Azure Deploy

Name: Azure Deploy
Author: microsoft

microsoft/azure-skills·MIT

Run validated Azure deployment plans with azd, Terraform, or Bicep after prepare and validate skills have finished.

Overview

Azure Deploy is an agent skill for the Ship phase that executes already-validated Azure deployment plans using azd, Terraform, Bicep, and Azure CLI commands.

Install

npx skills add https://github.com/microsoft/azure-skills --skill azure-deploy

What is this skill?

Runs azd up, azd deploy, terraform apply, and native Azure deployment commands with guided error recovery
Hard-stops unless azure-prepare produced .azure/deployment-plan.md and azure-validate reached Validated status
Explicitly routes greenfield create-and-deploy requests to azure-prepare instead of this executor

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 374k installs on skills.sh; 1.2k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

You have a deployment plan and passed validation but still need a reliable way to run azd up, terraform apply, or Bicep deploy without your agent rebuilding infra or skipping prerequisites.

Who is it for?

Solo builders with .azure/deployment-plan.md and Validated status from azure-validate who are ready to push an existing app to Azure.

Skip if: Anyone asking to create a new application, scaffold infrastructure, or do create-and-deploy in one shot without azure-prepare and azure-validate first.

When should I use this skill?

User asks to run azd up, run azd deploy, execute deployment, push to production, push to cloud, go live, ship it, bicep deploy, terraform apply, publish to Azure, or launch on Azure—with existing .azure/deployment-plan.m

What do I get? / Deliverables

You get a executed Azure deployment aligned with .azure/deployment-plan.md, with error-recovery guidance when cloud commands fail.

Deployed Azure resources per the validated deployment plan
Completed azd up, azd deploy, terraform apply, or equivalent deploy run
Error-recovery steps when deployment commands fail

Recommended Skills

Azure Preparemicrosoft/azure-skills

Prepare new or modernized apps for Azure with Bicep/Terraform, azure.yaml, Dockerfiles, and a mandatory deployment plan.374k installs·1.2k stars

Azure Storagemicrosoft/azure-skills

Choose and integrate Azure Blob, File, Queue, Table, and Data Lake storage with correct tiers and lifecycle rules.374k installs·1.2k stars

Azure Validatemicrosoft/azure-skills

Run pre-deploy Azure readiness checks on azure.yaml, Bicep or Terraform, RBAC, managed identity, and Functions or Contai…374k installs·1.2k stars

Appinsights Instrumentationmicrosoft/azure-skills

Wire Azure Application Insights onto an ASP.NET Core or Node.js app in App Service—via Portal auto-instrument or OpenTel…374k installs·1.2k stars

Azure Resource Lookupmicrosoft/azure-skills

Inventory and discover VMs, web apps, storage, and other Azure assets across subscriptions without deploying or changing…373k installs·1.2k stars

Azure Rbacmicrosoft/azure-skills

Pick least-privilege Azure RBAC roles, generate CLI and Bicep role assignments, and clarify prerequisites for granting a…373k installs·1.2k stars

Journey fit

Primary fit

The skill is invoked for go-live actions—azd up, terraform apply, and production pushes—which belong on the Ship phase shelf as launch execution, not idea or validate work. Launch subphase covers shipping prepared builds to a hosted environment; this skill only executes deployment commands once infrastructure and plans already exist.

Also useful

OperateInfrastructure & cost

How it compares

Use as the execution step after azure-prepare and azure-validate—not as a substitute for planning or validation skills.

Common Questions / FAQ

Who is azure-deploy for?

Azure Deploy is for solo and indie builders (and small teams using the same Azure skills pack) who already prepared and validated an Azure deployment and want an agent to run azd, Terraform, or Bicep deploy commands safely.

When should I use azure-deploy?

Use it in Ship when you say run azd up, run azd deploy, terraform apply, push to production, go live, ship it, or publish to Azure—only after azure-prepare created the plan and azure-validate marked it Validated.

Is azure-deploy safe to install?

It orchestrates production-impacting shell and cloud commands, so review the Security Audits panel on this Prism page, confirm your Azure credentials scope, and keep prepare/validate prerequisites enforced before any deploy run.

SKILL.md

READMESKILL.md - Azure Deploy

# Azure Deploy

> **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE**
>
> **PREREQUISITE**: The **azure-validate** skill **MUST** be invoked and completed with status `Validated` BEFORE executing this skill.

> **⛔ STOP — PREREQUISITE CHECK REQUIRED**
> Before proceeding, verify BOTH prerequisites are met:
>
> 1. **azure-prepare** was invoked and completed → `.azure/deployment-plan.md` exists
> 2. **azure-validate** was invoked and passed → plan status = `Validated`
>
> If EITHER is missing, **STOP IMMEDIATELY**:
> - No plan? → Invoke **azure-prepare** skill first
> - Status not `Validated`? → Invoke **azure-validate** skill first
>
> **⛔ DO NOT MANUALLY UPDATE THE PLAN STATUS**
>
> You are **FORBIDDEN** from changing the plan status to `Validated` yourself. Only the **azure-validate** skill is authorized to set this status after running actual validation checks. If you update the status without running validation, deployments will fail.
>
> **DO NOT ASSUME** the app is ready. **DO NOT SKIP** validation to save time. Skipping steps causes deployment failures. The complete workflow ensures success:
>
> `azure-prepare` → `azure-validate` → `azure-deploy`

## Triggers

Activate this skill when user wants to:
- Execute deployment of an already-prepared application (azure.yaml and infra/ exist)
- Push updates to an existing Azure deployment
- Run `azd up`, `azd deploy`, or `az deployment` on a prepared project
- Ship already-built code to production
- Deploy an application that already includes API Management (APIM) gateway infrastructure

> **Scope**: This skill executes deployments. It does not create applications, generate infrastructure code, or scaffold projects. For those tasks, use **azure-prepare**.

> **APIM / AI Gateway**: Use this skill to deploy applications whose APIM/AI gateway infrastructure was already created during **azure-prepare**. For creating or changing APIM resources, see [APIM deployment guide](https://learn.microsoft.com/azure/api-management/get-started-create-service-instance). For AI governance policies, invoke **azure-aigateway** skill.

## Rules

1. Run after azure-prepare and azure-validate
2. `.azure/deployment-plan.md` must exist with status `Validated`
3. **Pre-deploy checklist required** — [Pre-Deploy Checklist](references/pre-deploy-checklist.md)
4. ⛔ **Destructive actions require `ask_user`** — [global-rules](references/global-rules.md)
5. **Scope: deployment execution only** — This skill owns execution of `azd up`, `azd deploy`, `terraform apply`, and `az deployment` commands. These commands are run through this skill's error recovery and verification pipeline.

---

## Steps

| # | Action | Reference |
|---|--------|-----------|
| 1 | **Check Plan** — Read `.azure/deployment-plan.md`, verify status = `Validated` AND **Validation Proof** section is populated | `.azure/deployment-plan.md` |
| 2 | **Pre-Deploy Checklist** — MUST complete ALL steps | [Pre-Deploy Checklist](references/pre-deploy-checklist.md) |
| 3 | **Load Recipe** — Based on `recipe.type` in `.azure/depl

What is this skill?

Runs azd up, azd deploy, terraform apply, and native Azure deployment commands with guided error recovery

Hard-stops unless azure-prepare produced .azure/deployment-plan.md and azure-validate reached Validated status

Explicitly routes greenfield create-and-deploy requests to azure-prepare instead of this executor

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 374k installs on skills.sh; 1.2k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What do I get? / Deliverables

You get a executed Azure deployment aligned with .azure/deployment-plan.md, with error-recovery guidance when cloud commands fail.

Deployed Azure resources per the validated deployment plan

Completed azd up, azd deploy, terraform apply, or equivalent deploy run

Error-recovery steps when deployment commands fail

Journey fit

Primary fit

Also useful

OperateInfrastructure & cost

SKILL.md

READMESKILL.md - Azure Deploy

# Azure Deploy

> **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE**
>
> **PREREQUISITE**: The **azure-validate** skill **MUST** be invoked and completed with status `Validated` BEFORE executing this skill.

> **⛔ STOP — PREREQUISITE CHECK REQUIRED**
> Before proceeding, verify BOTH prerequisites are met:
>
> 1. **azure-prepare** was invoked and completed → `.azure/deployment-plan.md` exists
> 2. **azure-validate** was invoked and passed → plan status = `Validated`
>
> If EITHER is missing, **STOP IMMEDIATELY**:
> - No plan? → Invoke **azure-prepare** skill first
> - Status not `Validated`? → Invoke **azure-validate** skill first
>
> **⛔ DO NOT MANUALLY UPDATE THE PLAN STATUS**
>
> You are **FORBIDDEN** from changing the plan status to `Validated` yourself. Only the **azure-validate** skill is authorized to set this status after running actual validation checks. If you update the status without running validation, deployments will fail.
>
> **DO NOT ASSUME** the app is ready. **DO NOT SKIP** validation to save time. Skipping steps causes deployment failures. The complete workflow ensures success:
>
> `azure-prepare` → `azure-validate` → `azure-deploy`

## Triggers

Activate this skill when user wants to:
- Execute deployment of an already-prepared application (azure.yaml and infra/ exist)
- Push updates to an existing Azure deployment
- Run `azd up`, `azd deploy`, or `az deployment` on a prepared project
- Ship already-built code to production
- Deploy an application that already includes API Management (APIM) gateway infrastructure

> **Scope**: This skill executes deployments. It does not create applications, generate infrastructure code, or scaffold projects. For those tasks, use **azure-prepare**.

> **APIM / AI Gateway**: Use this skill to deploy applications whose APIM/AI gateway infrastructure was already created during **azure-prepare**. For creating or changing APIM resources, see [APIM deployment guide](https://learn.microsoft.com/azure/api-management/get-started-create-service-instance). For AI governance policies, invoke **azure-aigateway** skill.

## Rules

1. Run after azure-prepare and azure-validate
2. `.azure/deployment-plan.md` must exist with status `Validated`
3. **Pre-deploy checklist required** — [Pre-Deploy Checklist](references/pre-deploy-checklist.md)
4. ⛔ **Destructive actions require `ask_user`** — [global-rules](references/global-rules.md)
5. **Scope: deployment execution only** — This skill owns execution of `azd up`, `azd deploy`, `terraform apply`, and `az deployment` commands. These commands are run through this skill's error recovery and verification pipeline.

---

## Steps

| # | Action | Reference |
|---|--------|-----------|
| 1 | **Check Plan** — Read `.azure/deployment-plan.md`, verify status = `Validated` AND **Validation Proof** section is populated | `.azure/deployment-plan.md` |
| 2 | **Pre-Deploy Checklist** — MUST complete ALL steps | [Pre-Deploy Checklist](references/pre-deploy-checklist.md) |
| 3 | **Load Recipe** — Based on `recipe.type` in `.azure/depl

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is azure-deploy for?

When should I use azure-deploy?

Is azure-deploy safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is azure-deploy for?

When should I use azure-deploy?

Is azure-deploy safe to install?

SKILL.md