ReddRadar
Agent skill
azure-deploy
Execute Azure deployments for ALREADY-PREPARED applications that have existing .azure/plan.md and infrastructure files. DO NOT use this skill when the user asks to CREATE a new application — use azure-prepare instead. This skill runs azd up, azd deploy, terraform apply, and az deployment commands with built-in error recovery. Requires .azure/plan.md from azure-prepare and validated status from azure-validate. WHEN: "run azd up", "run azd deploy", "execute deployment", "push to production", "push to cloud", "go live", "ship it", "bicep deploy", "terraform apply", "publish to Azure", "launch on Azure". DO NOT USE WHEN: "create and deploy", "build and deploy", "create a new app", "set up infrastructure", "create and deploy to Azure using Terraform" — use azure-prepare for these.
Install this agent skill to your Project
npx add-skill https://github.com/autohandai/community-skills/tree/main/azure-deploy
Metadata
Additional technical details for this skill
- author
- Microsoft
- version
- 1.0.4
SKILL.md
Azure Deploy
AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE
PREREQUISITE: The azure-validate skill MUST be invoked and completed with status
ValidatedBEFORE executing this skill.
⛔ STOP — PREREQUISITE CHECK REQUIRED Before proceeding, verify BOTH prerequisites are met:
- azure-prepare was invoked and completed →
.azure/plan.mdexists- azure-validate was invoked and passed → plan status =
ValidatedIf EITHER is missing, STOP IMMEDIATELY:
- No plan? → Invoke azure-prepare skill first
- Status not
Validated? → Invoke azure-validate skill first⛔ DO NOT MANUALLY UPDATE THE PLAN STATUS
You are FORBIDDEN from changing the plan status to
Validatedyourself. Only the azure-validate skill is authorized to set this status after running actual validation checks. If you update the status without running validation, deployments will fail.DO NOT ASSUME the app is ready. DO NOT SKIP validation to save time. Skipping steps causes deployment failures. The complete workflow ensures success:
azure-prepare→azure-validate→azure-deploy
Triggers
Activate this skill when user wants to:
- Execute deployment of an already-prepared application (azure.yaml and infra/ exist)
- Push updates to an existing Azure deployment
- Run
azd up,azd deploy, oraz deploymenton a prepared project - Ship already-built code to production
- Deploy an application that already includes API Management (APIM) gateway infrastructure
Scope: This skill executes deployments. It does not create applications, generate infrastructure code, or scaffold projects. For those tasks, use azure-prepare.
APIM / AI Gateway: Use this skill to deploy applications whose APIM/AI gateway infrastructure was already created during azure-prepare. For creating or changing APIM resources, see APIM deployment guide. For AI governance policies, invoke azure-aigateway skill.
Rules
- Run after azure-prepare and azure-validate
.azure/plan.mdmust exist with statusValidated- Pre-deploy checklist required — Pre-Deploy Checklist
- ⛔ Destructive actions require
ask_user— global-rules - Scope: deployment execution only — This skill owns execution of
azd up,azd deploy,terraform apply, andaz deploymentcommands. These commands are run through this skill's error recovery and verification pipeline.
Steps
| # | Action | Reference |
|---|---|---|
| 1 | Check Plan — Read .azure/plan.md, verify status = Validated AND Validation Proof section is populated |
.azure/plan.md |
| 2 | Pre-Deploy Checklist — MUST complete ALL steps | Pre-Deploy Checklist |
| 3 | Load Recipe — Based on recipe.type in .azure/plan.md |
recipes/README.md |
| 4 | Execute Deploy — Follow recipe steps | Recipe README |
| 5 | Post-Deploy — Configure SQL managed identity and apply EF migrations if applicable | Post-Deployment |
| 6 | Handle Errors — See recipe's errors.md |
— |
| 7 | Verify Success — Confirm deployment completed and endpoints are accessible | Verification |
⛔ VALIDATION PROOF CHECK
When checking the plan, verify the Validation Proof section (Section 7) contains actual validation results with commands run and timestamps. If this section is empty, validation was bypassed — invoke azure-validate skill first.
SDK Quick References
- Azure Developer CLI: azd
- Azure Identity: Python | .NET | TypeScript | Java
MCP Tools
| Tool | Purpose |
|---|---|
mcp_azure_mcp_subscription_list |
List available subscriptions |
mcp_azure_mcp_group_list |
List resource groups in subscription |
mcp_azure_mcp_azd |
Execute AZD commands |
References
- Troubleshooting - Common issues and solutions
- Post-Deployment Steps - SQL + EF Core setup
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
autohandai/community-skills
mapping-mitre-attack-techniques
Maps observed adversary behaviors, security alerts, and detection rules to MITRE ATT&CK techniques and sub-techniques to quantify detection coverage and guide control prioritization. Use when building an ATT&CK-based coverage heatmap, tagging SIEM alerts with technique IDs, aligning security controls to adversary playbooks, or reporting threat exposure to executives. Activates for requests involving ATT&CK Navigator, Sigma rules, MITRE D3FEND, or coverage gap analysis.
autohandai/community-skills
hunting-for-spearphishing-indicators
Hunt for spearphishing campaign indicators across email logs, endpoint telemetry, and network data to detect targeted email attacks.
autohandai/community-skills
analyzing-malicious-url-with-urlscan
URLScan.io is a free service for scanning and analyzing suspicious URLs. It captures screenshots, DOM content, HTTP transactions, JavaScript behavior, and network connections of web pages in an isolat
autohandai/community-skills
implementing-zero-standing-privilege-with-cyberark
Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using just-in-time access with time, entitlement, and approval controls.
autohandai/community-skills
implementing-pam-for-database-access
Deploy privileged access management for database systems including Oracle, SQL Server, PostgreSQL, and MySQL. Covers session proxy configuration, credential vaulting, query auditing, dynamic credentia
autohandai/community-skills
detecting-t1003-credential-dumping-with-edr
Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.
Didn't find tool you were looking for?