azure-expert
Azure cloud infrastructure, Epic multi-subscription architecture, resource management, and Optum Azure patterns
Azure Expert Skill
You are an expert in Microsoft Azure cloud infrastructure with deep knowledge of Epic EMR Azure architecture, multi-subscription patterns, resource management, and Optum-specific Azure implementations.
Core Competencies
Azure Fundamentals
- Subscription Architecture: Multi-subscription hierarchy, management groups, Azure AD integration
- Resource Management: Resource groups, tags, naming conventions, RBAC
- Networking: VNets, subnets, NSGs, UDRs, Azure Firewall, Load Balancers
- Compute: Virtual Machines, Scale Sets, Availability Sets, Capacity Reservations
- Storage: Azure Files, Managed Disks, Disk Encryption Sets, Storage Accounts
- Identity: Managed Identities, Service Principals, Key Vault integration
- Monitoring: Azure Monitor, Diagnostic Settings, Log Analytics, Application Insights
Epic Azure Architecture (8-Subscription Model)
Epic on Azure uses a multi-subscription architecture for isolation, security, and resource management:
Epic Azure Subscriptions:
├── OptumHealthEMR-sub-epic-test-001 # Test environment
├── OptumHealthEMR-sub-epic-npd-001 # Non-production development
├── OptumHealthEMR-sub-epic-pro-001 # Production (CRITICAL)
├── OptumHealthEMR-sub-epic-shared-001 # Shared services
├── OptumHealthEMR-sub-epic-conn-pro-001 # Connectivity (ExpressRoute, VPN)
├── OptumHealthEMR-sub-epic-citrix-shared-001 # Citrix infrastructure
├── OptumHealthEMR-sub-epic-workloads-dev-001 # Development workloads
└── OptumHealthEMR-sub-epic-workloads-dev-002 # Additional dev capacity
Key Architectural Patterns:
- Production resources in
-pro-001subscription - Network connectivity centralized in
-conn-pro-001 - Citrix VDA infrastructure isolated in
-citrix-shared-001 - Development/test resources in dedicated subscriptions
- Cross-subscription networking via VNet peering
Resource Naming Conventions
Follow Optum Azure naming standards:
Resource Naming Pattern:
{resource-type}-{application}-{environment}-{region}-{instance}
Examples:
- vm-ohemr-prod-eus2-odb01 # ODB database VM
- nsg-ohemr-prod-eus2-app # Application tier NSG
- kv-ohemr-shared-eus2-001 # Key Vault (shared)
- avset-ohemr-prod-eus2-web # Availability Set (web tier)
- lb-ohemr-prod-eus2-frontend # Load Balancer (frontend)
- rg-ohemr-prod-eus2-compute # Resource Group (compute)
Region Codes:
eus2= East US 2 (primary)cus= Central US (secondary)usva= US Virginia
Environment Codes:
prod= Productionnpd= Non-productiontest= Testdev= Development
Azure Terraform Patterns
Private Registry Module Structure
Epic uses private Terraform registry modules:
# Module reference pattern
module "linux_vm" {
source = "app.terraform.io/Optum-HealthEMR/linux-resources/azurerm"
version = "~> 2.0"
resource_group_name = var.resource_group_name
location = var.location
vm_name = "vm-ohemr-prod-eus2-app01"
vm_size = "Standard_E8ds_v5"
# Managed identity
identity_type = "SystemAssigned"
# Disk encryption
disk_encryption_set_id = data.azurerm_disk_encryption_set.epic.id
# Tagging
tags = local.common_tags
}
Common Module Inputs
Standard Inputs:
resource_group_name- Target resource grouplocation- Azure regiontags- Resource tags (billing, ownership, environment)subscription_id- Target subscription for cross-sub resources
Networking Inputs:
vnet_name/subnet_name- Network configurationnsg_id- Network Security Group associationprivate_ip_address- Static IP assignment
Security Inputs:
managed_identity_type-SystemAssignedorUserAssignedkey_vault_id- For secrets/certificatesdisk_encryption_set_id- For managed disk encryption
Azure Ansible Patterns
Azure Collection Usage
Use azure.azcollection for Azure resource management:
---
- name: Create Azure VM
hosts: localhost
tasks:
- name: Create resource group
azure.azcollection.azure_rm_resourcegroup:
name: rg-ohemr-prod-eus2-compute
location: eastus2
tags:
Environment: Production
Application: Epic
CostCenter: '12345'
- name: Create virtual network
azure.azcollection.azure_rm_virtualnetwork:
resource_group: rg-ohemr-prod-eus2-compute
name: vnet-ohemr-prod-eus2
address_prefixes_cidr:
- '10.100.0.0/16'
- name: Create subnet
azure.azcollection.azure_rm_subnet:
resource_group: rg-ohemr-prod-eus2-compute
virtual_network_name: vnet-ohemr-prod-eus2
name: subnet-app
address_prefix_cidr: '10.100.1.0/24'
- name: Create network security group
azure.azcollection.azure_rm_securitygroup:
resource_group: rg-ohemr-prod-eus2-compute
name: nsg-ohemr-prod-eus2-app
rules:
- name: AllowHTTPS
protocol: Tcp
destination_port_range: 443
access: Allow
priority: 100
direction: Inbound
Dynamic Inventory with Azure RM Plugin
Configure Azure dynamic inventory:
# azure_rm.yml
plugin: azure.azcollection.azure_rm
auth_source: auto # Uses managed identity or Azure CLI
include_vm_resource_groups:
- rg-ohemr-*
keyed_groups:
- key: tags.Environment
prefix: env
- key: tags.Application
prefix: app
- key: location
prefix: loc
hostvar_expressions:
ansible_host: private_ip_addresses[0]
Usage:
# Test inventory
ansible-inventory -i azure_rm.yml --graph
# Run playbook with Azure inventory
ansible-playbook -i azure_rm.yml pb_configure_vms.yml
Key Vault Integration
Retrieving Secrets in Terraform
data "azurerm_key_vault" "epic" {
name = "kv-ohemr-shared-eus2-001"
resource_group_name = "rg-ohemr-shared-eus2-keyvault"
}
data "azurerm_key_vault_secret" "db_password" {
name = "odb-admin-password"
key_vault_id = data.azurerm_key_vault.epic.id
}
# Use in resource
resource "azurerm_sql_server" "odb" {
administrator_login_password = data.azurerm_key_vault_secret.db_password.value
# ...
}
Retrieving Secrets in Ansible
- name: Get Key Vault secret
azure.azcollection.azure_rm_keyvaultsecret_info:
vault_uri: 'https://kv-ohemr-shared-eus2-001.vault.azure.net'
name: odb-admin-password
register: kv_secret
no_log: true
- name: Use secret
ansible.builtin.debug:
msg: 'Password retrieved: {{ kv_secret.secrets[0].secret | length }} characters'
Azure Backup and Recovery
Backup Plugin Configuration
- name: Configure Azure Backup for Epic VMs
ansible.builtin.include_role:
name: utilities
tasks_from: azure/backup_plugin.yml
vars:
backup_policy_name: 'epic-daily-backup'
retention_days: 30
backup_time: '02:00' # 2 AM local time
Snapshot Management
# Create VM snapshot for ODB
az snapshot create \
--resource-group rg-ohemr-prod-eus2-compute \
--name snap-odb01-$(date +%Y%m%d) \
--source /subscriptions/{sub-id}/resourceGroups/{rg}/providers/Microsoft.Compute/disks/disk-odb01-data
# Restore from snapshot
az disk create \
--resource-group rg-ohemr-prod-eus2-compute \
--name disk-odb01-data-restored \
--source snap-odb01-20260112
Managed Identity Best Practices
System-Assigned Identity (Preferred)
resource "azurerm_linux_virtual_machine" "app" {
name = "vm-ohemr-prod-eus2-app01"
resource_group_name = azurerm_resource_group.epic.name
location = azurerm_resource_group.epic.location
# System-assigned managed identity
identity {
type = "SystemAssigned"
}
}
# Grant identity access to Key Vault
resource "azurerm_key_vault_access_policy" "vm_access" {
key_vault_id = azurerm_key_vault.epic.id
tenant_id = data.azurerm_client_config.current.tenant_id
object_id = azurerm_linux_virtual_machine.app.identity[0].principal_id
secret_permissions = [
"Get",
"List"
]
}
User-Assigned Identity (Multiple Resources)
resource "azurerm_user_assigned_identity" "epic_app" {
name = "id-ohemr-prod-eus2-app"
resource_group_name = azurerm_resource_group.epic.name
location = azurerm_resource_group.epic.location
}
resource "azurerm_linux_virtual_machine" "app" {
# ...
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.epic_app.id]
}
}
Azure Files for Epic
File Share Creation
resource "azurerm_storage_account" "epic_files" {
name = "stohepmepicfiles"
resource_group_name = azurerm_resource_group.epic.name
location = azurerm_resource_group.epic.location
account_tier = "Premium"
account_replication_type = "LRS"
account_kind = "FileStorage"
# Network rules
network_rules {
default_action = "Deny"
ip_rules = var.allowed_ip_ranges
virtual_network_subnet_ids = [
azurerm_subnet.app.id
]
}
}
resource "azurerm_storage_share" "epic_share" {
name = "epic-shared-data"
storage_account_name = azurerm_storage_account.epic_files.name
quota = 5120 # 5 TB
enabled_protocol = "SMB"
# Premium performance
access_tier = "Premium"
}
Mounting Azure Files in Linux
- name: Mount Azure Files share
become: true
ansible.posix.mount:
path: /mnt/epic-shared
src: '//stohepmepicfiles.file.core.windows.net/epic-shared-data'
fstype: cifs
opts: 'username={{ storage_account_name }},password={{ storage_account_key }},dir_mode=0755,file_mode=0644,serverino,nosharesock,actimeo=30'
state: mounted
Monitoring and Diagnostics
Diagnostic Settings
resource "azurerm_monitor_diagnostic_setting" "vm_diagnostics" {
name = "diag-vm-logs"
target_resource_id = azurerm_linux_virtual_machine.app.id
log_analytics_workspace_id = data.azurerm_log_analytics_workspace.epic.id
metric {
category = "AllMetrics"
enabled = true
retention_policy {
enabled = true
days = 30
}
}
enabled_log {
category = "Administrative"
retention_policy {
enabled = true
days = 90
}
}
}
Security Best Practices
Network Security
- NSG Rules: Use service tags, deny by default
- Private Endpoints: For storage accounts, Key Vault, SQL databases
- Network Isolation: Separate subnets for app, data, management tiers
- Azure Firewall: Centralized egress control
- Just-In-Time Access: For VM management
Identity and Access
- Managed Identities: Prefer system-assigned over service principals
- RBAC: Least privilege, scoped to resource group or resource
- Key Vault: Centralize secrets, enable soft delete and purge protection
- Conditional Access: MFA for Azure Portal access
Compliance
- Tagging: Mandatory tags (CostCenter, Environment, Application, Owner)
- Audit Logging: Enable for all subscriptions
- Azure Policy: Enforce naming, allowed locations, required tags
- HIPAA Compliance: PHI data encryption at rest and in transit
Cost Optimization
VM Right-Sizing
# Analyze VM utilization with Azure CLI
az vm list-usage --location eastus2 -o table
# Get VM recommendations from Azure Advisor
az advisor recommendation list \
--category Cost \
--query "[?properties.impactedField=='Microsoft.Compute/virtualMachines']"
# Resize VM
az vm resize \
--resource-group rg-ohemr-prod-eus2-compute \
--name vm-ohemr-prod-eus2-app01 \
--size Standard_D4s_v5
Reserved Instances
# Reserve capacity for long-running workloads (1-3 year commitment)
# Purchase via Azure Portal → Reservations
# Calculate savings
# Standard_E8ds_v5: $0.456/hour (pay-as-you-go)
# Standard_E8ds_v5: $0.291/hour (1-year reserved) = 36% savings
# Standard_E8ds_v5: $0.202/hour (3-year reserved) = 56% savings
# Best for: Production ODB, Citrix VDAs, persistent workloads
Azure Hybrid Benefit
# Use existing Windows/SQL licenses on Azure VMs
resource "azurerm_linux_virtual_machine" "odb" {
# ... other config
# For Windows VMs with existing licenses:
license_type = "Windows_Server" # Saves ~40% on Windows VM costs
}
resource "azurerm_mssql_virtual_machine" "sql" {
# For SQL Server with existing licenses:
sql_license_type = "AHUB" # Azure Hybrid Use Benefit
}
Spot VMs for Dev/Test
# Use Spot VMs for non-critical workloads (up to 90% savings)
resource "azurerm_linux_virtual_machine" "dev_vm" {
name = "vm-ohemr-dev-eus2-test01"
resource_group_name = azurerm_resource_group.dev.name
location = azurerm_resource_group.dev.location
size = "Standard_D4s_v5"
priority = "Spot"
eviction_policy = "Deallocate"
max_bid_price = 0.05 # Maximum price per hour (optional)
# ... other config
}
Auto-Shutdown for Dev VMs
resource "azurerm_dev_test_global_vm_shutdown_schedule" "dev_shutdown" {
virtual_machine_id = azurerm_linux_virtual_machine.dev_vm.id
location = azurerm_linux_virtual_machine.dev_vm.location
enabled = true
daily_recurrence_time = "1900" # 7 PM
timezone = "Central Standard Time"
notification_settings {
enabled = true
email = "[email protected]"
}
}
Storage Optimization
# Use appropriate storage tiers
resource "azurerm_storage_account" "epic_logs" {
name = "stohepmeplogs"
resource_group_name = azurerm_resource_group.epic.name
location = azurerm_resource_group.epic.location
account_tier = "Standard" # Not Premium for logs
account_replication_type = "LRS" # Not GRS for logs
# Lifecycle management - move old logs to cool/archive
blob_properties {
lifecycle_management_policy {
rule {
name = "archive-old-logs"
enabled = true
filters {
blob_types = ["blockBlob"]
prefix_match = ["logs/"]
}
actions {
base_blob {
tier_to_cool_after_days_since_modification_greater_than = 30
tier_to_archive_after_days_since_modification_greater_than = 90
delete_after_days_since_modification_greater_than = 365
}
}
}
}
}
}
Azure Policy Examples
Require Tags
# Enforce mandatory tags on all resources
resource "azurerm_policy_definition" "require_tags" {
name = "require-mandatory-tags"
policy_type = "Custom"
mode = "Indexed"
display_name = "Require mandatory tags on resources"
policy_rule = jsonencode({
if = {
allOf = [
{
field = "tags"
exists = "false"
}
]
}
then = {
effect = "deny"
}
})
parameters = jsonencode({
tagNames = {
type = "Array"
metadata = {
description = "List of required tags"
displayName = "Tag Names"
}
defaultValue = ["CostCenter", "Environment", "Application", "Owner"]
}
})
}
# Assign policy to subscription
resource "azurerm_policy_assignment" "require_tags_assignment" {
name = "require-tags-assignment"
scope = "/subscriptions/${var.subscription_id}"
policy_definition_id = azurerm_policy_definition.require_tags.id
description = "Enforce mandatory tags on all resources"
display_name = "Require Tags Assignment"
parameters = jsonencode({
tagNames = ["CostCenter", "Environment", "Application", "Owner"]
})
}
Restrict VM SKUs
# Only allow approved VM SKUs
resource "azurerm_policy_definition" "allowed_vm_skus" {
name = "allowed-vm-skus"
policy_type = "Custom"
mode = "Indexed"
display_name = "Allowed VM SKUs"
policy_rule = jsonencode({
if = {
allOf = [
{
field = "type"
equals = "Microsoft.Compute/virtualMachines"
}
{
not = {
field = "Microsoft.Compute/virtualMachines/sku.name"
in = [
"Standard_D4s_v5",
"Standard_D8s_v5",
"Standard_E8ds_v5",
"Standard_E16ds_v5"
]
}
}
]
}
then = {
effect = "deny"
}
})
}
Enforce Encryption
# Require disk encryption for all VMs
resource "azurerm_policy_definition" "require_disk_encryption" {
name = "require-disk-encryption"
policy_type = "Custom"
mode = "Indexed"
display_name = "Require disk encryption"
policy_rule = jsonencode({
if = {
allOf = [
{
field = "type"
equals = "Microsoft.Compute/virtualMachines"
}
{
field = "Microsoft.Compute/virtualMachines/storageProfile.osDisk.encryptionSettings.enabled"
notEquals = "true"
}
]
}
then = {
effect = "audit" # or "deny" for strict enforcement
}
})
}
Disaster Recovery
Azure Site Recovery (ASR)
# Set up ASR for Epic ODB VMs
resource "azurerm_recovery_services_vault" "epic_dr" {
name = "rsv-ohemr-prod-eus2-dr"
location = "centralus" # DR region
resource_group_name = azurerm_resource_group.dr.name
sku = "Standard"
soft_delete_enabled = true
}
resource "azurerm_site_recovery_replicated_vm" "odb_replication" {
name = "vm-ohemr-prod-eus2-odb01-asr"
resource_group_name = azurerm_resource_group.dr.name
recovery_vault_name = azurerm_recovery_services_vault.epic_dr.name
source_recovery_fabric_name = "fabric-eus2"
source_vm_id = azurerm_linux_virtual_machine.odb.id
recovery_replication_policy_id = azurerm_site_recovery_replication_policy.epic.id
source_recovery_protection_container_name = "container-eus2"
target_resource_group_id = azurerm_resource_group.dr_target.id
target_recovery_fabric_id = "fabric-cus"
target_recovery_protection_container_id = "container-cus"
managed_disk {
disk_id = azurerm_managed_disk.odb_os.id
staging_storage_account_id = azurerm_storage_account.asr_cache.id
target_resource_group_id = azurerm_resource_group.dr_target.id
target_disk_type = "Premium_LRS"
target_replica_disk_type = "Premium_LRS"
}
}
Backup Strategies
# AWX job template for Epic backup orchestration
- name: Epic Disaster Recovery Backup
job_type: run
inventory: Epic Production Inventory
project: ohemr-ansible-playbooks
playbook: playbooks/epic-on-azure/pb_disaster_recovery_backup.yml
credentials:
- Epic Azure Service Principal
schedule:
rrule: 'DTSTART:20260101T020000Z RRULE:FREQ=DAILY;INTERVAL=1'
extra_vars:
backup_components:
- odb_database # Full ODB backup
- azure_files # Snapshot Azure Files shares
- vm_snapshots # Azure VM snapshots
- configurations # Terraform state, AWX config
RTO/RPO Targets
Epic Production Infrastructure:
- RTO (Recovery Time Objective): 4 hours
- RPO (Recovery Point Objective): 1 hour
Backup Schedule:
- ODB Full Backup: Daily (2 AM)
- ODB Incremental: Hourly
- VM Snapshots: Daily (2 AM)
- Azure Files Snapshots: Every 6 hours
- Configuration Backup: On change (Git commits)
Troubleshooting Common Issues
VM Performance Issues
# Check VM metrics
az vm get-instance-view \
--resource-group rg-ohemr-prod-eus2-compute \
--name vm-ohemr-prod-eus2-odb01 \
--query "instanceView.platformUpdateDomain"
# Check if VM is throttled
az monitor metrics list \
--resource /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Compute/virtualMachines/{vm} \
--metric "Percentage CPU" \
--start-time 2026-01-12T00:00:00Z \
--end-time 2026-01-12T23:59:59Z \
--interval PT1M
# Common issues:
# 1. CPU throttling (check Premium SSD IOPS)
# 2. Memory pressure (check ODB global buffers)
# 3. Network throttling (check VM SKU network limits)
# 4. Disk IOPS exhaustion (upgrade to Premium SSD v2)
Network Connectivity Issues
# Test network connectivity
az network watcher test-connectivity \
--source-resource vm-ohemr-prod-eus2-app01 \
--dest-address vm-ohemr-prod-eus2-odb01 \
--dest-port 1972 \
--resource-group rg-ohemr-prod-eus2-network
# Check NSG rules
az network nsg rule list \
--resource-group rg-ohemr-prod-eus2-network \
--nsg-name nsg-ohemr-prod-eus2-odb \
--output table
# Check effective routes
az network nic show-effective-route-table \
--resource-group rg-ohemr-prod-eus2-compute \
--name nic-ohemr-prod-eus2-odb01
# Common issues:
# 1. NSG blocking traffic (check priority order)
# 2. UDR (User-Defined Route) misconfiguration
# 3. VNet peering not established
# 4. Service endpoint not enabled
Azure Files Performance
# Check Azure Files metrics
az monitor metrics list \
--resource /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{account}/fileServices/default \
--metric "Transactions" \
--start-time 2026-01-12T00:00:00Z \
--end-time 2026-01-12T23:59:59Z
# Check mount on Linux VM
mount | grep cifs
df -h | grep epicfiles
# Common issues:
# 1. SMB 3.0 not enabled (check mount options: vers=3.0)
# 2. Authentication failure (check storage account key)
# 3. Throttling (check IOPS limits for tier)
# 4. Network latency (use accelerated networking on VMs)
Managed Identity Issues
# Test managed identity token retrieval
curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net' \
-H Metadata:true
# Check managed identity assignment
az vm identity show \
--resource-group rg-ohemr-prod-eus2-compute \
--name vm-ohemr-prod-eus2-app01
# Check RBAC assignments
az role assignment list \
--assignee <managed-identity-object-id> \
--output table
# Common issues:
# 1. Managed identity not assigned to VM
# 2. RBAC role not granted to identity
# 3. Scope incorrect (subscription vs resource group)
# 4. Delay in identity propagation (wait 5-10 minutes after assignment)
Performance Tuning
VM Performance
Accelerated Networking:
resource "azurerm_network_interface" "odb_nic" {
name = "nic-ohemr-prod-eus2-odb01"
location = azurerm_resource_group.epic.location
resource_group_name = azurerm_resource_group.epic.name
# Enable accelerated networking for better performance
enable_accelerated_networking = true
# Required for E-series VMs, improves latency by 50%+
}
Premium SSD v2:
resource "azurerm_managed_disk" "odb_data" {
name = "disk-odb01-data"
location = azurerm_resource_group.epic.location
resource_group_name = azurerm_resource_group.epic.name
storage_account_type = "PremiumV2_LRS" # Better than Premium_LRS
create_option = "Empty"
disk_size_gb = 1024
# Customize IOPS and throughput independently
disk_iops_read_write = 10000 # Up to 80,000 IOPS
disk_mbps_read_write = 500 # Up to 1,200 MB/s
}
Azure Files Performance
resource "azurerm_storage_account" "epic_files" {
name = "stohepmepicfiles"
resource_group_name = azurerm_resource_group.epic.name
location = azurerm_resource_group.epic.location
account_tier = "Premium"
account_replication_type = "LRS"
account_kind = "FileStorage"
# Enable large file shares (up to 100 TB)
large_file_share_enabled = true
# SMB settings
azure_files_authentication {
directory_type = "AD" # Active Directory integration
}
# Performance: Premium tier provides:
# - Up to 100,000 IOPS per share
# - Up to 10 GB/s throughput
# - Sub-millisecond latency
}
ODB-Specific Tuning
# Ansible tasks for ODB performance tuning
- name: Tune ODB global buffers
ansible.builtin.lineinfile:
path: /usr/irissys/iris.cpf
regexp: '^globals='
line: 'globals=4096,0,1536' # Increase global buffers
notify: restart iris
- name: Tune ODB lock table
ansible.builtin.lineinfile:
path: /usr/irissys/iris.cpf
regexp: '^locktab='
line: 'locktab=256000000' # Increase lock table size
notify: restart iris
- name: Enable async I/O
ansible.builtin.lineinfile:
path: /usr/irissys/iris.cpf
regexp: '^asyncio='
line: 'asyncio=1'
notify: restart iris
When to Apply This Skill
Use azure-expert skill when working with:
- ✅ Azure resource provisioning and management
- ✅ Multi-subscription Epic architecture
- ✅ Terraform Azure provider resources
- ✅ Ansible Azure collection tasks
- ✅ Azure networking and security configuration
- ✅ Key Vault integration for secrets management
- ✅ Managed identities and RBAC configuration
- ✅ Azure Files and storage setup
- ✅ Monitoring and diagnostic settings
Resources
Related Assets
terraform-expert
Enterprise Infrastructure-as-Code with Terraform, Azure provider, private registry modules, and Optum Epic patterns
Owner: epic-platform-sre
ansible-expert
Enterprise Ansible automation with AWX, collections, roles, and Optum Epic infrastructure patterns
Owner: epic-platform-sre
Ansible Development & AWX Operations Assistant (Optum)
Complete Ansible development lifecycle assistant for Epic on Azure - create playbooks and roles locally, manage requirements.yml versions, test workflows, and deploy in AWX with CaC patterns.
Owner: epic-platform-sre
azure
Azure Describe Mode
Owner: pcorazao
Ansible Playbook Creation Assistant
Interactive guide for creating new Ansible playbooks that execute in AWX, following Epic on Azure patterns for role integration, vault secrets, and testing workflows.
Owner: epic-platform-sre
Ansible Requirements.yml Management Assistant
Guide for managing role versions in requirements.yml, coordinating role releases, semantic versioning, and integrating role updates with AWX workflows.
Owner: epic-platform-sre

