leifericf

leifericf

Anyone have any experience with Elixir on Microsoft Azure?

I’m wondering if anyone has experience in deploying Elixir apps (Phoenix apps or otherwise) to Microsoft Azure. If so, I would love to hear about your experience.

The company where I work is heavily invested in Azure from before, so I’m trying to determine whether it would be a viable option for Elixir apps as well.

Here are some of the types of questions I have in mind:

  • How did your setup look like?
  • Did you use Azure Container Instances or Azure Virtual Machines?
  • Did you deploy to a single node or multiple nodes?
    • If multiple nodes: Did you have any issues connecting them?
  • Were you using some kind of containers and orchestration, e.g. Docker and Kubernetes?
  • Does Azure play well with BEAM instrumentation and debugging tools?
    • Is it possible to attach to an Azure environment with Erlang’s remote shell?
  • Did you experience any significant difficulties?
  • Are there any noteworthy caveats or drawbacks?

Any input on such topics would be greatly appreciated.

Most Liked

chgeuer

chgeuer

(full disclosure: I work for Microsoft, and love Elixir :slight_smile:)

Hi,

I haven’t yet spent too much time on the actual runtime side of Elixir on Azure. One thing I did was to run a Distillery with multi-stage docker, then push the resulting image to Azure Web Apps (with Linux). Also Azure Kubernetes Service (AKS) is an obvious solution. When it comes to running an Erlang Cluster in a virtual network, there are no reasons why it should not be possible…

Regarding your question on whether Azure plays well with BEAM instrumentation, I would guess all BEAM things would be independent of or orthogonal to Azure?

As for the Elixir application side of things, I started to build libraries to interact with various Azure APIs:

Feel free to ping me via mail (chgeuer@microsoft)…

15
Post #2
chgeuer

chgeuer

Various Azure services allow you to authenticate using 2 different ways, some sort of password-based authN, and using Entra ID (formerly known as Azure Active Directory).

First a bit of history: When storage accounts were released back in 2008/2009, you only had storage account keys (2 secrets), that you supplied per request. Then shared access signatures came out (where you derive a value from the secrets). Then AAD/Entra authN was introduced. Same for SQL database (and MySQL and PostgreSQL), where in early versions you had to pick an admin username and password, and later supported Entra authentication.

Now storing passwords for services is kind-of a bad thing: You need a different password/credential for each service you want to call. If your app calls storage, SQL, service bus, event hub, Key Vault, you have to store (and protect) 5 credentials. And if one of these credentials is compromised, you must rotate it for all callers. It’s in general messy.

If you on the other hand have an Entra credential (which still can be a username/password combo like in the example with client_id/client_secret), you still must protect that one. But if it’s compromised, you only rotate a single credential of a single app, all server-side ACLs remain as they are.

What’s even more important, if your app workload runs in the cloud, you can use “managed identity”, where you tie an Entra identity to the VM or web app or Kubernetes pod you’re running on, and your workload doesn’t have to store any cred at all. When you need a token, you just issue a token request to 169.254.169.254, say you need a token for PostgreSQL, and off you go.

If you don’t want to do Entra authN, just skip all the Entra bits in the blog article and just do your username/password thing like before…

However, I strongly recommend to use Entra authN. For example, in the words of the storage team:

For optimal security, Microsoft recommends using Microsoft Entra ID with managed identities to authorize requests against blob, queue, and table data, whenever possible. Authorization with Microsoft Entra ID and managed identities provides superior security and ease of use over Shared Key authorization. src

Using Entra authentication at the first glance makes it more complex: You must create an Entra app (setup takes longer), and prior authenticating to the DB you need to request a token. However, once you figure out you must rotate creds, or one credential is compromized, our you want to audit which app did what, you certainly start to appreciate having not used the same PostgreSQL password for all your workloads.

Added a short section here:

idi527

idi527

:waving_hand:

How did your setup look like?

Terraform with its state stored on s3 (could be azure’s alternative), distillery with docker to build releases (on CI) and upload them to s3 (could be azure’s alternative), epmdless distribution over azure’s vpn (might later move to partisan).

Did you use Azure Container Instances or Azure Virtual Machines?

Azure Virtual Machines (mostly the spot instances)

Did you deploy to a single node or multiple nodes?

Multiple. No issues.

Were you using some kind of containers and orchestration, e.g. Docker and Kubernetes?

No, but we used some bash scripts though which would download the releases from s3 and then enable and start the apps via systemd.

Does Azure play well with BEAM instrumentation and debugging tools?

Since it’s just a linux instance, it works as any other linux instance (which is ok).

Did you experience any significant difficulties?

It would be a bit too expensive for us if it wasn’t for the spot instances.

Where Next?

Popular in Questions Top

vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
Lily
In templates/appointment/index.html.eex: <%= for appointment <- @appointments do %> <tr> <td><%= appoi...
New
ycv005
I have followed this StackOverflow post to install the specific version of Erlang. And When I am running mix ecto.setup then getting fol...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New

Other popular topics Top

jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
openscript
Hello! Sorry for this astonishing simple question, but I’m really stuck. I try to set up the intellij-elixir plugin, but I don’t know ho...
New
Qqwy
Update: How to use the Blogs & Podcasts section You can post links to your blog posts or podcasts either in one of the Official Blog...
3271 126479 1222
New

Latest on Elixir Forum

We're in Beta

About us Mission Statement