All integrations
Azure Container Apps
Deployment

Deploy Cerbos on Azure Container Apps

Run the Cerbos PDP as a managed container on Azure Container Apps with built-in scaling and revision management.

Managed containers

Managed containers

Deploy the Cerbos container image to Azure Container Apps without managing underlying infrastructure or orchestrators

Revision management

Revision management

Container Apps manages revisions automatically, enabling traffic splitting between Cerbos versions during upgrades

Scale-to-zero

Scale-to-zero

Scale Cerbos replicas based on HTTP traffic, including scaling to zero when there are no incoming requests

What is Cerbos?

Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.

Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.

Deploying Cerbos via Azure Container Apps gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.

How to deploy Cerbos on Azure Container Apps

  1. Create the container app, Run az containerapp create with the official Cerbos container image and configure ingress on the HTTP port.
  2. Configure policy loading, Set environment variables to point Cerbos at a Git repository or Cerbos Hub for policy storage.
  3. Configure scaling rules, Set minimum and maximum replica counts and scaling triggers based on your traffic patterns.
  4. Connect your application, Use a Cerbos SDK to send authorization checks to the container app's ingress endpoint.

FAQ

How do I deploy Cerbos on Azure Container Apps?

Create a container app using `az containerapp create` with the official Cerbos container image. Configure ingress to expose the HTTP port and set environment variables for policy loading.

Does Cerbos require any external dependencies?

No. Cerbos requires no database or message queue. Policies load from a Git repository or Cerbos Hub, both compatible with Azure Container Apps.

How does scaling work with Cerbos on Container Apps?

Azure Container Apps scales Cerbos replicas based on HTTP traffic or custom rules. Cerbos is stateless, so each replica operates independently.

Cerbos + Azure Container Apps

  • Cerbos runs alongside your workloads in Azure Container Apps
  • No external databases or message queues required
  • Built-in metrics, distributed tracing, and structured logging
  • Stateless PDP instances scale horizontally

What is Cerbos?

Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.

Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.