βββββββ βββββββ βββββββ ββββββββ βββββββββ βββββββ
βββββββββββββββββββββββββββββββββ ββββββββββββββββββ
βββ βββ ββββββ βββββββββ βββ βββ βββ
βββ βββ ββββββ βββββββββ βββ βββ βββ
βββββββββββββββββββββββββββββββββ βββ βββββββββ
βββββββ βββββββ βββββββ ββββββββ βββ βββββββ
ββββββββββ βββββββ βββ ββββββββββ
βββββββββββ ββββββββββββ βββββββββββ
βββ βββ βββ ββββββ ββββββ βββ
βββ βββ βββ ββββββ ββββββ βββ
ββββββββββββββββββββββββββββββββββββββββββ
βββββββββββββββ βββββββ βββββββ βββββββ
TL;DR: This blog demonstrates how to use GitHub Copilot (Opus 4.5) with Azure MCP servers to automatically generate comprehensive infrastructure documentation from live Azure resourcesβturning natural language prompts into a full wiki in minutes.
This repository showcases a practical approach to automating infrastructure documentation using generative AI. Instead of manually documenting Azure resources, we use GitHub Copilot to query live infrastructure and generate:
- Architecture diagrams
- Resource inventories
- Integration guides
- Operational runbooks
- Dependency maps
The result? A complete infrastructure wiki generated through 6 conversational prompts.
- Learn how AI assistants can accelerate documentation tasks
- Understand patterns for integrating GitHub Copilot into your workflow
- See practical examples of prompt engineering for infrastructure tasks
- Discover how to auto-generate documentation for Azure landing zones
- Explore patterns for maintaining living documentation
- Learn RBAC requirements for AI-assisted infrastructure queries
- Automate runbook generation from existing infrastructure
- Keep documentation synchronized with actual deployments
- Reduce documentation debt with AI assistance
Before you can replicate this workflow, ensure you have the following set up:
The fastest way to get startedβno local setup required:
What's included:
- Ubuntu minimal base image
- Azure CLI pre-installed
- GitHub Copilot + Azure MCP extensions
- 2 vCPU / 4GB RAM / 16GB storage (Codespaces Lite)
After launch, just authenticate:
az login --use-device-code| Tool | Purpose | macOS | Windows |
|---|---|---|---|
| VS Code | Development environment | brew install --cask visual-studio-code |
winget install Microsoft.VisualStudioCode |
| GitHub Copilot | AI assistant (with Chat enabled) | Subscribe | Subscribe |
| Azure CLI | Azure authentication | brew install azure-cli |
winget install Microsoft.AzureCLI |
| Azure MCP Extension | Copilot-to-Azure integration | Install via VS Code Extensions | Install via VS Code Extensions |
macOS (Homebrew):
brew install --cask visual-studio-code
brew install azure-cliWindows (winget):
winget install Microsoft.VisualStudioCode
winget install Microsoft.AzureCLIThis workflow leverages the Model Context Protocol (MCP) to connect GitHub Copilot with Azure services:
| MCP Server | Capabilities | Used For |
|---|---|---|
| Azure Resource Graph | Query resources across subscriptions | Discovering and inventorying resources |
| Azure Resource Manager | List subscriptions, resource groups | Navigation and scoping |
| Azure CLI Integration | Execute az commands | Authentication and advanced queries |
To run the prompts in this guide, your Azure identity needs the following permissions:
| Role | Scope | Purpose |
|---|---|---|
| Reader | Subscription or Resource Group | Query resource metadata and configurations |
| Resource Graph Reader | Subscription | Execute Azure Resource Graph queries |
Minimum Required:
Readerrole at the resource group level is sufficient for documentation generation.
# Assign Reader role at resource group scope
az role assignment create \
--assignee <your-user-or-service-principal-id> \
--role "Reader" \
--scope /subscriptions/<subscription-id>/resourceGroups/<resource-group-name># Login to Azure CLI
az login
# Verify your subscription access
az account list --output table
# Set your target subscription
az account set --subscription "<subscription-name-or-id>"We generated this entire wiki using just 6 natural language prompts. See the complete prompt sequence, what GitHub Copilot did at each step, and lessons learned:
Highlights:
- Progressive discovery from subscription β resource group β detailed docs
- Iterative refinement of architecture diagrams
- Single prompt that generated 12 documentation files
The following wiki was auto-generated by GitHub Copilot from the rg-artagent-voice-agent-dev resource group:
| Section | Description |
|---|---|
| Architecture Overview | System design and component relationships |
| Data Flow | How data moves through the system |
| Resource Inventory | Complete Azure resource listing |
| Integration Guides | Service integration patterns |
| Azure AI Integration | AI Services configuration |
| Communication Services | ACS setup and usage |
| Dependencies | Runtime and service dependencies |
| Deployment Runbook | Deployment procedures |
| Troubleshooting Guide | Common issues and solutions |
This wiki documents a Real-Time Audio Voice Agent infrastructureβa fictional scenario showcasing typical Azure AI workloads:
The Real-Time Audio Voice Agent enables:
- π€ Real-time voice conversations with AI-powered agents
- π Speech-to-text and text-to-speech processing
- π Voice calling capabilities via Azure Communication Services
- π§ Email integration for notifications and follow-ups
- π¬ Web chat interface as an alternative interaction channel
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π€ CLIENT LAYER β
β βββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β π Web Browser β β π Phone / PSTN β β
β βββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β β
βΌ βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π¦ AZURE CONTAINER APPS ENVIRONMENT β
β βββββββββββββββββββββββ βββββββββββββββββββββββ βββββββββββββββββββββββ β
β β Frontend β β Backend β β WebChat β β
β β (rtaudio-client) βββΆβ (rtaudio-server) ββββ (Demo UI) β β
β βββββββββββββββββββββββ βββββββββββββββββββββββ βββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
ββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββ
βΌ βΌ βΌ
βββββββββββββββββββββββββ βββββββββββββββββββββββββ βββββββββββββββββββββββββββββ
β π€ AZURE AI SERVICES β β π‘ COMMUNICATION SVC β β βοΈ PLATFORM SERVICES β
βββββββββββββββββββββββββ€ βββββββββββββββββββββββββ€ βββββββββββββββββββββββββββββ€
β β’ AI Foundry Hub β β β’ Communication Svc β β β’ Key Vault β
β β’ AI Project β β β’ Email Services β β β’ App Configuration β
β β’ Speech Services β β β’ PSTN Integration β β β’ Container Registry β
βββββββββββββββββββββββββ βββββββββββββββββββββββββ βββββββββββββββββββββββββββββ
π Detailed diagrams available in docs/architecture/overview.md
This section details the networking configuration discovered by querying the live Azure resources.
| Aspect | Configuration | Notes |
|---|---|---|
| VNet Integration | β Not configured | Container Apps Environment uses public networking |
| Private Endpoints | β None deployed | All services use public endpoints |
| NSGs | β Not applicable | No custom VNet = no NSG requirements |
| Subnets | β Not applicable | Managed by Azure Container Apps |
β οΈ Development Environment: This architecture uses public networking suitable for dev/test. Production deployments should implement VNet integration and private endpoints.
| Service | FQDN | Port | External |
|---|---|---|---|
| Frontend | <frontend-app>.<environment-id>.eastus2.azurecontainerapps.io |
8080 | β Yes |
| Backend | <backend-app>.<environment-id>.eastus2.azurecontainerapps.io |
8000 | β Yes |
| WebChat | <webchat-app>.<environment-id>.eastus2.azurecontainerapps.io |
3001 | β Yes |
| Property | Value |
|---|---|
| Static IP | <static-ip-address> |
| Default Domain | <environment-id>.eastus2.azurecontainerapps.io |
| Public Network Access | Enabled |
| VNet Configuration | None (Azure-managed networking) |
| Zone Redundancy | Disabled |
| mTLS | Disabled |
| Service | Type | Public Access | Private Endpoints | Network Rules |
|---|---|---|---|---|
| Key Vault | kv-<suffix> |
Enabled | None | RBAC Authorization enabled |
| Storage Account | st<suffix> |
Enabled | None | Bypass: AzureServices, Default: Allow |
| AI Services | <project><suffix>aif |
Enabled | None | None |
| Redis Enterprise | redis<suffix> |
Enabled | None | TLS 1.2 minimum |
| Cosmos DB (Mongo) | cosmos-cluster-<suffix> |
Enabled | None | None |
| Property | Value |
|---|---|
| Host | <redis-name>.eastus2.redis.azure.net |
| Port | 10000 |
| SKU | MemoryOptimized_M10 |
| Redis Version | 7.4 |
| High Availability | Enabled |
| Redundancy | Zone Redundant (ZR) |
| TLS Version | 1.2+ |
| Access Keys Auth | Disabled (Entra ID) |
| Property | Value |
|---|---|
| Connection String | mongodb+srv://<user>:<password>@<cluster-name>.mongocluster.cosmos.azure.com/ |
| Server Version | 8.0 |
| SKU | M30 |
| Storage | 128 GB |
| High Availability | Disabled |
| Replication Role | Primary |
-
Natural Language Works β Conversational prompts like "what's in this resource group?" are effective for infrastructure discovery
-
Progressive Discovery β Start broad (subscription) and narrow down (resource group β specific resources)
-
Iterative Refinement β Diagrams and documentation improve through follow-up prompts
-
Context Matters β Providing LLM instruction files (
.github/copilot-instructions.md) improves future AI interactions
- AI-generated docs should be reviewed for accuracy
- Sensitive information (keys, connection strings) must be filtered
- Complex architectures may need multiple prompt iterations
- Real-time data means docs can become stale
- Clone this repo to see the generated output
- Review the Prompt Journey to understand the process
- Set up prerequisites (see above)
- Run these prompts against your own Azure infrastructure:
1. "Do we have access to Azure? List my subscriptions and resource groups."
2. "What resources are in [your-resource-group]?"
3. "Create a wiki documenting [resource-group] with architecture diagrams,
resource inventory, integration guides, dependencies, runbooks,
and LLM instruction files following best practices."
4. [Iterate on specific sections as needed]
| Metric | Value |
|---|---|
| Total Prompts | 6 |
| Files Generated | 13 |
| Azure Queries | 6 |
| Documentation Pages | 10 |
| Time to Generate | ~15 minutes |
When using AI to document infrastructure:
- β Reader-only access is sufficientβno write permissions needed
- β No secrets exposed β AI queries metadata, not secret values
- β Audit trail β All queries go through Azure Resource Graph
β οΈ Review outputs β Ensure no sensitive resource names are shared publicly
βββ README.md # This file (blog/guide)
βββ PROMPT_JOURNEY.md # Detailed prompt documentation
βββ .github/
β βββ copilot-instructions.md # GitHub Copilot context file
βββ docs/ # Generated wiki documentation
βββ architecture/
βββ resources/
βββ integrations/
βββ dependencies/
βββ runbooks/
Found this useful? Have improvements?
- β Star this repo if you found it helpful
- π Open an issue for questions or suggestions
- π Submit a PR with improvements to the prompts or documentation
See CONTRIBUTING.md for guidelines.
This project is licensed under the MIT License. Feel free to use, modify, and share.
Kevin Evans β Code to Cloud
Built with GitHub Copilot (Claude Opus 4.5) + Azure MCP Servers β February 2026