Azure Container Instances (ACI)

Azure Container Instances is the fastest and simplest way to run a container on Azure. There are no virtual machines to provision, no orchestrator to configure, and no cluster to manage. You specify a container image, the CPU and memory it needs, and Azure runs it — typically within seconds. ACI is ideal for scenarios where you need quick, isolated compute without the overhead of a full container platform.

---

When to Use ACI

ACI is not a replacement for Kubernetes or Container Apps. It fills a specific niche:

Use case	Why ACI?
Batch processing	Run a job, process data, then stop — pay only for execution time
CI/CD build agents	Spin up isolated build agents on demand
Dev/test	Quickly test a container image without setting up infrastructure
Event-driven tasks	Trigger a container from a Logic App, Function, or queue
AKS burst (virtual nodes)	Overflow AKS workloads to ACI when nodes are full
Sidecar/init containers	Run supporting containers alongside a main process

ACI is not suited for long-running, highly available production services — use Container Apps or AKS for those.

---

Creating Your First Container Instance

Using the Azure CLI

az container create \
  --resource-group rg-containers \
  --name my-nginx \
  --image nginx:1.25-alpine \
  --cpu 1 \
  --memory 1.5 \
  --ports 80 \
  --dns-name-label my-nginx-demo \
  --restart-policy OnFailure

This creates a container running NGINX with 1 vCPU and 1.5 GiB of memory, accessible via my-nginx-demo.<region>.azurecontainer.io.

Key Parameters

Parameter	Description
--image	The container image (from ACR, Docker Hub, or any registry)
--cpu	Number of CPU cores (supports fractional, e.g. 0.5)
--memory	Memory in GiB
--ports	Ports to open on the container
--dns-name-label	Public DNS label (creates a FQDN)
--restart-policy	Always, OnFailure, or Never
--environment-variables	Key-value pairs for the container
--secure-environment-variables	Encrypted environment variables (not shown in logs)

---

Container Groups

A container group is the top-level resource in ACI. It is similar to a Kubernetes pod — a group of containers that share the same lifecycle, network, and storage.

+------------------------------------------+
|           Container Group                 |
|------------------------------------------|
|  +----------+  +----------+  +--------+  |
|  |  Main    |  |  Sidecar |  |  Init  |  |
|  | Container|  | Container|  |Container|  |
|  +----------+  +----------+  +--------+  |
|                                          |
|  Shared: IP address, ports, volumes      |
+------------------------------------------+

Key Properties

• All containers in a group share the same IP address and port space
• Containers communicate via localhost
• Init containers run to completion before main containers start
• Sidecar containers run alongside the main container (logging agents, proxies)
• CPU and memory are allocated at the group level

Deploying a Container Group with YAML

For multi-container groups, use a YAML definition:

apiVersion: '2021-09-01'
name: my-container-group
location: uksouth
properties:
  osType: Linux
  containers:
    - name: web
      properties:
        image: mycompanyacr.azurecr.io/web:1.0
        ports:
          - port: 80
        resources:
          requests:
            cpu: 1.0
            memoryInGB: 1.0
    - name: log-shipper
      properties:
        image: mycompanyacr.azurecr.io/log-shipper:1.0
        resources:
          requests:
            cpu: 0.5
            memoryInGB: 0.5
  ipAddress:
    type: Public
    ports:
      - protocol: TCP
        port: 80
  imageRegistryCredentials:
    - server: mycompanyacr.azurecr.io
      identity: /subscriptions/.../managedIdentities/acr-pull

Deploy with:

az container create \
  --resource-group rg-containers \
  --file container-group.yaml

---

Pulling Images from ACR