My GitHub repo shows how to use Azure Container Instance to execute a Python script. It also shows how to build the container image that runs the Python in both Windows & Linux. In addition, it shows how to pull a connection string from KeyVault and make it available to the running container code. Finally, it shows how to set up an Azure Logic App to run this container on a schedule.

Disclaimer
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Prerequisites
- Docker Desktop for Windows
- Azure CLI
- Azure subscription & resource group
- Python 3.8 or greater
Review the container instance running in Azure
- Navigate to the Azure portal and navigate to your subscription & resource group.
- Click on one of the
Azure Container Instance
instances. - On the
Containers
tab, you can see that the container is now terminated (since it ran to completion). - Click on the
Logs
tab to see the logs the container generated as it ran. These should match the values that were output by the Python script when running locally.

- Click on the
Properties
tab to see the container instance properties, including the environment variable that stores the storage account connection string that was retrieved from the Key Vault.

How to get the storage account connection string secret from the Key Vault into the Azure Container Instance
We need the Python code running inside the Container Instance to be able to access the storage account connection string. We can get the storage account connection string secret from the KeyVault and store it in an environment variable. Normally, this would be done by using a managed identity that has access to the KeyVault, but Windows container instances can’t use managed identity at this time (and it is in preview for Linux containers).
Therefore, we can pull this secret at deployment time as part of the Azure Resource Manager deployment. ARM will pull the secret and store the value as an environment variable in the container instance.
Review the Logic App
- Navigate to the Azure portal and navigate to your subscription & resource group.
- Click on the
Logic App
resource. - The first execution is likely to have failed because the
aci
connection was not initialized on initial deployment. Re-run the Logic App to ensure it runs. Click on theRun Trigger->Run
button on theOverview
blade. - Click on the most recent run on the
Runs history
tab on theOverview
blade.

This Logic App will run once per day and start the Azure Container Instance.