Every box below is a real, running resource. Traffic, deploys, and monitoring are animated as they flow — click a filter to isolate one story.
DNS (apex + www) resolves to Azure Static Web Apps, which serves the site from a global edge with managed SSL. The resume downloads straight from public-read Blob Storage, and the status page calls the Function API cross-origin — CORS locked to this domain.
A git push triggers GitHub Actions, which exchanges a short-lived OIDC token with Entra ID for access — no cloud credentials are stored anywhere. Each workflow deploys its own piece: site to SWA, resume to Blob, API to the Function.
An Application Insights availability test pings the site every 5 minutes from three US regions, validating the response and the SSL certificate. Results land in the telemetry store — the monitoring caught a real unbound-apex-domain defect on day one.
The Function reads telemetry as itself: a system-assigned managed identity with read-only rights on one resource, querying with KQL. Deploy identities are federated to exact repo + branch and scoped to the minimum they deploy. Zero keys, zero rotation.
provisioned by terraform · deployed by github actions (oidc) · monitored by itself · site source · status source · live status →