This repository contains a comprehensive Azure Developer CLI (azd) template for deploying R Shiny applications to Azure using Azure Container Apps and Terraform as Infrastructure as Code.
- Production-Ready Infrastructure: Azure Container Apps with auto-scaling
- Security First: Managed identities, Key Vault integration, RBAC
- Modern Architecture: Containerized deployment with private container registry
- Monitoring: Integrated logging with Log Analytics
- IaC: Complete Terraform infrastructure setup
- Automated Deployment: One-command deployment with azd
The template deploys the following Azure resources:
- Azure Container Apps: Serverless container hosting
- Azure Container Registry: Private Docker registry
- Azure Key Vault: Secure secret management
- Log Analytics Workspace: Centralized logging
- Managed Identity: Secure service-to-service authentication
- RBAC Assignments: Least privilege access control
- Azure Developer CLI (azd)
- Terraform (>= 1.3.0)
- Azure CLI
- Docker
-
Initialize the template:
azd init --template <repository-url> cd <your-project-name>
-
Configure variables (optional):
cp infra/terraform.tfvars.example infra/terraform.tfvars # Edit terraform.tfvars with your preferred settings -
Deploy everything:
azd up
-
Access your app: After deployment, azd will output the URL of your running R Shiny application.
βββ src/ # R Shiny application source
β βββ app.R # Enhanced R Shiny app with Azure features
β βββ Dockerfile # Production-ready container definition
βββ infra/ # Terraform infrastructure
β βββ main.tf # Main infrastructure resources
β βββ variables.tf # Input variables
β βββ outputs.tf # Output values
β βββ provider.tf # Terraform providers
β βββ terraform.tfvars.example # Example configuration
β βββ README.md # Infrastructure documentation
βββ hooks/ # Deployment hooks
β βββ predeploy.sh # Pre-deployment validation
β βββ postdeploy.sh # Post-deployment verification
βββ azure.yaml # azd configuration
βββ README.md # This file
The R Shiny application can access these environment variables:
PORT: Application port (default: 3838)APP_SECRET: Application secret from Key Vault
Configure these in infra/terraform.tfvars:
| Variable | Description | Default |
|---|---|---|
location |
Azure region | - |
environment_name |
Resource name prefix | - |
image_name |
Container image name | shinyapp |
app_secret_value |
Application secret | default-secret-value |
min_replicas |
Minimum container instances | 1 |
max_replicas |
Maximum container instances | 3 |
- No hardcoded credentials: Uses managed identities
- Private container registry: Secure image storage
- Key Vault integration: Encrypted secret management
- RBAC: Role-based access control
- HTTPS only: Automatic TLS termination
- Non-root containers: Enhanced security
- Container logs: Automatically sent to Log Analytics
- Health checks: Built-in container health monitoring
- Azure Monitor: Ready for alerts and dashboards
- Application insights: Can be easily added
- Modify your R Shiny app in
src/app.R - Test locally with Docker:
cd src docker build -t my-shiny-app . docker run -p 3838:3838 my-shiny-app
- Deploy changes:
azd deploy
Add package installations to src/Dockerfile:
RUN R -e "install.packages(c('plotly', 'dplyr'), repos='https://cran.rstudio.com/')"Modify scaling in infra/terraform.tfvars:
min_replicas = 2
max_replicas = 10Add more secrets in infra/main.tf:
resource "azurerm_key_vault_secret" "additional_secret" {
name = "another-secret"
value = var.another_secret_value
key_vault_id = azurerm_key_vault.kv.id
}-
Container fails to start:
az containerapp logs show --name <app-name> --resource-group <rg-name>
-
Authentication errors: Check managed identity role assignments in Azure Portal
-
Build failures: Verify Dockerfile syntax and R package dependencies
# View deployment status
azd show
# Check container app status
az containerapp show --name <app-name> --resource-group <rg-name>
# View logs
azd logs
# Redeploy application only
azd deploy
# Destroy all resources
azd down- Fork the repository
- Create a feature branch
- Make your changes
- Test the deployment
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.