[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"skill-bafb3975-e5a4-4979-8ff6-d0f0568bddba":3,"$f02JBvPe4Y-UwWGu2d5vK9ZkYXmKPqjgmH5EnHArMS48":43},{"id":4,"title":5,"description":6,"categoryId":7,"moduleId":8,"tags":9,"prompt":10,"icon":11,"source":12,"sourceUrl":13,"authorId":14,"authorName":15,"isPublic":16,"stars":17,"runs":18,"createdAt":19,"updatedAt":19,"module":20,"category":27,"packages":34},"bafb3975-e5a4-4979-8ff6-d0f0568bddba","azure-cloud-architect","为初创公司和企业提供Azure架构设计。在需要设计Azure基础设施、创建Bicep\u002FARM模板、优化Azure成本、设置Azure DevOps管道或迁移到Azure时使用。涵盖AKS、App Service、Azure Functions、Cosmos DB和成本优化。","cat_coding_devops","mod_coding","alirezarezvani,coding","---\nname: \"azure-cloud-architect\"\ndescription: \"Design Azure architectures for startups and enterprises. Use when asked to design Azure infrastructure, create Bicep\u002FARM templates, optimize Azure costs, set up Azure DevOps pipelines, or migrate to Azure. Covers AKS, App Service, Azure Functions, Cosmos DB, and cost optimization.\"\n---\n\n# Azure Cloud Architect\n\nDesign scalable, cost-effective Azure architectures for startups and enterprises with Bicep infrastructure-as-code templates.\n\n---\n\n## Workflow\n\n### Step 1: Gather Requirements\n\nCollect application specifications:\n\n```\n- Application type (web app, mobile backend, data pipeline, SaaS, microservices)\n- Expected users and requests per second\n- Budget constraints (monthly spend limit)\n- Team size and Azure experience level\n- Compliance requirements (GDPR, HIPAA, SOC 2, ISO 27001)\n- Availability requirements (SLA, RPO\u002FRTO)\n- Region preferences (data residency, latency)\n```\n\n### Step 2: Design Architecture\n\nRun the architecture designer to get pattern recommendations:\n\n```bash\npython scripts\u002Farchitecture_designer.py \\\n  --app-type web_app \\\n  --users 10000 \\\n  --requirements '{\"budget_monthly_usd\": 500, \"compliance\": [\"SOC2\"]}'\n```\n\n**Example output:**\n\n```json\n{\n  \"recommended_pattern\": \"app_service_web\",\n  \"service_stack\": [\"App Service\", \"Azure SQL\", \"Front Door\", \"Key Vault\", \"Entra ID\"],\n  \"estimated_monthly_cost_usd\": 280,\n  \"pros\": [\"Managed platform\", \"Built-in autoscale\", \"Deployment slots\"],\n  \"cons\": [\"Less control than VMs\", \"Platform constraints\", \"Cold start on consumption plans\"]\n}\n```\n\nSelect from recommended patterns:\n- **App Service Web**: Front Door + App Service + Azure SQL + Redis Cache\n- **Microservices on AKS**: AKS + Service Bus + Cosmos DB + API Management\n- **Serverless Event-Driven**: Functions + Event Grid + Service Bus + Cosmos DB\n- **Data Pipeline**: Data Factory + Synapse Analytics + Data Lake Storage + Event Hubs\n\nSee `references\u002Farchitecture_patterns.md` for detailed pattern specifications.\n\n**Validation checkpoint:** Confirm the recommended pattern matches the team's operational maturity and compliance requirements before proceeding to Step 3.\n\n### Step 3: Generate IaC Templates\n\nCreate infrastructure-as-code for the selected pattern:\n\n```bash\n# Web app stack (Bicep)\npython scripts\u002Fbicep_generator.py --arch-type web-app --output main.bicep\n```\n\n**Example Bicep output (core web app resources):**\n\n```bicep\n@description('The environment name')\nparam environment string = 'dev'\n\n@description('The Azure region for resources')\nparam location string = resourceGroup().location\n\n@description('The application name')\nparam appName string = 'myapp'\n\n\u002F\u002F App Service Plan\nresource appServicePlan 'Microsoft.Web\u002Fserverfarms@2023-01-01' = {\n  name: '${environment}-${appName}-plan'\n  location: location\n  sku: {\n    name: 'P1v3'\n    tier: 'PremiumV3'\n    capacity: 1\n  }\n  properties: {\n    reserved: true \u002F\u002F Linux\n  }\n}\n\n\u002F\u002F App Service\nresource appService 'Microsoft.Web\u002Fsites@2023-01-01' = {\n  name: '${environment}-${appName}-web'\n  location: location\n  properties: {\n    serverFarmId: appServicePlan.id\n    httpsOnly: true\n    siteConfig: {\n      linuxFxVersion: 'NODE|20-lts'\n      minTlsVersion: '1.2'\n      ftpsState: 'Disabled'\n      alwaysOn: true\n    }\n  }\n  identity: {\n    type: 'SystemAssigned'\n  }\n}\n\n\u002F\u002F Azure SQL Database\nresource sqlServer 'Microsoft.Sql\u002Fservers@2023-05-01-preview' = {\n  name: '${environment}-${appName}-sql'\n  location: location\n  properties: {\n    administrators: {\n      azureADOnlyAuthentication: true\n    }\n    minimalTlsVersion: '1.2'\n  }\n}\n\nresource sqlDatabase 'Microsoft.Sql\u002Fservers\u002Fdatabases@2023-05-01-preview' = {\n  parent: sqlServer\n  name: '${appName}-db'\n  location: location\n  sku: {\n    name: 'GP_S_Gen5_2'\n    tier: 'GeneralPurpose'\n  }\n  properties: {\n    autoPauseDelay: 60\n    minCapacity: json('0.5')\n  }\n}\n```\n\n> Full templates including Front Door, Key Vault, Managed Identity, and monitoring are generated by `bicep_generator.py` and also available in `references\u002Farchitecture_patterns.md`.\n\n**Bicep is the recommended IaC language for Azure.** Prefer Bicep over ARM JSON templates: Bicep compiles to ARM JSON, has cleaner syntax, supports modules, and is first-party supported by Microsoft.\n\n### Step 4: Review Costs\n\nAnalyze estimated costs and optimization opportunities:\n\n```bash\npython scripts\u002Fcost_optimizer.py \\\n  --config current_resources.json \\\n  --json\n```\n\n**Example output:**\n\n```json\n{\n  \"current_monthly_usd\": 2000,\n  \"recommendations\": [\n    { \"action\": \"Right-size SQL Database GP_S_Gen5_8 to GP_S_Gen5_2\", \"savings_usd\": 380, \"priority\": \"high\" },\n    { \"action\": \"Purchase 1-year Reserved Instances for AKS node pools\", \"savings_usd\": 290, \"priority\": \"high\" },\n    { \"action\": \"Move Blob Storage to Cool tier for objects >30 days old\", \"savings_usd\": 65, \"priority\": \"medium\" }\n  ],\n  \"total_potential_savings_usd\": 735\n}\n```\n\nOutput includes:\n- Monthly cost breakdown by service\n- Right-sizing recommendations\n- Reserved Instance and Savings Plan opportunities\n- Potential monthly savings\n\n### Step 5: Configure CI\u002FCD\n\nSet up Azure DevOps Pipelines or GitHub Actions with Azure:\n\n```yaml\n# GitHub Actions — deploy Bicep to Azure\nname: Deploy Infrastructure\non:\n  push:\n    branches: [main]\n\npermissions:\n  id-token: write\n  contents: read\n\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions\u002Fcheckout@v4\n\n      - uses: azure\u002Flogin@v2\n        with:\n          client-id: ${{ secrets.AZURE_CLIENT_ID }}\n          tenant-id: ${{ secrets.AZURE_TENANT_ID }}\n          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}\n\n      - uses: azure\u002Farm-deploy@v2\n        with:\n          resourceGroupName: rg-myapp-dev\n          template: .\u002Finfra\u002Fmain.bicep\n          parameters: environment=dev\n```\n\n```yaml\n# Azure DevOps Pipeline\ntrigger:\n  branches:\n    include:\n      - main\n\npool:\n  vmImage: 'ubuntu-latest'\n\nsteps:\n  - task: AzureCLI@2\n    inputs:\n      azureSubscription: 'MyServiceConnection'\n      scriptType: 'bash'\n      scriptLocation: 'inlineScript'\n      inlineScript: |\n        az deployment group create \\\n          --resource-group rg-myapp-dev \\\n          --template-file infra\u002Fmain.bicep \\\n          --parameters environment=dev\n```\n\n### Step 6: Security Review\n\nValidate security posture before production:\n\n- **Identity**: Entra ID (Azure AD) with RBAC, Managed Identity for service-to-service auth — never store credentials in code\n- **Secrets**: Key Vault for all secrets, certificates, and connection strings\n- **Network**: NSGs on all subnets, Private Endpoints for PaaS services, Application Gateway with WAF\n- **Encryption**: TLS 1.2+ in transit, Azure-managed or customer-managed keys at rest\n- **Monitoring**: Microsoft Defender for Cloud enabled, Azure Policy for guardrails\n- **Compliance**: Azure Policy assignments for SOC 2 \u002F HIPAA \u002F ISO 27001 initiatives\n\n**If deployment fails:**\n\n1. Check the deployment status:\n   ```bash\n   az deployment group show \\\n     --resource-group rg-myapp-dev \\\n     --name main \\\n     --query 'properties.error'\n   ```\n2. Review Activity Log for RBAC or policy errors.\n3. Validate the Bicep template before deploying:\n   ```bash\n   az bicep build --file main.bicep\n   az deployment group validate \\\n     --resource-group rg-myapp-dev \\\n     --template-file main.bicep\n   ```\n\n**Common failure causes:**\n- RBAC permission errors — verify the deploying principal has Contributor on the resource group\n- Resource provider not registered — run `az provider register --namespace Microsoft.Web`\n- Naming conflicts — Azure resource names are often globally unique (storage accounts, web apps)\n- Quota exceeded — request quota increase via Azure Portal > Subscriptions > Usage + quotas\n\n---\n\n## Tools\n\n### architecture_designer.py\n\nGenerates architecture pattern recommendations based on requirements.\n\n```bash\npython scripts\u002Farchitecture_designer.py \\\n  --app-type web_app \\\n  --users 50000 \\\n  --requirements '{\"budget_monthly_usd\": 1000, \"compliance\": [\"HIPAA\"]}' \\\n  --json\n```\n\n**Input:** Application type, expected users, JSON requirements\n**Output:** Recommended pattern, service stack, cost estimate, pros\u002Fcons\n\n### cost_optimizer.py\n\nAnalyzes Azure resource configurations for cost savings.\n\n```bash\npython scripts\u002Fcost_optimizer.py --config resources.json --json\n```\n\n**Input:** JSON file with current Azure resource inventory\n**Output:** Recommendations for:\n- Idle resource removal\n- VM and database right-sizing\n- Reserved Instance purchases\n- Storage tier transitions\n- Unused public IPs and load balancers\n\n### bicep_generator.py\n\nGenerates Bicep template scaffolds from architecture type.\n\n```bash\npython scripts\u002Fbicep_generator.py --arch-type microservices --output main.bicep\n```\n\n**Output:** Production-ready Bicep templates with:\n- Managed Identity (no passwords)\n- Key Vault integration\n- Diagnostic settings for Azure Monitor\n- Network security groups\n- Tags for cost allocation\n\n---\n\n## Quick Start\n\n### Web App Architecture (\u003C $100\u002Fmonth)\n\n```\nAsk: \"Design an Azure web app for a startup with 5000 users\"\n\nResult:\n- App Service (B1 Linux) for the application\n- Azure SQL Serverless for relational data\n- Azure Blob Storage for static assets\n- Front Door (free tier) for CDN and routing\n- Key Vault for secrets\n- Estimated: $40-80\u002Fmonth\n```\n\n### Microservices on AKS ($500-2000\u002Fmonth)\n\n```\nAsk: \"Design a microservices architecture on Azure for a SaaS platform with 50k users\"\n\nResult:\n- AKS cluster with 3 node pools (system, app, jobs)\n- API Management for gateway and rate limiting\n- Cosmos DB for multi-model data\n- Service Bus for async messaging\n- Azure Monitor + Application Insights for observability\n- Multi-zone deployment\n```\n\n### Serverless Event-Driven (\u003C $200\u002Fmonth)\n\n```\nAsk: \"Design an event-driven backend for processing orders\"\n\nResult:\n- Azure Functions (Consumption plan) for compute\n- Event Grid for event routing\n- Service Bus for reliable messaging\n- Cosmos DB for order data\n- Application Insights for monitoring\n- Estimated: $30-150\u002Fmonth depending on volume\n```\n\n### Data Pipeline ($300-1500\u002Fmonth)\n\n```\nAsk: \"Design a data pipeline for ingesting 10M events\u002Fday\"\n\nResult:\n- Event Hubs for ingestion\n- Stream Analytics or Functions for processing\n- Data Lake Storage Gen2 for raw data\n- Synapse Analytics for warehouse\n- Power BI for dashboards\n```\n\n---\n\n## Input Requirements\n\nProvide these details for architecture design:\n\n| Requirement | Description | Example |\n|-------------|-------------|---------|\n| Application type | What you're building | SaaS platform, mobile backend |\n| Expected scale | Users, requests\u002Fsec | 10k users, 100 RPS |\n| Budget | Monthly Azure limit | $500\u002Fmonth max |\n| Team context | Size, Azure experience | 3 devs, intermediate |\n| Compliance | Regulatory needs | HIPAA, GDPR, SOC 2 |\n| Availability | Uptime requirements | 99.9% SLA, 1hr RPO |\n\n**JSON Format:**\n\n```json\n{\n  \"application_type\": \"saas_platform\",\n  \"expected_users\": 10000,\n  \"requests_per_second\": 100,\n  \"budget_monthly_usd\": 500,\n  \"team_size\": 3,\n  \"azure_experience\": \"intermediate\",\n  \"compliance\": [\"SOC2\"],\n  \"availability_sla\": \"99.9%\"\n}\n```\n\n---\n\n## Anti-Patterns\n\n| Anti-Pattern | Why It Fails | Do This Instead |\n|---|---|---|\n| ARM JSON templates for new projects | Verbose, hard to read, no modules | Use Bicep — compiles to ARM, cleaner syntax |\n| Storing secrets in App Settings | Secrets visible in portal, no rotation | Use Key Vault references in App Settings |\n| Single large AKS node pool | Cannot optimize for different workloads | Use multiple node pools: system, app, jobs |\n| Public endpoints on PaaS services | Exposed attack surface | Use Private Endpoints + VNet integration |\n| Over-provisioning \"just in case\" | Wastes budget month one | Start small, use autoscale, right-size monthly |\n| Shared resource groups for everything | Blast radius, RBAC nightmares | One resource group per environment per workload |\n| No tagging strategy | Cannot track costs or ownership | Tag: environment, owner, cost-center, app-name |\n| Using classic resources | Deprecated, limited features | Use ARM\u002FBicep resources exclusively |\n\n---\n\n## Output Formats\n\n### Architecture Design\n\n- Pattern recommendation with rationale\n- Service stack diagram (ASCII)\n- Monthly cost estimate and trade-offs\n\n### IaC Templates\n\n- **Bicep**: Recommended — first-party, module support, clean syntax\n- **ARM JSON**: Generated from Bicep when needed\n- **Terraform HCL**: Multi-cloud compatible using azurerm provider\n\n### Cost Analysis\n\n- Current spend breakdown with optimization recommendations\n- Priority action list (high\u002Fmedium\u002Flow) and implementation checklist\n\n---\n\n## Cross-References\n\n| Skill | Relationship |\n|-------|-------------|\n| `engineering-team\u002Faws-solution-architect` | AWS equivalent — same 6-step workflow, different services |\n| `engineering-team\u002Fgcp-cloud-architect` | GCP equivalent — completes the cloud trifecta |\n| `engineering-team\u002Fsenior-devops` | Broader DevOps scope — pipelines, monitoring, containerization |\n| `engineering\u002Fterraform-patterns` | IaC implementation — use for Terraform modules targeting Azure |\n| `engineering\u002Fci-cd-pipeline-builder` | Pipeline construction — automates Azure DevOps and GitHub Actions |\n\n---\n\n## Reference Documentation\n\n| Document | Contents |\n|----------|----------|\n| `references\u002Farchitecture_patterns.md` | 5 patterns: web app, microservices\u002FAKS, serverless, data pipeline, multi-region |\n| `references\u002Fservice_selection.md` | Decision matrices for compute, database, storage, messaging, networking |\n| `references\u002Fbest_practices.md` | Naming conventions, tagging, RBAC, network security, monitoring, DR |\n","","imported","https:\u002F\u002Fgithub.com\u002Falirezarezvani\u002Fclaude-skills","user_system_seed","SkillOPIC",true,216,1593,"2026-05-16 13:56:03",{"id":8,"name":21,"slug":22,"icon":23,"description":24,"sort":25,"createdAt":26},"编程开发","coding","mdi-code-braces","代码生成、调试、审查，提升开发效率",2,"2026-05-16 12:53:40",{"id":7,"name":28,"slug":29,"icon":30,"description":31,"moduleId":8,"sort":32,"skillCount":33,"createdAt":26},"DevOps","devops","mdi-cog-outline","CI\u002FCD、容器化、部署运维",3,162,[35],{"id":36,"skillId":4,"version":37,"fileName":38,"fileSize":39,"filePath":40,"fileHash":41,"manifest":42,"createdAt":19},"7bcfbaa5-90a7-4795-b892-9bd5ccd167d3","1.0.0","azure-cloud-architect.zip",35167,"uploads\u002Fskills\u002Fbafb3975-e5a4-4979-8ff6-d0f0568bddba\u002Fazure-cloud-architect.zip","3f478851f3cab12641c76a6d4edea97004b4760ab8779812c83f5a4b68220ef5","[{\"path\":\"SKILL.md\",\"isDirectory\":false,\"size\":13702},{\"path\":\"references\u002Farchitecture_patterns.md\",\"isDirectory\":false,\"size\":17911},{\"path\":\"references\u002Fbest_practices.md\",\"isDirectory\":false,\"size\":12257},{\"path\":\"references\u002Fservice_selection.md\",\"isDirectory\":false,\"size\":11119},{\"path\":\"scripts\u002Farchitecture_designer.py\",\"isDirectory\":false,\"size\":21966},{\"path\":\"scripts\u002Fbicep_generator.py\",\"isDirectory\":false,\"size\":23663},{\"path\":\"scripts\u002Fcost_optimizer.py\",\"isDirectory\":false,\"size\":21203}]",{"code":44,"message":45,"data":46},200,"success",{"items":47,"stats":48,"page":51},[],{"averageRating":49,"totalRatings":49,"ratingCounts":50},0,[49,49,49,49,49],{"limit":52,"offset":49,"hasMore":53,"nextOffset":52,"ratedOnly":16},15,false]