Azure Infrastructure

Built on Azure

This portfolio isn’t just a website — it’s a reference architecture. Every service, decision, and trade-off is documented below. Click any service to see its full configuration.

7 Azure services~$13 / month running costManaged Identity — zero API keys~3 min deploy on git push

Infrastructure Map

Azure Services

Click any service to see configuration details and architectural rationale.

Hosting & Delivery2

Intelligence3

DevOps & Security2

Data Flows

How Requests Flow

Two distinct paths through the system — one for page rendering, one for AI chat.

Visitor Request Flow

BrowserHTTPS

App ServiceNode 20

Next.js SSRApp Router

JSON / MDXcontent/

HTMLresponse

Server components read JSON and MDX files at render time. No database queries — content is filesystem-based, fast and simple. Static pages are served directly; dynamic pages (blog slugs, project pages) render on-demand.

AI Chat Flow

Userquestion

Rate limit/api/chat

AI Foundryagent

RAGvector store

SSE streamtypewriter

The Foundry Agent searches the portfolio vector store (built from all content via file_search) and Microsoft Learn for Azure docs. Responses stream as SSE tokens — the client renders them with a typewriter effect at ~170 chars/sec.

AI Writer Flow

USP

Admin-only — drafts complete blog posts and case studies end-to-end, then publishes with AI-generated cover images.

Content generation

Topic prompt/admin/ai-writer

Auth + rate limitNextAuth · 3/min

Foundry Agentgpt-5.4 stream

SSE drafttypewriter UI

Edit + saveMDX filesystem

Reindex RAGvector store

+ optional image generation branch

Cover image (on demand)

Generate coverone-click

gpt-image-2-1East US 2

Blob Storageblog-images/

Public URLembedded in MDX

The AI Writer calls the same Azure AI Foundry agent as the chatbot, but with a structured system prompt scoped to the selected content type (blog post, case study, etc.). Content streams token-by-token via AI SDK v6 SSE. The image branch calls a separate Azure OpenAI endpoint (deployment gpt-image-2-1, East US 2), uploads the PNG to Blob Storage, and injects the public URL into the draft — all in one click.

Deployment

CI/CD Pipeline

From git push to live in roughly 3 minutes.

git pushmain branch

Actions triggerubuntu-latest

npm ci + buildstandalone

zip deployKudu API

App Servicerestarts

verify:live13 routes

git push main

triggers deploy.yml

GitHub Actions

ubuntu-latest runner

npm ci + build

Next.js standalone output

zip → Kudu zipdeploy

POST /api/zipdeploy

App Service restarts

node server.js

verify:live

smoke-tests 13 routes

Key decision: SCM_DO_BUILD_DURING_DEPLOYMENT=false — Azure receives pre-built artifacts, not source code. This avoids Oryx build failures on Windows-compiled modules and keeps deploy times consistent. The ~30 MB standalone zip deploys faster and more reliably than a full source + npm install cycle.

Cost

Monthly Cost Breakdown

Running a production-grade cloud architecture on Azure for almost nothing.

Service	Tier	Cost
Azure App Service (B1)	B1 · asp-saurav-portfolio	~$13.00
Azure Blob Storage	Standard LRS, < 1 GB	~$0.01
Azure AI Foundry	gpt-5.4 + gpt-4o, pay-per-token	Variable
Azure OpenAI · Image Gen	gpt-image-2, pay-per-image	Variable
Application Insights	Free (< 5 GB/day)	$0.00
GitHub Actions	Free tier	$0.00
Azure Managed Identity	Free	$0.00
Total fixed cost / month		~$13

AI token costs vary with chatbot usage. gpt-5.4 (primary) and gpt-4o (secondary) are used in the Foundry project; image generation uses gpt-image-2 separately. App Service runs on a B1 plan (~$13/month); all other services are free tier or pay-per-use.

Decisions

Key Architectural Choices

The intentional trade-offs behind this architecture.

Cost

App Service over Container Apps

Azure Container Apps has a minimum billing even at zero traffic. App Service B1 provides dedicated compute for ~$13/month with no cold-start penalty. For a portfolio with sporadic but real traffic, App Service wins on predictability. The trade-off: no auto-scaling — acceptable for this use case.

Reliability

Standalone build over source deploy

Deploying pre-built artifacts via Kudu zipdeploy is faster (30 MB zip vs 300 MB with node_modules) and eliminates Oryx build failures. The CI runner and the target environment are both Linux, but Windows development creates ENOENT issues in Turbopack that Webpack avoids.

Security

Managed Identity over API keys

No AI API key in environment variables. App Service's system-assigned identity authenticates directly with AI Foundry via AAD tokens (Cognitive Services User + Azure AI Developer roles). Rotating credentials is a non-event. This is how enterprise Azure workloads should be configured.

Simplicity

Filesystem content over a database

Blog posts are MDX files. Projects, talks, and certifications are JSON. The admin CMS writes directly to the filesystem (persistent volume on App Service). No database, no migrations, no connection strings. Git is the version history. Perfectly suitable for a single-author portfolio.

Service

Cost

Azure App Service (B1)

~$13.00

Azure Blob Storage

~$0.01

Azure AI Foundry

Variable

Azure OpenAI · Image Gen

Variable

Application Insights

$0.00

GitHub Actions

$0.00

Azure Managed Identity

$0.00

Total fixed cost / month

~$13