Azure Deployment

⏱️ Time: 25-35 minutes | 💰 Cost: ~$300/month (dev)

Deploy Loan Defenders to Azure with production-ready infrastructure, enterprise security, and monitoring.

Prerequisites

Check before you start:

# Verify Azure CLI
az --version || echo "ERROR: Install Azure CLI first"

# Login to Azure
az login

# Set subscription
az account set --subscription "Your Subscription Name"
az account show --query "{Name:name, ID:id, Role:user.name}"

# Check you have Contributor role (required)
az role assignment list --assignee $(az account show --query user.name -o tsv) \
  --query "[?roleDefinitionName=='Contributor' || roleDefinitionName=='Owner'].roleDefinitionName" -o tsv

Required: - Azure subscription with Contributor or Owner role - Azure CLI installed and logged in - 25-35 minutes - ~$300/month budget for dev environment

Don't have Contributor role? Ask your Azure admin or see RBAC Setup.

Quick Start

1. Clone Repository

git clone https://github.com/niksacdev/loan-defenders.git
cd loan-defenders

2. Deploy Foundation (10-15 min)

./infrastructure/scripts/deploy-foundation.sh dev

Creates: VNet, Bastion + Jump Box VM, Key Vault, Managed Identity, Monitoring

⏱️ Time: 10-15 minutes

3. Deploy Substrate (5-7 min)

./infrastructure/scripts/deploy-substrate.sh dev

Creates: Container Registry (ACR), AI Foundry Hub & Project, Private Endpoints

⏱️ Time: 5-7 minutes

4. Deploy AI Models (3-5 min)

./infrastructure/scripts/deploy-ai-models.sh dev

Creates: GPT-4o and GPT-4o-mini model deployments (10K TPM each)

⏱️ Time: 3-5 minutes

5. Deploy Applications (1-2 min)

./infrastructure/scripts/deploy-apps.sh dev
# Press 'y' when prompted to build container images

Creates: Azure Container Instance with 5 containers (UI, API, 3 MCP servers)

⏱️ Time: 1-2 minutes (deployment) + 8-12 minutes (image builds first time)

Total first deployment: 25-35 minutes

Verify Deployment

# Get the application URL
az container show \
  --name ldfdev-aci \
  --resource-group ldfdev-rg \
  --query "properties.ipAddress.ip" -o tsv

# Open in browser: http://<IP-ADDRESS>

Test it: 1. Click "Start Your Loan Application" 2. Fill in test loan data 3. Submit and watch agents process in real-time 4. Verify you get a loan decision (30-60 seconds)

Daily Development

Made code changes? Redeploy apps layer only:

./infrastructure/scripts/deploy-apps.sh dev
# Press 'y' to rebuild changed images

⏱️ Time: 1-2 minutes (90% faster than full deployment!)

Why so fast? Foundation, Substrate, and AI Models rarely change. Only apps change frequently.

Cost Breakdown

Development Environment (Default)

Component	Monthly Cost
Azure Container Instance (5 containers)	$85
Azure OpenAI (10K TPM, usage-based)	$30-80
Bastion + Jump Box VM (B2s)	$145
Networking (VNet, NSG, Private Endpoints)	$12
Monitoring (App Insights, Log Analytics)	$20
Storage (ACR, Key Vault)	$8
TOTAL	~$300-350/month

Cost Optimization

Stop Jump Box when not needed:

az vm deallocate --name ldfdev-jump-box --resource-group ldfdev-rg
# Saves: $70/month

Use cheaper AI model:

# Edit: infrastructure/bicep/environments/dev-apps.parameters.json
# Change: "aiModelDeploymentName": "gpt-4o-mini"
./infrastructure/scripts/deploy-apps.sh dev
# Saves: ~$50/month (gpt-4o-mini is 15x cheaper)

Pause container when not testing:

az container stop --name ldfdev-aci --resource-group ldfdev-rg
# Saves: $85/month

Production Environment

Scale up: $800-1,500/month (auto-scaling, HA, higher TPM limits)

Troubleshooting

Deployment Script Fails

Error: Deployment failed or Resource not found

Solution:

# Check deployment status
az deployment group list \
  --resource-group ldfdev-rg \
  --query "[].{Name:name, State:properties.provisioningState}" -o table

# Look for "Failed" deployments
# Re-run the failed layer script

Container Won't Start

Error: Container exits immediately or health check fails

Solution:

# Check container logs
az container logs --name ldfdev-aci --resource-group ldfdev-rg --container-name api

# Common issues:
# - Missing environment variables (check Key Vault)
# - AI Foundry endpoint unreachable (check private endpoint)
# - Image build failed (check ACR for images)

Images Not Found

Error: Image not found in ACR

Solution:

# List images in ACR
az acr repository list --name ldfdevacr -o table

# If empty, rebuild:
./infrastructure/scripts/deploy-apps.sh dev
# Press 'y' to rebuild all images

Permission Denied

Error: Insufficient privileges to complete the operation

Solution:

# Verify you have Contributor role
az role assignment list --assignee $(az account show --query user.name -o tsv) \
  --query "[?roleDefinitionName=='Contributor' || roleDefinitionName=='Owner']"

# If no results, contact your Azure admin

More help: Full Troubleshooting Guide

Cleanup

Delete Everything

# WARNING: This deletes ALL resources and data!
az group delete --name ldfdev-rg --yes --no-wait

# Verify deletion (should fail after a few minutes)
az group show --name ldfdev-rg

Delete Apps Only (Keep Infrastructure)

# Stop and delete containers only
az container delete --name ldfdev-aci --resource-group ldfdev-rg --yes

What You Deployed

┌─────────────────────────────────────────────────────┐
│ Azure Container Instance (Single Container Group)  │
│                                                     │
│  ┌──────────┐   ┌──────────┐   ┌─────────────┐   │
│  │ UI       │──▶│ API      │──▶│ MCP Servers │   │
│  │ Port 80  │   │ Port 8000│   │ 8010-8012   │   │
│  │ Public   │   │ localhost│   │ localhost   │   │
│  └──────────┘   └──────────┘   └─────────────┘   │
│                                        │           │
│                                        ▼           │
│                         ┌────────────────────────┐│
│                         │ AI Foundry Project     ││
│                         │ gpt-4o, gpt-4o-mini    ││
│                         │ Private Endpoint       ││
│                         └────────────────────────┘│
│                                                     │
│  All inside private VNet (10.0.0.0/16)            │
└─────────────────────────────────────────────────────┘

Security: - ✅ Private networking (no public access to backend) - ✅ Managed Identity (no credentials in code) - ✅ Bastion for secure admin access (no VPN needed) - ✅ All traffic encrypted (TLS 1.2+) - ✅ Network Security Groups (firewall rules) - ✅ Private endpoints (AI services not on internet)

Architecture Details

4-Layer Deployment: 1. Foundation (Layer 1) - Networking, security, monitoring 2. Substrate (Layer 2) - Container platform, AI Foundry 3. AI Models (Layer 3) - Model deployments 4. Applications (Layer 4) - Your code

Why layers? Deploy only what changed. Most updates touch Layer 4 only (1-2 min).

Full architecture docs: - 4-Layer Deployment Cake - Visual guide - Azure Deployment Architecture - Technical deep dive - ADR-041: 4-Layer Architecture - Design rationale

Advanced Options

GitHub CI/CD (Automated Deployments)

Want automated deployments on git push?

→ GitHub CI/CD Deployment Guide

Adds: - Automated deployments on code changes - OIDC passwordless authentication - Deployment history and rollback - Multi-environment management

Time to set up: +15 minutes (one-time OIDC setup)

Bastion Access (Connect to VNet Resources)

Need to access Jump Box VM or troubleshoot in VNet?

→ Bastion Dev Access Guide

Provides: - Browser-based RDP to Jump Box VM - No VPN client needed - Secure access to private resources

Next Steps

Production Deployment: - RBAC Setup - Configure access control - Monitoring Setup - Alerts and dashboards - AI Models Configuration - Scale up TPM

Learn the System: - System Architecture - How it works - Agent Framework - Multi-agent design - MCP Servers - Tool servers

Need Help? - Troubleshooting Guide - Common issues - GitHub Discussions - Ask questions - GitHub Issues - Report bugs

🎉 You're deployed to Azure! Start processing loan applications at scale.