// Design Azure cloud architectures from requirements and generate High-Level Design (HLD) documentation with service selection, patterns, cost estimates, and WAF alignment. Use this when asked to design or architect Azure solutions.
Create, update, review, and validate GitHub Copilot agent skills (SKILL.md files). Use this skill whenever someone wants to create a new skill, build a skill from scratch, package domain knowledge into a reusable agent skill, turn a workflow into a skill, or asks "how do I teach Copilot to do X consistently". Also use when updating or improving an existing SKILL.md, writing the description field for better triggering, or designing the folder structure and bundled resources for a skill. Do NOT use for general coding questions, runtime debugging, or MCP server configuration.
Reviews Azure API Management configurations for security vulnerabilities, OWASP API Security Top 10 compliance, VNet Internal mode validation, Private Link verification, and Azure Security Benchmark alignment. Use when performing security audits, pre-deployment validation, or compliance reviews.
Creates production-ready Azure API Management policy XML for authentication (OAuth 2.0, JWT validation, subscription keys), rate limiting, CORS configuration, error handling, and API transformations. Use when implementing API security, access control, or request/response processing logic.
Guides deployment of Azure API Management infrastructure using Infrastructure as Code (Bicep/Terraform), CI/CD pipelines (GitHub Actions/Azure DevOps), and APIOps workflows. Use when deploying APIM, creating pipelines, or implementing dev→test→prod promotion strategies.
Create, maintain, and troubleshoot APM (Agent Package Manager) manifests for distributing GitHub Copilot skills, agents, and MCP servers. USE FOR: creating apm.yml root manifests; creating packages/* sub-manifests; bundling MCP server config into a package; installing packages from a GitHub repo; troubleshooting APM install errors (missing .vscode/mcp.json, Codex CLI warnings, cached installs). DO NOT USE FOR: general GitHub Copilot customization questions; creating SKILL.md files (use skill-creator); writing MCP server code.
Analyzes and explains Azure API Management architecture decisions for enterprise API marketplace implementations using VNet Internal mode, Front Door, hybrid authentication, and multi-environment strategies. Use when discussing APIM component selection, network topology, cost optimization, or comparing alternatives like workspaces vs instances, VNet Internal vs External mode, or Front Door vs Application Gateway.
| name | architecture-design |
| description | Design Azure cloud architectures from requirements and generate High-Level Design (HLD) documentation with service selection, patterns, cost estimates, and WAF alignment. Use this when asked to design or architect Azure solutions. |
| metadata | {"author":"Thomas Thornton","version":"1.0.0","last-updated":"2026-05-19"} |
Design comprehensive Azure architectures and produce HLD documentation following Well-Architected Framework and Cloud Adoption Framework best practices.
Ask clarifying questions about:
Service Selection Priority: PaaS > Containers > IaaS
Refer to references.md for detailed guidance on:
Key Decision Criteria:
Apply patterns based on requirements:
N-Tier (Traditional):
Microservices:
Event-Driven:
Serverless:
Address all five pillars (detailed checklists in waf-assessment skill):
Reliability:
Security:
Cost Optimization:
Operational Excellence:
Performance Efficiency:
Follow Cloud Adoption Framework:
{resource-type}-{workload}-{environment}-{region}-{instance}
Examples:
- rg-ecommerce-prod-eastus-001
- app-ecommerce-prod-eastus-001
- sql-ecommerce-prod-eastus-001
- kv-ecommerce-prod-eastus
- func-orderproc-prod-eastus-001
Standard Tags:
Environment: Production | Staging | Development | Test
Owner: teamname@company.com
CostCenter: IT-12345
Project: ProjectName
BusinessUnit: Sales | Marketing | Engineering
Criticality: Critical | High | Medium | Low
DataClassification: Public | Internal | Confidential | Restricted
Invoke the azure-pricing skill to retrieve live retail pricing. Never estimate costs from memory.
The azure-pricing skill will:
azure-mcp/pricing (pricing_get) per billable resource SKU and regionConfirm all service SKUs in step 3 before requesting pricing — the tool requires a specific SKU or service name.
Structure the cost output by category:
Generate comprehensive HLD documents with these sections:
For each component:
azure-pricing skill to retrieve live retail prices per service SKU and target region# High-Level Design: E-Commerce Web Platform
## 1. Executive Summary
This HLD describes a scalable e-commerce platform on Azure supporting up to 100K concurrent users
with 99.95% availability. The solution uses proven PaaS services with multi-region capabilities,
comprehensive security controls, and cost-optimized infrastructure.
**Key Benefits:**
- Global reach with Azure Front Door CDN
- Auto-scaling for traffic spikes (Black Friday, holidays)
- PCI-DSS compliant payment processing
- **Estimated cost**: see Section 10 — priced live via the `azure-pricing` skill per SKU and target region
**Timeline:** 8-week implementation with phased rollout
## 3. Architecture Overview
**Pattern:** N-Tier with asynchronous order processing
**Components:**
Azure Front Door (Global CDN + WAF) └─ Application Gateway (Regional WAF + LB) ├─ App Service (Web Frontend - 3 instances, P2v3) ├─ App Service (API Backend - 3 instances, P2v3) ├─ Azure Functions (Order Processor, Premium) ├─ Azure SQL Database (S2 DTU, 50GB) ├─ Redis Cache (Basic C1, 1GB) └─ Blob Storage (Hot tier, product images)
**Rationale:** N-tier provides proven scalability, PaaS reduces operational overhead,
Functions handle asynchronous order processing, Azure SQL provides ACID guarantees.
## 4. Component Design
**Frontend Web App**
- Service: Azure App Service (Linux)
- SKU: P2v3 (2 vCores, 8GB RAM)
- Instances: 3 (Availability Zones 1, 2, 3)
- Auto-scale: 3-10 instances based on CPU > 70%
- Naming: app-ecommerce-web-prod-eastus-001
- Purpose: Serves customer-facing website
[Continue with all components...]
Be Specific: Use exact service names and SKUs (not "database" but "Azure SQL Database S2 DTU")
Show Trade-offs: Explain why you chose service X over Y
Include Diagrams: Describe architecture visually with clear component relationships
Live Pricing: Invoke the azure-pricing skill for every cost section — never guess prices from memory; always pass the target region and currency (e.g. GBP for UK workloads)
Cost-Aware: Always provide cost estimates and optimization opportunities
Security First: Address authentication, authorization, encryption, network security
WAF Alignment: Reference specific WAF principles in design decisions
Naming Standards: Use CAF conventions consistently
Implementation-Ready: Provide enough detail for IaC generation
Avoid: Vague terms, missing costs, ignoring security, skipping WAF, incomplete components, no rationale