Start Here: Azure

I’ve been building on Azure for years. These are the posts I’d point someone to if they were starting from scratch or trying to avoid the mistakes we already made.

Key Vault and Secrets

How we manage secrets, what went wrong, and what we’d do differently.

• Azure Key Vault Is Not a Dumping Ground
• Azure Key Vault Soft Delete and Purge Protection Lessons Learned
• Why One Azure Key Vault Per App Was the Wrong Answer
• Secrets Are Configuration, Not Infrastructure
• Managed Identity Solved Problems We Did Not Know We Had
• Why We Do Not Trust AI With Secrets

RBAC and Identity

Permissions are simple until they aren’t. These cover the patterns that actually scale.

• Azure RBAC Is Easy Until You Need to Change It
• Debugging Access Denied When RBAC Looks Correct
• Giving Engineers Access Without Creating a Security Incident
• Role Assignment Sprawl in Azure and How It Starts
• Why Service Principals Linger Long After They’re Needed
• Why Azure Identity Problems Look Like Networking Problems

Compute and Serverless

Choosing the right compute on Azure is harder than it looks. These are the tradeoffs we’ve lived with.

• Azure App Service Is Boring and That Is Why It Works
• Getting Started with Azure Container Apps
• Azure Container Apps Networking Explained the Hard Way
• Logging and Tracing in Azure Container Apps Is Still Immature
• When Azure Functions Stop Feeling Serverless
• Why We Moved One Function Out of Serverless
• What We Left in Serverless and Why
• Why We Chose Azure Container App Jobs Over Azure Functions

Networking

Azure networking trips up even experienced teams. These are the things we wish someone had told us.

• DNS Is the Root of Most Azure Networking Confusion
• Why We Use Cloudflare for Networking (and Not Azure)

Terraform and IaC

We run Terraform as our system of record. These cover what that actually looks like.

• Terraform Didn’t Simplify Azure. It Made It Legible.
• Terraform Made Our Mistakes Repeatable
• The First Terraform Refactor Is Always Worse Than You Expect
• When Terraform Became Part of the Platform, Not Just a Tool

Cost

Azure billing is its own discipline. These are the lessons that cost us money first.

• The Azure Resources We Overpaid for the Longest
• Why Idle Azure Resources Are Hard to Kill

Observability

Logging everything is not the same as understanding what’s happening.

• Azure App Insights Is Not Observability
• The Logs We Actually Use During Incidents