Azure Cloud Architect
Design cost-bounded Azure stacks, Bicep/ARM shapes, and DevOps paths before you commit spend on AKS, App Service, Functions, or Cosmos DB.
Overview
Azure Cloud Architect is an agent skill most often used in Build (also Validate scope, Operate infra) that designs Azure service patterns, cost estimates, and Bicep-oriented infrastructure from structured requirements.
Install
npx skills add https://github.com/alirezarezvani/claude-skills --skill azure-cloud-architectWhat is this skill?
- Structured requirements pass: app type, RPS, budget cap, compliance (GDPR, HIPAA, SOC 2, ISO 27001), RPO/RTO, and region
- architecture_designer.py CLI recommends patterns, service stacks, pros/cons, and estimated monthly USD cost
- Covers AKS, App Service, Azure Functions, Cosmos DB, Front Door, Key Vault, and Entra ID in example stacks
- Explicit workflow from requirements → architecture design → Bicep infrastructure-as-code templates
- Oriented to startups and enterprises migrating or greenfielding on Azure with cost optimization
- Example designer output cites ~$280 estimated monthly USD for a 10k-user web_app pattern
Adoption & trust: 531 installs on skills.sh; 17.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You know you need Azure but lack a defensible service mix, monthly cost envelope, or compliance-aware template plan before provisioning.
Who is it for?
Indie SaaS founders and lean teams sizing Azure for web apps, APIs, data pipelines, or microservices with explicit budget and SLA inputs.
Skip if: Builders who only need a single trivial Azure CLI command or already have signed-off architecture and locked Bicep modules with no redesign scope.
When should I use this skill?
Asked to design Azure infrastructure, create Bicep/ARM templates, optimize Azure costs, set up Azure DevOps pipelines, or migrate to Azure.
What do I get? / Deliverables
You leave with a recommended pattern, service stack, cost estimate, and a path to Bicep templates and DevOps pipelines aligned to your constraints.
- Recommended Azure pattern and service stack JSON
- Cost estimate and tradeoff notes
- Bicep/ARM template direction per workflow
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Primary shelf is Build/backend because the skill outputs service stacks and templates that define how the product runs, even though requirements gathering starts earlier. Backend is the best canonical fit for architecture designer output—compute, data, identity, and edge services—not frontend polish.
Where it fits
Lock a $500/month ceiling and SOC 2 labels before choosing between App Service and AKS for a 10k-user web app.
Run architecture_designer.py to get a service stack with Key Vault, Front Door, and SQL for the first production backend.
Translate the chosen pattern into deployment slots and pipeline steps ahead of a staged release.
Revisit estimated monthly USD and right-size Functions vs always-on compute after traffic changes.
How it compares
Use instead of generic cloud brainstorming when you need Azure-specific stacks, designer script output, and cost-bounded recommendations.
Common Questions / FAQ
Who is azure-cloud-architect for?
Solo builders and small teams planning or migrating workloads to Azure who want agent-guided architecture, Bicep direction, and cost-aware service picks rather than manual portal clicking.
When should I use azure-cloud-architect?
Use it during Validate when scoping budget and compliance, during Build when choosing App Service vs AKS and data tiers, and during Operate when revisiting infra cost and migration paths—especially when asked to design Azure infrastructure or optimize spend.
Is azure-cloud-architect safe to install?
Treat it as infrastructure guidance that may drive real subscriptions and IAM changes; review the Security Audits panel on this page and validate every template and pipeline in a non-production subscription before apply.
SKILL.md
READMESKILL.md - Azure Cloud Architect
# Azure Cloud Architect Design scalable, cost-effective Azure architectures for startups and enterprises with Bicep infrastructure-as-code templates. --- ## Workflow ### Step 1: Gather Requirements Collect application specifications: ``` - Application type (web app, mobile backend, data pipeline, SaaS, microservices) - Expected users and requests per second - Budget constraints (monthly spend limit) - Team size and Azure experience level - Compliance requirements (GDPR, HIPAA, SOC 2, ISO 27001) - Availability requirements (SLA, RPO/RTO) - Region preferences (data residency, latency) ``` ### Step 2: Design Architecture Run the architecture designer to get pattern recommendations: ```bash python scripts/architecture_designer.py \ --app-type web_app \ --users 10000 \ --requirements '{"budget_monthly_usd": 500, "compliance": ["SOC2"]}' ``` **Example output:** ```json { "recommended_pattern": "app_service_web", "service_stack": ["App Service", "Azure SQL", "Front Door", "Key Vault", "Entra ID"], "estimated_monthly_cost_usd": 280, "pros": ["Managed platform", "Built-in autoscale", "Deployment slots"], "cons": ["Less control than VMs", "Platform constraints", "Cold start on consumption plans"] } ``` Select from recommended patterns: - **App Service Web**: Front Door + App Service + Azure SQL + Redis Cache - **Microservices on AKS**: AKS + Service Bus + Cosmos DB + API Management - **Serverless Event-Driven**: Functions + Event Grid + Service Bus + Cosmos DB - **Data Pipeline**: Data Factory + Synapse Analytics + Data Lake Storage + Event Hubs See `references/architecture_patterns.md` for detailed pattern specifications. **Validation checkpoint:** Confirm the recommended pattern matches the team's operational maturity and compliance requirements before proceeding to Step 3. ### Step 3: Generate IaC Templates Create infrastructure-as-code for the selected pattern: ```bash # Web app stack (Bicep) python scripts/bicep_generator.py --arch-type web-app --output main.bicep ``` **Example Bicep output (core web app resources):** ```bicep @description('The environment name') param environment string = 'dev' @description('The Azure region for resources') param location string = resourceGroup().location @description('The application name') param appName string = 'myapp' // App Service Plan resource appServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = { name: '${environment}-${appName}-plan' location: location sku: { name: 'P1v3' tier: 'PremiumV3' capacity: 1 } properties: { reserved: true // Linux } } // App Service resource appService 'Microsoft.Web/sites@2023-01-01' = { name: '${environment}-${appName}-web' location: location properties: { serverFarmId: appServicePlan.id httpsOnly: true siteConfig: { linuxFxVersion: 'NODE|20-lts' minTlsVersion: '1.2' ftpsState: 'Disabled' alwaysOn: true } } identity: { type: 'SystemAssigned' } } // Azure SQL Database resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = { name: '${environment}-${appName}-sql' location: location properties: { administrators: { azureADOnlyAuthentication: true } minimalTlsVersion: '1.2' } } resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = { parent: sqlServer name: '${appName}-db' location: location sku: { name: 'GP_S_Gen5_2' tier: 'GeneralPurpose' } properties: { autoPauseDelay: 60 minCapacity: json('0.5') } } ``` > Full templates including Front Door, Key Vault, Managed Identity, and monitoring are generated by `bicep_generator.py`