4 +- src/content/docs/azure/services/web-test.mdx | 4 +- src/content/docs/azure/services/workbook.mdx | 4 +- 27 files changed, 308 insertions(+), 88 deletions(-) delete mode 100644 src/content/docs/azure/services/container-service.mdx delete mode 100644 src/content/docs/azure/services/documentdb.mdx diff --git a/src/content/docs/azure/services/action-group.mdx b/src/content/docs/azure/services/action-group.mdx index c6b9b7ff..8cae1a51 100644 --- a/src/content/docs/azure/services/action-group.mdx +++ b/src/content/docs/azure/services/action-group.mdx @@ -206,9 +206,7 @@ az monitor action-group list --resource-group rg-monit-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Creating action groups and referencing them from metric alert rules. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/api-management.mdx b/src/content/docs/azure/services/api-management.mdx index 5fbe7a5f..c40f5b8b 100644 --- a/src/content/docs/azure/services/api-management.mdx +++ b/src/content/docs/azure/services/api-management.mdx @@ -204,10 +204,7 @@ az apim list --resource-group rg-apim-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Creating an API Management service and registering API definitions. -- Defining backends and associating them with API operations. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/application-insights.mdx b/src/content/docs/azure/services/application-insights.mdx index f1fc3d65..44da2419 100644 --- a/src/content/docs/azure/services/application-insights.mdx +++ b/src/content/docs/azure/services/application-insights.mdx @@ -207,9 +207,9 @@ az monitor app-insights component list \ ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: +The following sample demonstrates how to use Azure Application Insights with LocalStack for Azure: -- Creating an Application Insights component and configuring it as a dependency of a Function App. +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/autoscale-setting.mdx b/src/content/docs/azure/services/autoscale-setting.mdx index 673f66ae..50c04383 100644 --- a/src/content/docs/azure/services/autoscale-setting.mdx +++ b/src/content/docs/azure/services/autoscale-setting.mdx @@ -234,9 +234,7 @@ az monitor autoscale list --resource-group rg-autoscale-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Defining autoscale policies for App Service plans in infrastructure as code templates. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/bastion-host.mdx b/src/content/docs/azure/services/bastion-host.mdx index 8fa94b84..1109c0cb 100644 --- a/src/content/docs/azure/services/bastion-host.mdx +++ b/src/content/docs/azure/services/bastion-host.mdx @@ -280,10 +280,7 @@ The Bastion Host emulator supports the following features: ## Samples -The following samples demonstrate how to use Bastion Host with LocalStack for Azure: - -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) -- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/blob-storage.mdx b/src/content/docs/azure/services/blob-storage.mdx index c2e2a235..5e3c81ee 100644 --- a/src/content/docs/azure/services/blob-storage.mdx +++ b/src/content/docs/azure/services/blob-storage.mdx @@ -271,6 +271,7 @@ The following samples demonstrate how to use Blob Storage with LocalStack for Az - [Azure Functions Sample with LocalStack for Azure](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-storage-http/dotnet) - [Azure Functions App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-managed-identity/python) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) - [Azure Web App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python) ## API Coverage diff --git a/src/content/docs/azure/services/container-registry.mdx b/src/content/docs/azure/services/container-registry.mdx index a51c34b9..9407ddbb 100644 --- a/src/content/docs/azure/services/container-registry.mdx +++ b/src/content/docs/azure/services/container-registry.mdx @@ -213,10 +213,9 @@ az acr list --resource-group rg-acr-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: +The following sample demonstrates how to use Azure Container Registry with LocalStack for Azure: -- Pushing and pulling Docker images from a local container registry. -- Building and running containerized applications using ACR and Azure Container Instances. +- [ACI and Blob Storage](https://github.com/localstack/localstack-azure-samples/samples/aci-blob-storage/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/container-service.mdx b/src/content/docs/azure/services/container-service.mdx deleted file mode 100644 index 33c53869..00000000 --- a/src/content/docs/azure/services/container-service.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "Container Service" -description: API coverage for Microsoft.ContainerService in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/cosmos-db.mdx b/src/content/docs/azure/services/cosmos-db.mdx index 4fa19c78..d2f6f437 100644 --- a/src/content/docs/azure/services/cosmos-db.mdx +++ b/src/content/docs/azure/services/cosmos-db.mdx @@ -347,10 +347,10 @@ az cosmosdb list --resource-group rg-cosmos-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: +The following sample demonstrates how to use Azure Cosmos DB with LocalStack for Azure: -- Provisioning a Cosmos DB SQL account and inserting documents with the Azure SDK. -- Connecting to the Cosmos DB MongoDB API with a standard MongoDB driver. +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) +- [Web App and Cosmos DB for NoSQL API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-nosql-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/data-collection-rules.mdx b/src/content/docs/azure/services/data-collection-rules.mdx index ba84ceca..308a0e8e 100644 --- a/src/content/docs/azure/services/data-collection-rules.mdx +++ b/src/content/docs/azure/services/data-collection-rules.mdx @@ -238,9 +238,7 @@ az monitor data-collection rule list --resource-group rg-dcr-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Defining data collection pipelines with DCRs and DCEs for infrastructure testing. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/diagnostic-setting.mdx b/src/content/docs/azure/services/diagnostic-setting.mdx index 10ffc555..b8fa404b 100644 --- a/src/content/docs/azure/services/diagnostic-setting.mdx +++ b/src/content/docs/azure/services/diagnostic-setting.mdx @@ -218,9 +218,10 @@ az monitor diagnostic-settings list --resource "$RESOURCE_ID" ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: +The following sample demonstrates how to use Azure Diagnostic Settings with LocalStack for Azure: -- Configuring diagnostic settings to route audit logs to a storage account. +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/documentdb.mdx b/src/content/docs/azure/services/documentdb.mdx deleted file mode 100644 index d1595f47..00000000 --- a/src/content/docs/azure/services/documentdb.mdx +++ /dev/null @@ -1,11 +0,0 @@ ---- -title: "DocumentDB" -description: API coverage for Microsoft.DocumentDB in LocalStack for Azure. -template: doc ---- - -import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; - -## API Coverage - - diff --git a/src/content/docs/azure/services/front-door.mdx b/src/content/docs/azure/services/front-door.mdx index fd5f19b9..70c394eb 100644 --- a/src/content/docs/azure/services/front-door.mdx +++ b/src/content/docs/azure/services/front-door.mdx @@ -429,7 +429,7 @@ az afd profile list --resource-group rg-afd-demo The following samples demonstrate how to use Azure Front Door with LocalStack for Azure: -- [Azure Front Door quickstart](https://learn.microsoft.com/en-us/azure/frontdoor/create-front-door-cli) +- [Function App and Front Door](https://github.com/localstack/localstack-azure-samples/samples/function-app-front-door/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/functions-app.mdx b/src/content/docs/azure/services/functions-app.mdx index 2956a9ca..c210c96d 100644 --- a/src/content/docs/azure/services/functions-app.mdx +++ b/src/content/docs/azure/services/functions-app.mdx @@ -239,11 +239,12 @@ az functionapp list --resource-group rg-func-demo --output table ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: +The following sample demonstrates how to use Azure Function Apps with LocalStack for Azure: -- Python HTTP-trigger function deployed with the Azure Functions Core Tools. -- Node.js function app with `func azure functionapp publish`. -- .NET isolated worker function app deployment. +- [Function App and Storage](https://github.com/localstack/localstack-azure-samples/samples/function-app-storage-http/dotnet/README.md) +- [Function App and Front Door](https://github.com/localstack/localstack-azure-samples/samples/function-app-front-door/python/README.md) +- [Function App and Managed Identities](https://github.com/localstack/localstack-azure-samples/samples/function-app-managed-identity/python/README.md) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/key-vault.mdx b/src/content/docs/azure/services/key-vault.mdx index 9e2f9072..dc80f983 100644 --- a/src/content/docs/azure/services/key-vault.mdx +++ b/src/content/docs/azure/services/key-vault.mdx @@ -147,6 +147,7 @@ Key Vault keys, HSM-related operations, and getting a real certificate from an o The following sample demonstrates how to use Key Vault with LocalStack for Azure: +- [Azure Container Instances, Key Vault, and Storage](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-quickstart) - [Azure Web App with Azure SQL Database and Azure Key Vault](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-sql-database/python) ## API Coverage diff --git a/src/content/docs/azure/services/log-analytics.mdx b/src/content/docs/azure/services/log-analytics.mdx index c10f78a0..bf76bf5d 100644 --- a/src/content/docs/azure/services/log-analytics.mdx +++ b/src/content/docs/azure/services/log-analytics.mdx @@ -202,9 +202,10 @@ az monitor log-analytics workspace list \ ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: +The following sample demonstrates how to use Azure Log Analytics with LocalStack for Azure: -- Provisioning Log Analytics Workspaces linked to Diagnostic Settings and Data Collection Rules. +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/managed-identity.mdx b/src/content/docs/azure/services/managed-identity.mdx index 2bc574e8..661f492f 100644 --- a/src/content/docs/azure/services/managed-identity.mdx +++ b/src/content/docs/azure/services/managed-identity.mdx @@ -291,8 +291,10 @@ The Managed Identity emulator has the following limitations: The following samples demonstrate how to use Managed Identity with LocalStack for Azure: -- [Azure Functions App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-managed-identity/python) -- [Azure Web App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python) +- [Functions App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-managed-identity/python) +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) +- [Web App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python) ## API Coverage diff --git a/src/content/docs/azure/services/metric-alert.mdx b/src/content/docs/azure/services/metric-alert.mdx index 8cfbc0de..23e1c626 100644 --- a/src/content/docs/azure/services/metric-alert.mdx +++ b/src/content/docs/azure/services/metric-alert.mdx @@ -249,9 +249,7 @@ az monitor metrics alert list --resource-group rg-alert-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Creating metric alert rules and activity log alerts for infrastructure monitoring. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/monitor.mdx b/src/content/docs/azure/services/monitor.mdx index 233fc3ce..8b4c8722 100644 --- a/src/content/docs/azure/services/monitor.mdx +++ b/src/content/docs/azure/services/monitor.mdx @@ -306,10 +306,7 @@ The Azure Monitor emulator supports the following features: ## Samples -Explore the following samples to get started with Service Bus on LocalStack: - -- [Azure Functions App with Service Bus Messaging](https://github.com/localstack/localstack-azure-samples/blob/main/samples/function-app-service-bus/dotnet/) -- [Azure Web App with Azure Cosmos DB for MongoDB](https://github.com/localstack/localstack-azure-samples/blob/main/samples/web-app-cosmosdb-mongodb-api/python/) +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/network-interface.mdx b/src/content/docs/azure/services/network-interface.mdx index fa230491..e7e779ab 100644 --- a/src/content/docs/azure/services/network-interface.mdx +++ b/src/content/docs/azure/services/network-interface.mdx @@ -298,10 +298,10 @@ The Network Interface emulator supports the following features: ## Samples -The following samples demonstrate how to use Network Interfaces with LocalStack for Azure: +The following samples demonstrate how to use Azure Network Interfaces with LocalStack for Azure: -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) ## API Coverage diff --git a/src/content/docs/azure/services/queue-storage.mdx b/src/content/docs/azure/services/queue-storage.mdx index 182be4d5..806939a3 100644 --- a/src/content/docs/azure/services/queue-storage.mdx +++ b/src/content/docs/azure/services/queue-storage.mdx @@ -1,11 +1,273 @@ --- title: "Queue Storage" -description: API coverage for Microsoft.QueueStorage in LocalStack for Azure. +description: Get started with Azure Queue Storage on LocalStack template: doc --- import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureFeatureCoverage"; +## Introduction + +Azure Queue Storage is a messaging service for storing large numbers of messages that can be accessed from anywhere over HTTP or HTTPS. +It is commonly used to decouple application components and build asynchronous processing workflows. +Queue Storage is useful for buffering work items between producers and consumers. For more information, see [What is Azure Queue Storage?](https://learn.microsoft.com/en-us/azure/storage/queues/storage-queues-introduction) + +LocalStack for Azure provides a local environment for building and testing applications that make use of Azure Queue Storage. +The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Queue Storage's integration with LocalStack. + +## Getting started + +This guide is designed for users new to Queue Storage and assumes basic knowledge of the Azure CLI and our `azlocal` wrapper script. + +Launch LocalStack using your preferred method. For more information, see [Introduction to LocalStack for Azure](/azure/getting-started/). Once the container is running, enable Azure CLI interception by running: + +```bash +azlocal start-interception +``` + +:::note +As an alternative to using the `azlocal` CLI, users can run: + +`azlocal start-interception` + +This command points the `az` CLI away from the public Azure management REST API and toward the LocalStack for Azure emulator API. +To revert this configuration, run: + +`azlocal stop-interception` + +This reconfigures the `az` CLI to send commands to the official Azure management REST API. +::: + +### Create a resource group + +Create a resource group to contain your storage resources: + +```bash +az group create \ + --name rg-queue-demo \ + --location westeurope +``` + +```bash title="Output" +{ + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-queue-demo", + "location": "westeurope", + "managedBy": null, + "name": "rg-queue-demo", + "properties": { + "provisioningState": "Succeeded" + }, + "tags": null, + "type": "Microsoft.Resources/resourceGroups" +} +``` + +### Create a storage account + +Create a storage account in the resource group: + +```bash +az storage account create \ + --name stqueuedemols \ + --resource-group rg-queue-demo \ + --location westeurope \ + --sku Standard_LRS +``` + +```bash title="Output" +{ + ... + "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg-queue-demo/providers/Microsoft.Storage/storageAccounts/stqueuedemols", + ... + "name": "stqueuedemols", + ... + "placement": null, + "primaryEndpoints": { + "blob": "https://stqueuedemols.blob.core.azure.localhost.localstack.cloud:4566", + ... + "queue": "https://stqueuedemols.queue.core.azure.localhost.localstack.cloud:4566", + ... + }, + .... +} +``` + +### Authentication + +There are three ways to authenticate storage queue commands against the emulator: + +#### Storage account key + +Retrieve the account key and pass it with `--account-name` and `--account-key`: + +```bash +ACCOUNT_KEY=$(az storage account keys list \ + --account-name stqueuedemols \ + --resource-group rg-queue-demo \ + --query "[0].value" \ + --output tsv) + +az storage queue list \ + --account-name stqueuedemols \ + --account-key "$ACCOUNT_KEY" +``` + +#### Login credentials + +Use `--auth-mode login` to authenticate with the current session credentials: + +```bash +az storage queue list \ + --account-name stqueuedemols \ + --auth-mode login +``` + +#### Connection string + +Bundle the account name and key into a single value: + +```bash +CONNECTION_STRING=$(az storage account show-connection-string \ + --name stqueuedemols \ + --resource-group rg-queue-demo \ + --query connectionString -o tsv) + +az storage queue list \ + --connection-string "$CONNECTION_STRING" +``` + +The remaining examples in this guide use connection strings for brevity. + +### Create and inspect a queue + +Create a queue: + +```bash +az storage queue create \ + --name app-queue \ + --connection-string "$CONNECTION_STRING" +``` + +```bash title="Output" +{ + "created": true +} +``` + +Verify the queue exists: + +```bash +az storage queue exists \ + --name app-queue \ + --connection-string "$CONNECTION_STRING" +``` + +```bash title="Output" +{ + "exists": true +} +``` + +List queues in the storage account: + +```bash +az storage queue list \ + --connection-string "$CONNECTION_STRING" +``` + +```bash title="Output" +[ + { + "approximateMessageCount": null, + "metadata": null, + "name": "app-queue" + } +] +``` + +### Put, peek, and get messages + +Add a message to the queue: + +```bash +az storage message put \ + --queue-name app-queue \ + --content "hello-from-localstack" \ + --connection-string "$CONNECTION_STRING" +``` + +```bash title="Output" +{ + "content": "hello-from-localstack", + ... + "id": "a253ff4a-7b9c-434e-9c33-deae3070193c", + ... +} +``` + +Peek at messages without consuming them: + +```bash +az storage message peek \ + --queue-name app-queue \ + --connection-string "$CONNECTION_STRING" +``` + +```bash title="Output" +[ + { + "content": "hello-from-localstack", + ... + "id": "a253ff4a-7b9c-434e-9c33-deae3070193c", + "insertionTime": "2026-02-27T07:45:14+00:00", + ... + } +] +``` + +Get (dequeue) a message from the queue, which makes it invisible to other consumers for the visibility timeout period: + +```bash +az storage message get \ + --queue-name app-queue \ + --connection-string "$CONNECTION_STRING" \ + --output json +``` + +```bash title="Output" +[ + { + "content": "hello-from-localstack", + ... + "id": "a253ff4a-7b9c-434e-9c33-deae3070193c", + "popReceipt": "...", + ... + } +] +``` + +## Features + +The Queue Storage emulator supports the following features: + +- **Data plane REST API**: Queue CRUD, message operations (put, peek, get, delete), queue metadata, stored access policies, and SAS token generation. +- **Control plane REST API**: Create and get queues, get and set queue service properties via Azure Resource Manager. +- **Multiple authentication modes**: Storage account key, login credentials, and connection strings. + +## Limitations + +- **No data persistence across restarts**: Queue data is not persisted and is lost when the LocalStack emulator is stopped or restarted. +- **Queue service properties**: `set_service_properties` is a no-op and `get_service_properties` returns empty defaults, unlike Azure where CORS, logging, and metrics settings are persisted and applied. +- **Storage account keys**: Keys are emulator-generated rather than managed by Azure. +- **Header validation**: Unsupported request headers or parameters are silently accepted instead of being rejected. +- **API version enforcement**: The emulator does not validate the `x-ms-version` header; all API versions are accepted. + +## Samples + +The following sample demonstrates how to use Queue Storage with LocalStack for Azure: + +- [Azure Functions Sample with LocalStack for Azure](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-storage-http/dotnet) + ## API Coverage - + \ No newline at end of file diff --git a/src/content/docs/azure/services/resource-manager.mdx b/src/content/docs/azure/services/resource-manager.mdx index 6261a2e6..ace9b3c8 100644 --- a/src/content/docs/azure/services/resource-manager.mdx +++ b/src/content/docs/azure/services/resource-manager.mdx @@ -11,9 +11,9 @@ import AzureFeatureCoverage from "../../../../components/feature-coverage/AzureF Azure Resource Manager (ARM) is the unified deployment and management layer for Azure resources, providing a consistent control-plane API for resource organization and lifecycle management. It enables idempotent, declarative infrastructure as code (IaC) through JSON-based ARM templates and Bicep modules, allowing for automated resource group orchestration and provider registrations. For more information, see: -- [[What is Azure Resource Manager?](https://learn.microsoft.com/azure/azure-resource-manager/management/overview)](https://learn.microsoft.com/azure/azure-resource-manager/management/overview) -- [[What are ARM templates?](https://learn.microsoft.com/azure/azure-resource-manager/templates/overview)](https://learn.microsoft.com/azure/azure-resource-manager/templates/overview) -- [[What is Bicep?](https://learn.microsoft.com/azure/azure-resource-manager/bicep/overview)](https://learn.microsoft.com/azure/azure-resource-manager/bicep/overview) +- [What is Azure Resource Manager?](https://learn.microsoft.com/azure/azure-resource-manager/management/overview)](https://learn.microsoft.com/azure/azure-resource-manager/management/overview) +- [What are ARM templates?](https://learn.microsoft.com/azure/azure-resource-manager/templates/overview)](https://learn.microsoft.com/azure/azure-resource-manager/templates/overview) +- [What is Bicep?](https://learn.microsoft.com/azure/azure-resource-manager/bicep/overview)](https://learn.microsoft.com/azure/azure-resource-manager/bicep/overview) LocalStack for Azure enables seamless interaction with the emulator’s management REST API via Azure Resource Manager. It also provides native support for Bicep and ARM templates, allowing for standardized Infrastructure as Code (IaC) deployments within your local environment. The supported APIs are available on our [API Coverage section](#api-coverage), which provides information on the extent of Resource Manager's integration with LocalStack. diff --git a/src/content/docs/azure/services/role-assignment.mdx b/src/content/docs/azure/services/role-assignment.mdx index 816a85fa..4a109f01 100644 --- a/src/content/docs/azure/services/role-assignment.mdx +++ b/src/content/docs/azure/services/role-assignment.mdx @@ -179,10 +179,10 @@ az role assignment delete \ ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: +The following sample demonstrates how to use Azure Role Assignments with LocalStack for Azure: -- Creating custom RBAC roles and assigning them to service principals. -- Assigning built-in roles to managed identities for infrastructure automation tests. +- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/role-definition.mdx b/src/content/docs/azure/services/role-definition.mdx index e575e5c8..1e75a274 100644 --- a/src/content/docs/azure/services/role-definition.mdx +++ b/src/content/docs/azure/services/role-definition.mdx @@ -161,10 +161,7 @@ az role definition list --name "Custom Storage Reader" ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Creating custom RBAC roles and assigning them to service principals. -- Combining role definitions and role assignments for least-privilege access patterns. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/scheduled-query-rules.mdx b/src/content/docs/azure/services/scheduled-query-rules.mdx index 3b972887..177a6846 100644 --- a/src/content/docs/azure/services/scheduled-query-rules.mdx +++ b/src/content/docs/azure/services/scheduled-query-rules.mdx @@ -240,9 +240,7 @@ az monitor scheduled-query list --resource-group rg-sqr-demo ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Defining scheduled query alert rules for log-based monitoring scenarios. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/web-test.mdx b/src/content/docs/azure/services/web-test.mdx index 3fa206a8..67d6e438 100644 --- a/src/content/docs/azure/services/web-test.mdx +++ b/src/content/docs/azure/services/web-test.mdx @@ -190,9 +190,7 @@ az rest --method DELETE \ ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Configuring web tests linked to Application Insights components for IaC testing. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage diff --git a/src/content/docs/azure/services/workbook.mdx b/src/content/docs/azure/services/workbook.mdx index 30ff8b6b..39a25270 100644 --- a/src/content/docs/azure/services/workbook.mdx +++ b/src/content/docs/azure/services/workbook.mdx @@ -189,9 +189,7 @@ az rest --method DELETE \ ## Samples -Explore end-to-end examples in the [localstack-azure-samples](https://github.com/localstack/localstack-azure-samples) repository: - -- Deploying workbook resources via Bicep or ARM templates for observability dashboards. +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage From 948c1c442833c9505017032d376b3e72df930762 Mon Sep 17 00:00:00 2001 From: Paolo Salvatori Date: Wed, 15 Apr 2026 17:47:59 +0200 Subject: [PATCH 3/3] Update samples --- src/content/docs/azure/services/blob-storage.mdx | 2 +- src/content/docs/azure/services/container-instance.mdx | 2 +- src/content/docs/azure/services/container-registry.mdx | 2 +- src/content/docs/azure/services/key-vault.mdx | 2 +- src/content/docs/azure/services/managed-identity.mdx | 2 +- src/content/docs/azure/services/nat-gateway.mdx | 4 ++-- src/content/docs/azure/services/network-interface.mdx | 2 +- src/content/docs/azure/services/private-dns-zone.mdx | 4 ++-- src/content/docs/azure/services/private-endpoint.mdx | 4 ++-- src/content/docs/azure/services/public-ip-address.mdx | 4 ++-- src/content/docs/azure/services/public-ip-prefix.mdx | 4 ++-- src/content/docs/azure/services/route-table.mdx | 5 +---- 12 files changed, 17 insertions(+), 20 deletions(-) diff --git a/src/content/docs/azure/services/blob-storage.mdx b/src/content/docs/azure/services/blob-storage.mdx index 5e3c81ee..c0d1ac52 100644 --- a/src/content/docs/azure/services/blob-storage.mdx +++ b/src/content/docs/azure/services/blob-storage.mdx @@ -267,7 +267,7 @@ The Blob Storage emulator supports the following features: ## Samples -The following samples demonstrate how to use Blob Storage with LocalStack for Azure: +The following samples demonstrate how to use Azure Blob Storage with LocalStack for Azure: - [Azure Functions Sample with LocalStack for Azure](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-storage-http/dotnet) - [Azure Functions App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-managed-identity/python) diff --git a/src/content/docs/azure/services/container-instance.mdx b/src/content/docs/azure/services/container-instance.mdx index 50205642..478eee92 100644 --- a/src/content/docs/azure/services/container-instance.mdx +++ b/src/content/docs/azure/services/container-instance.mdx @@ -346,7 +346,7 @@ az container list \ The following samples demonstrate how to use Azure Container Instances with LocalStack for Azure: -- [Azure Container Instances quickstart](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-quickstart) +- [Azure Container Instances, Key Vault, and Storage](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-quickstart) ## API Coverage diff --git a/src/content/docs/azure/services/container-registry.mdx b/src/content/docs/azure/services/container-registry.mdx index 9407ddbb..c95ca4f4 100644 --- a/src/content/docs/azure/services/container-registry.mdx +++ b/src/content/docs/azure/services/container-registry.mdx @@ -215,7 +215,7 @@ az acr list --resource-group rg-acr-demo The following sample demonstrates how to use Azure Container Registry with LocalStack for Azure: -- [ACI and Blob Storage](https://github.com/localstack/localstack-azure-samples/samples/aci-blob-storage/python/README.md) +- [Azure Container Instances, Key Vault, and Storage](https://github.com/localstack/localstack-azure-samples/samples/aci-blob-storage/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/key-vault.mdx b/src/content/docs/azure/services/key-vault.mdx index dc80f983..baed48a2 100644 --- a/src/content/docs/azure/services/key-vault.mdx +++ b/src/content/docs/azure/services/key-vault.mdx @@ -145,7 +145,7 @@ Key Vault keys, HSM-related operations, and getting a real certificate from an o ## Samples -The following sample demonstrates how to use Key Vault with LocalStack for Azure: +The following sample demonstrates how to use Azure Key Vault with LocalStack for Azure: - [Azure Container Instances, Key Vault, and Storage](https://learn.microsoft.com/en-us/azure/container-instances/container-instances-quickstart) - [Azure Web App with Azure SQL Database and Azure Key Vault](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-sql-database/python) diff --git a/src/content/docs/azure/services/managed-identity.mdx b/src/content/docs/azure/services/managed-identity.mdx index 661f492f..1aa10cfc 100644 --- a/src/content/docs/azure/services/managed-identity.mdx +++ b/src/content/docs/azure/services/managed-identity.mdx @@ -289,7 +289,7 @@ The Managed Identity emulator has the following limitations: ## Samples -The following samples demonstrate how to use Managed Identity with LocalStack for Azure: +The following samples demonstrate how to use Azure Managed Identity with LocalStack for Azure: - [Functions App with Managed Identity](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-managed-identity/python) - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/samples/function-app-service-bus/dotnet/README.md) diff --git a/src/content/docs/azure/services/nat-gateway.mdx b/src/content/docs/azure/services/nat-gateway.mdx index e6403a60..8421d947 100644 --- a/src/content/docs/azure/services/nat-gateway.mdx +++ b/src/content/docs/azure/services/nat-gateway.mdx @@ -314,10 +314,10 @@ The NAT Gateway emulator supports the following features: ## Samples -The following samples demonstrate how to use NAT Gateway with LocalStack for Azure: +The following samples demonstrate how to use Azure NAT Gateway with LocalStack for Azure: - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/network-interface.mdx b/src/content/docs/azure/services/network-interface.mdx index e7e779ab..a1dd73bf 100644 --- a/src/content/docs/azure/services/network-interface.mdx +++ b/src/content/docs/azure/services/network-interface.mdx @@ -301,7 +301,7 @@ The Network Interface emulator supports the following features: The following samples demonstrate how to use Azure Network Interfaces with LocalStack for Azure: - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/private-dns-zone.mdx b/src/content/docs/azure/services/private-dns-zone.mdx index 9c0f51ba..650f3ef6 100644 --- a/src/content/docs/azure/services/private-dns-zone.mdx +++ b/src/content/docs/azure/services/private-dns-zone.mdx @@ -324,10 +324,10 @@ The Private DNS Zone emulator supports the following features: ## Samples -The following samples demonstrate how to use Private DNS Zones with LocalStack for Azure: +The following samples demonstrate how to use Azure Private DNS Zones with LocalStack for Azure: -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/private-endpoint.mdx b/src/content/docs/azure/services/private-endpoint.mdx index f4c2b332..b1996bf8 100644 --- a/src/content/docs/azure/services/private-endpoint.mdx +++ b/src/content/docs/azure/services/private-endpoint.mdx @@ -381,10 +381,10 @@ The Private Endpoint emulator supports the following features: ## Samples -The following samples demonstrate how to use Private Endpoints with LocalStack for Azure: +The following samples demonstrate how to use Azure Private Endpoints with LocalStack for Azure: -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/public-ip-address.mdx b/src/content/docs/azure/services/public-ip-address.mdx index 742063ea..3d59f68a 100644 --- a/src/content/docs/azure/services/public-ip-address.mdx +++ b/src/content/docs/azure/services/public-ip-address.mdx @@ -196,10 +196,10 @@ The Public IP Address emulator supports the following features: ## Samples -The following samples demonstrate how to use Public IP Addresses with LocalStack for Azure: +The following samples demonstrate how to use Azure Public IP Addresses with LocalStack for Azure: -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/public-ip-prefix.mdx b/src/content/docs/azure/services/public-ip-prefix.mdx index 1aabdb56..8bf5720b 100644 --- a/src/content/docs/azure/services/public-ip-prefix.mdx +++ b/src/content/docs/azure/services/public-ip-prefix.mdx @@ -177,10 +177,10 @@ The Public IP Prefix emulator supports the following features: ## Samples -The following samples demonstrate how to use Public IP Prefixes with LocalStack for Azure: +The following samples demonstrate how to use Azure Public IP Prefixes with LocalStack for Azure: - [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) +- [Web App and Cosmos DB for MongoDB API ](https://github.com/localstack/localstack-azure-samples/samples/web-app-cosmosdb-mongodb-api/python/README.md) ## API Coverage diff --git a/src/content/docs/azure/services/route-table.mdx b/src/content/docs/azure/services/route-table.mdx index 20ad5686..dc8f052e 100644 --- a/src/content/docs/azure/services/route-table.mdx +++ b/src/content/docs/azure/services/route-table.mdx @@ -291,10 +291,7 @@ The Route Table emulator supports the following features: ## Samples -The following samples demonstrate how to use Route Tables with LocalStack for Azure: - -- [Web App and Managed Identities](https://github.com/localstack/localstack-azure-samples/tree/main/samples/web-app-managed-identity/python/) -- [Function App and Service Bus](https://github.com/localstack/localstack-azure-samples/tree/main/samples/function-app-service-bus/dotnet/) +Explore end-to-end examples in the [LocalStack for Azure Samples](https://github.com/localstack/localstack-azure-samples) repository. ## API Coverage