1. Ensure you have an Azure account.
2. Install Azure CLI if not already installed.
3. Install Java JDK 17 and Maven.
4. Have a WAR file ready for deployment, named backend.war.

Open a terminal and log in to your Azure account:

az login

Create a resource group to organize your resources:

az group create --name <your-resource-group> --location <your-location>

Replace <your-resource-group> with your desired resource group name and <your-location> with the Azure region, e.g., eastus.

Create an App Service Plan to define the region and pricing tier for your web app:

az appservice plan create --name <your-app-service-plan> --resource-group <your-resource-group> --sku B1 --is-linux

Replace <your-app-service-plan> with your desired plan name.

Create a Web App instance:

az webapp create --resource-group <your-resource-group> --plan <your-app-service-plan> --name <your-webapp-name> --runtime "JAVA|17-java17" --deployment-local-git

Replace <your-webapp-name> with your desired web app name. Make sure it’s unique within Azure.

Configure deployment credentials if needed:

az webapp deployment user set --user-name <username> --password <password>

Replace <username> and <password> with your preferred credentials.

To access Azure Key Vault secrets using Managed Identity in your Java Spring Boot application deployed to Azure App Service, follow these steps:

• Go to the Azure Portal.
• Navigate to your App Service.
• Under the "Identity" blade, enable the "System-assigned" Managed Identity.
• This will automatically register the identity with Azure Active Directory (AAD).

CLI:

# Assign a System-assigned Managed Identity to the App Service
az webapp identity assign --resource-group <resource-group-name> --name <app-service-name>

• Go to your Azure Key Vault in the Azure Portal.
• Under "Access policies," create a new access policy.
• Choose the "Secret Management" template.
• Under "Principal," select the Managed Identity of your App Service.
• Save the configuration to allow your App Service access to the secrets.

CLI:

# Get the Managed Identity's client ID
IDENTITY_CLIENT_ID=$(az webapp identity show --resource-group <resource-group-name> --name <app-service-name> --query principalId --output tsv)

# Grant access to the Key Vault for the Managed Identity
az keyvault set-policy --name <key-vault-name> --secret-permissions get list --object-id $IDENTITY_CLIENT_ID

Ensure that the following environment variables are set in your Azure App Service configuration:

• AZURE_KEYVAULT_URL (your Key Vault URL)

CLI:

# Set the environment variable in App Service
az webapp config appsettings set --resource-group <resource-group-name> --name <app-service-name> --settings AZURE_KEYVAULT_URL=https://<key-vault-name>.vault.azure.net/

./mvnw clean package azure-webapp:deploy

This command will:

• Deploy the WAR file to your specified Azure Web App.
• Ensure that the Azure configuration in your pom.xml is used to target the correct Azure resources.

Configuration Requirements

Ensure that you have the Azure Web App Maven Plugin set up in your pom.xml. Below is an example configuration that you should include in the build section of your pom.xml if not already present:

<build>
    <plugins>
        <plugin>
            <groupId>com.microsoft.azure</groupId>
            <artifactId>azure-webapp-maven-plugin</artifactId>
            <version>2.13.0</version>
            <!-- Refer: https://github.com/microsoft/azure-maven-plugins/wiki/Azure-Web-App:-Configuration-Details -->

            <configuration>
                <!-- Optional: If not mentioned, it will pick the default subscription -->
                <!--                    <subscriptionId>SUBSCRIPTION_ID</subscriptionId>-->

                <resourceGroup>BACKEND_RESOURCE_GROUP</resourceGroup>
                <appName>BACKEND_APP_SERVICE_NAME</appName>

                <!-- Required only when creating a new Azure App Service. Not needed for updates. -->
                <!--                    <region>REGION</region>-->
                <!--                    <pricingTier>B1</pricingTier>-->


                <runtime>
                    <os>Linux</os>
                    <javaVersion>Java 17</javaVersion>
                    <webContainer>Tomcat 10.0</webContainer>
                </runtime>
                <deployment>
                    <resources>
                        <resource>
                            <directory>${project.basedir}/target</directory>
                            <includes>
                                <include>*.war</include>
                            </includes>
                        </resource>
                    </resources>
                </deployment>
            </configuration>
        </plugin>
    </plugins>
</build>

Make sure that:

• resourceGroup matches the Azure Resource Group where your Web App is hosted.
• appName corresponds to the name of your Azure Web App.
• region matches the location of your Web App (e.g., westus, eastus).
• javaVersion and webContainer reflect your environment.

Once you have added the required configurations in your application.properties, you can run the application using the following command:

./mvnw clean package

Use the Azure CLI to deploy your WAR file:

az webapp deploy --resource-group <your-resource-group> --name <your-webapp-name> --src-path ./target/backend.war --type war --async true

Open your web app in a browser:

az webapp browse --resource-group <your-resource-group> --name <your-webapp-name>

Alternatively, navigate to https://.azurewebsites.net to see your application running.

To clean up and delete all the resources created (App Service, App Service Plan, and Resource Group), you can run the following command:

az group delete --name <your-resource-group> --yes --no-wait

This will delete the resource group and all associated resources.

Reference:

• https://learn.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?tabs=net80&pivots=development-environment-azure-portal