Skills

Azure

Installation
SKILL.md

Azure Production Rules

Cost Traps

  • Stopped VMs still pay for attached disks and public IPs — deallocate fully with az vm deallocate not just stop from portal
  • Premium SSD default on VM creation — switch to Standard SSD for dev/test, saves 50%+
  • Log Analytics workspace retention defaults to 30 days free, then charges per GB — set data retention policy and daily cap before production
  • Bandwidth between regions is charged both ways — keep paired resources in same region, use Private Link for cross-region when needed
  • Cosmos DB charges for provisioned RU/s even when idle — use serverless for bursty workloads or autoscale with minimum RU setting

Security Rules

  • Resource Groups don't provide network isolation — NSGs and Private Endpoints do. RG is for management, not security boundary
  • Managed Identity eliminates secrets for Azure-to-Azure auth — use System Assigned for single-resource, User Assigned for shared identity
  • Key Vault soft-delete enabled by default (90 days) — can't reuse vault name until purged, plan naming accordingly
  • Azure AD conditional access policies don't apply to service principals — use App Registrations with certificate auth, not client secrets
  • Private Endpoints don't automatically update DNS — configure Private DNS Zone and link to VNet or resolution fails
Installs
1
Repository
openclaw/skills
GitHub Stars
4.5K
First Seen
Feb 28, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Azure — openclaw/skills