Migrate from Fastly to Azion

A platform migration usually begins long before the first service is cloned or the first domain is cut over. It starts when a team notices that delivery, compute, cache, security, and observability workflows are spread across too many configuration surfaces.

For teams using Fastly, this moment often appears after years of accumulated delivery logic: services with multiple origins, VCL snippets, Compute packages, dictionaries, cache overrides, TLS automation, WAF policies, logging endpoints, and inspector dashboards. Each layer may work independently, but the combined operational model can slow releases and make changes harder to validate.

For teams currently using Fastly Full-Site Delivery, Compute, Edge Data Storage, Object Storage, Image Optimizer, Fastly Next-Gen WAF, DDoS Protection, Bot Management, Platform TLS, High Volume Logging, Domain Inspector, Origin Inspector, or Log Explorer & Insights, Azion provides equivalent capabilities through Applications, Functions, KV Store, Object Storage, Image Processor, Firewall, Web Application Firewall, DDoS Protection, Bot Manager, Certificate Manager, Data Stream, Real-Time Events, and Real-Time Metrics.

The strongest reason to migrate is not simply to replace one vendor with another. It is to consolidate application delivery, compute, storage, security, and observability into a unified platform designed for globally distributed applications.

How Fastly to Azion Migration Works

Traditional platform migrations often require rewriting service logic, reconfiguring origins from scratch, and recreating security and logging behavior under pressure. This approach creates operational risk, extends timelines, and makes rollback harder.

The Azion migration approach preserves your application behavior while transitioning to a unified platform:

Incremental migration path. Start with one representative Fastly service, validate delivery and security behavior on Azion, and expand to additional services only after the pattern is proven.
Preserved application logic. Origins, cache policies, redirects, headers, security controls, and data access patterns map to Azion Applications, Rules Engine, Functions, Connectors, KV Store, and Object Storage with focused configuration changes.
Unified platform model. Instead of managing delivery, compute, storage, security, and observability as disconnected products, Azion brings these capabilities together with consistent APIs, Console workflows, and deployment patterns.

Feature Mapping

The following table provides a comprehensive mapping of Fastly products and configuration areas to their Azion equivalents. A dash (-) indicates that Azion does not currently offer a direct equivalent.

Fastly Product or Feature	Description	Azion Equivalent
Full-Site Delivery	Website, application, API, and mobile delivery through Fastly services.	Applications
Fastly services	Main delivery resource for domains, origins, caching, request handling, and service versions.	Applications + Workloads
Domains	Hostnames associated with Fastly services.	Workloads
Hosts and origins	Backend origin configuration for Fastly delivery services.	Connectors
Origin Shield / shielding patterns	Reduce origin traffic by routing cache misses through an intermediate shield location.	Origin Shield + Tiered Cache
Conditions	Request, cache, and response conditions in Fastly service configuration.	Rules Engine for Applications
Request settings	Request manipulation, forwarding, and handling behavior.	Rules Engine for Applications + Functions
Response settings	Response header and delivery behavior.	Rules Engine for Applications
VCL snippets / custom VCL	Custom delivery logic for redirects, headers, cache keys, origin selection, and request control.	Rules Engine for Applications + Functions
Compute	Serverless compute platform that runs custom code on Fastly’s network.	Functions for Applications
Compute packages	Packaged application code deployed to Fastly Compute.	Functions + Azion CLI
Edge Data Storage	Key-value data used by Fastly Compute services.	KV Store
Object Storage	S3-compatible object storage integrated with delivery and compute services.	Object Storage
Cache Reservation	Reserved cache capacity for content on Fastly.	Cache + Tiered Cache
Cache APIs	Programmatic cache interaction patterns for Compute applications.	Functions + Cache + Real-Time Purge
Streaming Delivery	Delivery of live and video-on-demand streaming content.	Applications + Cache + Object Storage
Media Shield for Live	Reduces origin traffic for live video workflows.	Tiered Cache + Origin Shield
Media Shield for VOD	Reduces origin traffic for video-on-demand workflows.	Tiered Cache + Origin Shield
Image Optimizer	Real-time image transformation and optimization service.	Image Processor
WebSockets	Long-lived, bidirectional communication for real-time applications.	WebSocket Proxy + WebSocket API
Fanout	Publish-subscribe messaging patterns on Fastly.	Functions + WebSocket Proxy
AI Accelerator	Semantic caching and traffic acceleration for generative AI APIs.	AI Inference + Cache
Fastly Next-Gen WAF	Web application firewall for suspicious traffic detection and application protection.	Web Application Firewall
Edge Rate Limiting	Count requests and apply actions when limits are exceeded.	Rules Engine for Firewall + Functions for Firewall
Fastly DDoS Protection	DDoS visibility and mitigation.	DDoS Protection + Network Shield
Bot Management	Detect and respond to automated traffic.	Bot Manager + Bot Manager Lite
Certainly	Fastly certificate authority for TLS certificates.	Certificate Manager
Platform TLS	API-driven TLS certificate and key management.	Certificate Manager + Azion API
TLS Service Options	TLS configuration for serving sites and applications over HTTPS.	Certificate Manager + Workloads
High Volume Logging	Real-time log streaming to external destinations.	Data Stream
Log Explorer & Insights	Inspect and monitor log data on the Fastly platform.	Real-Time Events
Domain Inspector	Domain-level traffic visibility and reporting.	Real-Time Metrics
Origin Inspector	Origin response visibility and reporting.	Real-Time Metrics + Real-Time Events
Observability features	Traffic, security, performance, and origin visibility.	Real-Time Metrics + Real-Time Events + Data Stream
Fastly API	Programmatic management of Fastly resources.	Azion API
Fastly CLI	Command-line workflow for Fastly services and Compute projects.	Azion CLI
Fastly Terraform Provider	Infrastructure as Code for Fastly resources.	Terraform Provider

Migration Strategy

The migration is organized around Azion’s four product categories, allowing teams to plan and execute each layer independently:

Build: migrate delivery services, origins, VCL behavior, Compute code, cache policies, image optimization, streaming, WebSocket, and AI acceleration patterns.
Secure: migrate domains, certificates, WAF policies, DDoS protection, bot controls, and rate limiting.
Store: migrate object storage and edge key-value data to Object Storage and KV Store.
Observe: migrate logging, inspectors, metrics, dashboards, and external log destinations to Azion’s real-time observability stack.

Build

The Build category covers application deployment, delivery configuration, compute, routing, cache, and media optimization. Start here to recreate the application behavior users see before moving security, data, and observability layers.

1. Project Setup on Azion

The first step brings your application into Azion in a way that is familiar to teams that already manage Fastly services and Compute projects. If you have used Fastly service versions, Compute packages, and CLI deployments, you already understand the pattern: define configuration, deploy a version, validate behavior, and promote traffic when ready.

Azion follows a similar workflow but consolidates application delivery, Functions, rules, security, and observability in the same platform context.

Key Differences

Aspect	Fastly	Azion
Primary delivery resource	Service	Application + Workload
Config file	`fastly.toml`, VCL, service version config	`azion.config.js` and Console configuration
Compute deployment	Compute package	Function + Function Instance
Routing and behavior	VCL, conditions, request/response settings	Rules Engine + Functions
Observability	Inspectors, logging endpoints, Log Explorer	Real-Time Metrics, Real-Time Events, Data Stream

Connect Your Repository

Open Azion Console.
Click + Create > Import from GitHub.
Authorize the Azion GitHub App.
Select the repository you want to migrate.

Configure Your Build

Azion auto-detects your framework and configures build settings. Override the detected preset in azion.config.js:

import { defineConfig } from 'azion'

export default defineConfig({
name: 'my-fastly-migration',
preset: 'nextjs', // Override auto-detection if needed
})

Deploy and Verify

Deploy from the Azion Console or CLI. Your temporary Azion URL follows this pattern:

https://xxxxxxxxxx.map.azionedge.net/

Validate the deployment before moving production domains:

curl -I https://xxxxxxxxxx.map.azionedge.net/
curl https://xxxxxxxxxx.map.azionedge.net/health

Reference documentation

2. Converting Service and Build Configuration

A migration can appear successful when the first request returns 200, but fail later when cache behavior, redirects, headers, or origin routing differs from Fastly. Review service configuration carefully instead of treating the migration as a simple command replacement.

CLI Quick Reference

Task	Fastly CLI	Azion CLI
Install	`brew install fastly/tap/fastly`	`curl -fsSL https://cli.azion.app/install.sh \| bash`
Login	`fastly profile create`	`azion login`
Local dev	`fastly compute serve`	`azion dev`
Deploy	`fastly compute publish` or service activation	`azion deploy`
View logs	Fastly logging endpoint or Log Explorer	`azion logs`
Purge	`fastly purge`	`azion purge`

Configuration Inventory

Before recreating the service in Azion, inventory:

Active Fastly services and service versions
Domains and TLS certificates
Origins, shielding, health checks, and failover logic
Cache settings, cache keys, stale behavior, and purge workflows
Conditions, VCL snippets, custom VCL, and request/response settings
Compute packages and language runtimes
Dictionaries, Config Store data, Secret Store values, and Edge Data Storage
WAF policies, bot controls, DDoS protections, and rate limits
Logging endpoints, inspector dashboards, and alert dependencies

Reference documentation

3. Migrating Environment Variables and Secrets

Environment variables and secrets contain API keys, origin credentials, feature flags, third-party endpoints, and operational settings. Migrating them incorrectly causes runtime failures even when deployment succeeds.

Key Differences

Aspect	Fastly	Azion
Compute access	Language-specific environment or secret APIs	`Azion.env.get('VARIABLE')`
Configuration data	Dictionaries, Config Store, Secret Store	Variables, KV Store, Function Instances
Runtime scope	Service or Compute package context	Function instance and application context

Evaluate Your Variables

Before changing code, identify every variable in:

fastly.toml and Compute project configuration
Fastly dictionaries and Config Store entries
Fastly Secret Store values
CI/CD environment settings
Runtime configuration in source code

Create Variables in Azion

Access Azion Console.
Navigate to Build > Variables.
Click Add Variable.
Enter the variable name and value.
Click Save.

curl -X POST 'https://api.azionapi.net/variables' --header 'Accept: application/json; version=3' --header 'Authorization: Token [TOKEN VALUE]' --header 'Content-Type: application/json' --data '{
"key": "API_TOKEN",
"value": "token-value"
}'

Update Your Code

// Before: Fastly Compute style configuration access varies by runtime
const apiKey = process.env.API_KEY;

// After: Azion Functions
const apiKey = Azion.env.get('API_KEY');

Reference documentation

4. Migrating Full-Site Delivery to Applications

Fastly Full-Site Delivery services deliver websites, applications, APIs, and mobile traffic through domains, origins, cache rules, and custom delivery logic. Azion Applications provide equivalent delivery capabilities with integrated Rules Engine, Cache, Functions, and Connectors.

Key Differences

Aspect	Fastly Full-Site Delivery	Azion Applications
Delivery resource	Service and service version	Application
Domains	Service domains	Workloads and custom domains
Origins	Hosts and backends	Connectors
Behavior logic	Conditions, request/response settings, VCL	Rules Engine and Functions
Cache control	Cache settings, VCL, surrogate keys	Cache Settings, Rules Engine, Real-Time Purge

Configuration Steps

Access Azion Console.
Navigate to Build > Applications.
Click Add Application.
Configure your Main Settings.
Create Connectors for each Fastly origin.
Configure Cache Settings and Rules Engine.
Add custom domains through Workloads when ready for cutover.

curl -X POST 'https://api.azionapi.net/v4/workspace/applications' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "fastly-service-migration",
  "origins": [
    {
      "name": "origin-main",
      "addresses": [
        {
          "address": "origin.example.com",
          "weight": 1
        }
      ]
    }
  ],
  "cache_settings": {
    "default_ttl": 3600
  }
}'

Service Configuration Migration

import { defineConfig } from 'azion'

export default defineConfig({
name: 'fastly-service-migration',
applications: [{
  name: 'main-app',
  origins: [{
    name: 'primary-origin',
    type: 'http',
    addresses: [{
      address: 'origin.example.com',
      weight: 1
    }]
  }],
  cache: {
    ttl: 3600,
    staleWhileRevalidate: 300
  },
  rules: {
    request: [{
      name: 'API routes bypass cache',
      criteria: [{
        variable: 'uri',
        operator: 'starts_with',
        argument: '/api/'
      }],
      behavior: {
        bypassCache: true,
        setOrigin: 'primary-origin'
      }
    }]
  }
}]
})

Reference documentation

5. Migrating VCL, Conditions, and Headers

Fastly services often contain business-critical behavior in VCL snippets, conditions, and request or response settings. Migrate simple rules to Rules Engine and reserve Functions for behavior that needs code.

Key Differences

Aspect	Fastly	Azion
Simple redirects	VCL or request settings	Rules Engine redirect behavior
Header changes	VCL, response settings	Rules Engine request/response behavior
Origin selection	VCL backend selection	Rules Engine + Connectors
Complex logic	Custom VCL or Compute	Functions
Pattern matching	Conditions and VCL expressions	Rules Engine criteria and regex

Redirect Migration Example

# Fastly VCL pattern
if (req.url.path ~ "^/old/(.*)$") {
set req.http.Location = "/new/" + re.group.1;
error 750 "Moved Permanently";
}

# Azion Rules Engine
Criteria: ${uri} matches ^/old/(.*)$
Behavior: Redirect To (301): /new/%{capture[1]}

Security Header Migration Example

import type { AzionConfig } from 'azion/config';

const config: AzionConfig = {
applications: [{
  name: 'my-app',
  rules: {
    response: [{
      name: 'Security Headers',
      active: true,
      criteria: [{
        variable: 'uri',
        conditional: 'if',
        operator: 'starts_with',
        argument: '/'
      }],
      behavior: {
        addResponseHeader: [
          'X-Frame-Options: SAMEORIGIN',
          'X-Content-Type-Options: nosniff'
        ]
      }
    }]
  }
}]
};

export default config;

Migration Checklist

Convert path-based conditions to Rules Engine criteria.
Move simple header additions to response rules.
Move request header normalization to request rules.
Rebuild origin selection with Connectors and Rules Engine.
Use Functions only when conditions require code, external lookups, signed tokens, or custom algorithms.

Reference documentation

6. Migrating Compute to Functions

Fastly Compute services run packaged code on Fastly’s network. Azion Functions provide distributed JavaScript execution for request handling, API orchestration, personalization, redirects, authentication, and integration logic.

Key Differences

Aspect	Fastly Compute	Azion Functions
Deployment unit	Compute package	Function and Function Instance
Runtime model	WebAssembly-based runtimes	JavaScript runtime
Function signature	Runtime-specific request handler	`export default { async fetch(request) {} }`
Environment access	Runtime-specific environment APIs	`Azion.env.get('VARIABLE')`
Platform data access	Edge Data Storage, Config Store, Secret Store	KV Store, Object Storage, Variables

Update Function Signature

// Before: Fastly Compute JavaScript style
addEventListener('fetch', (event) => {
event.respondWith(handleRequest(event.request));
});

async function handleRequest(request) {
const url = new URL(request.url);
return new Response('Path: ' + url.pathname, {
  status: 200,
  headers: { 'Content-Type': 'text/plain' }
});
}

// After: Azion Functions
export default {
async fetch(request) {
  const url = new URL(request.url);
  return new Response('Path: ' + url.pathname, {
    status: 200,
    headers: { 'Content-Type': 'text/plain' }
  });
}
};

Update Configuration Access

// Before: Fastly Compute configuration access varies by runtime
const apiToken = process.env.API_TOKEN;

// After: Azion Functions
const apiToken = Azion.env.get('API_TOKEN');

Non-JavaScript Compute Code

Fastly Compute projects written in Rust, Go, or other WebAssembly-targeted languages must be rewritten in JavaScript for Azion Functions. During the rewrite, separate generic business logic from platform-specific APIs:

Code Area	Migration Guidance
Request parsing	Use the standard `Request` and `URL` APIs.
Response creation	Use the standard `Response` API.
Headers	Use `request.headers` and response headers.
Environment values	Use `Azion.env.get()`.
Key-value data	Use `Azion.KV`.
External services	Use `fetch()`.

Reference documentation

7. Migrating Load Balancing and Origin Failover

Fastly origin configuration can include multiple backends, shielding, health checks, and failover logic. Azion uses Connectors, Load Balancer, and Rules Engine to recreate origin routing and availability behavior.

Key Differences

Aspect	Fastly	Azion
Origin resource	Backend or host	Connector
Health checks	Backend health checks	Connector health checks
Failover	VCL or service settings	Load Balancer and Rules Engine
Origin shielding	Shielding	Origin Shield and Tiered Cache
Weighted origins	Backend selection logic	Load Balancer address weights

Configuration Steps

Access Azion Console.
Go to Products menu > Connectors.
Create a Connector for each origin server.
Configure health checks.
Configure origin weights and failover behavior.
Associate Connectors with your Application rules.

curl -X POST 'https://api.azionapi.net/v4/workspace/connectors' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "origin-pool",
  "type": "http",
  "attributes": {
    "addresses": [
      {
        "address": "origin1.example.com",
        "active": true,
        "modules": {
          "load_balancer": {
            "weight": 3,
            "method": "round_robin"
          }
        }
      },
      {
        "address": "origin2.example.com",
        "active": true,
        "modules": {
          "load_balancer": {
            "weight": 1,
            "method": "round_robin"
          }
        }
      }
    ]
  }
}'

Reference documentation

8. Migrating Cache Configuration

Caching configuration determines how content is stored, revalidated, and purged. Fastly cache behavior often combines service settings, VCL, surrogate keys, cache overrides, and purge APIs. Azion provides Cache Settings, Rules Engine, Tiered Cache, and Real-Time Purge.

Key Differences

Aspect	Fastly Cache	Azion Cache
Cache policy	Service settings, VCL, cache overrides	Cache Settings and Rules Engine
Cache key	VCL and cache configuration	Advanced Cache Key
Shielding	Shield POP	Tiered Cache and Origin Shield
Purge	URL, surrogate key, service purge	URL, Cache Key, Wildcard purge
Stale content	VCL and stale settings	Stale-while-revalidate settings

Configuration Steps

Access Azion Console.
Edit your Application.
Navigate to Cache Settings.
Configure default cache TTL.
Enable Tiered Cache when origin load reduction is required.
Add custom cache rules through Rules Engine.

curl -X PATCH 'https://api.azion.com/v4/workspace/applications/{application_id}/cache_settings/{cache_setting_id}' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "default-cache",
  "browser_cache": {
    "ttl": 3600
  },
  "modules": {
    "cache": {
      "ttl": 86400
    },
    "tiered_cache": {
      "enabled": true
    }
  }
}'

Fastly Purge to Azion Purge

# Before: Fastly purge by URL
fastly purge --service-id SERVICE_ID https://www.example.com/images/logo.png

# After: Azion purge by URL
curl -X POST 'https://api.azion.com/v4/workspace/purge/url' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "items": ["https://www.example.com/images/logo.png"],
  "layer": "cache"
}'

# After: Azion purge by wildcard
curl -X POST 'https://api.azion.com/v4/workspace/purge/wildcard' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "items": ["https://www.example.com/images/*"],
  "layer": "cache"
}'

Reference documentation

9. Migrating Image Optimizer to Image Processor

Image optimization reduces file sizes while preserving visual quality. Azion Image Processor transforms, optimizes, and delivers images from distributed locations using URL parameters and application configuration.

Key Differences

Aspect	Fastly Image Optimizer	Azion Image Processor
Transformations	Real-time image transformations	Resize, crop, fit, format optimization
URL format	Query parameters or configured image options	`?ims=<OPTIONS>` query parameter
Format support	Optimized image formats	WebP, AVIF, JPEG, PNG
Delivery path	Fastly service	Azion Application with Image Processor
Storage source	Origin or object storage	HTTP origin or Object Storage

Configuration Steps

Access Azion Console.
Edit your Application.
Navigate to Image Processor settings.
Enable Image Processor.
Configure default quality and format behavior.
Validate representative image URLs before cutover.

curl -X PATCH 'https://api.azionapi.net/v4/workspace/applications/{application_id}' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "modules": {
    "image_processor": {
      "enabled": true
    }
  }
}'

URL Format Comparison

# Fastly image transformation patterns vary by implementation
https://www.example.com/image.jpg?width=400&quality=85

# Azion Image Processor
https://www.example.com/image.jpg?ims=400x400

Transformation Parameters

Syntax	Description	Example
`?ims=WxH`	Resize to width x height	`?ims=400x300`
`?ims=Wx`	Resize to width with automatic height	`?ims=400x`
`?ims=xH`	Resize to height with automatic width	`?ims=x300`
`?ims=WxH:fill`	Crop to exact dimensions	`?ims=400x300:fill`
`?ims=WxH:fit`	Fit within dimensions	`?ims=400x300:fit`

Reference documentation

10. Migrating Streaming, Media Shield, WebSockets, and Fanout

Fastly streaming, Media Shield, WebSocket, and Fanout patterns are used for bandwidth-heavy and real-time workloads. Migrate each pattern based on the traffic model: cacheable media, long-lived connections, or publish-subscribe behavior.

Capability Mapping

Fastly Capability	Azion Migration Path
Streaming Delivery	Applications + Cache + Object Storage
Media Shield for Live	Tiered Cache + Origin Shield
Media Shield for VOD	Tiered Cache + Origin Shield
WebSockets	WebSocket Proxy + WebSocket API
Fanout	Functions + WebSocket Proxy + external pub/sub service when needed

WebSocket Migration Checklist

Enable WebSocket support on the target Application.
Confirm the origin accepts Upgrade: websocket and Connection: upgrade headers.
Validate that application routes do not apply cache or image processing to WebSocket traffic.
Test successful upgrades with 101 Switching Protocols responses.
Monitor WebSocket events and errors after cutover.

WebSocket Function Example

export default {
async fetch(request) {
  if (request.headers.get('upgrade') === 'websocket') {
    const { response, socket } = upgradeWebSocket(request);

    socket.addEventListener('message', (event) => {
      socket.send('received: ' + event.data);
    });

    return response;
  }

  return new Response('Expected WebSocket upgrade', { status: 400 });
}
};

Reference documentation

11. Migrating AI Accelerator Patterns

Fastly AI Accelerator focuses on semantic caching and acceleration for AI API traffic. On Azion, AI workloads can combine AI Inference, Functions, Cache, Real-Time Events, and Data Stream depending on whether the goal is inference execution, traffic control, observability, or response caching.

Key Differences

Aspect	Fastly AI Accelerator	Azion
Primary pattern	Semantic caching for AI API traffic	AI Inference + Functions + Cache
Request control	Service and Compute logic	Rules Engine + Functions
Observability	Logging and inspectors	Real-Time Events + Data Stream + Real-Time Metrics
Model execution	External AI APIs accelerated by Fastly	AI Inference or external AI APIs called from Functions

Function Integration Example

export default {
async fetch(request) {
  const prompt = await request.text();

  const response = await fetch('https://ai-provider.example.com/v1/chat/completions', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': 'Bearer ' + Azion.env.get('AI_API_KEY')
    },
    body: JSON.stringify({ prompt })
  });

  return response;
}
};

Reference documentation

Secure

The Secure category covers domains, certificates, firewall rules, bot controls, DDoS protection, and rate limiting. Plan these migrations as controlled cutovers because they affect how users reach your application and how traffic is protected in production.

1. Migrating Custom Domains

Custom domain migration is one of the most sensitive parts of any platform transition. It affects users, SEO, brand trust, and production availability. Plan domain migration as a controlled cutover, not a last-minute DNS change.

Migration Strategies

Strategy	Best For	DNS Control
CNAME	Quick subdomain migration	Keep your DNS provider
Nameserver	Full DNS control and apex domains	Transfer DNS to Azion

Create the Certificate

Create your SSL/TLS certificate before pointing your domain to Azion. This ensures users can access the application securely over HTTPS when the domain starts resolving to the new infrastructure.

Azion provides free Let’s Encrypt certificates with automatic renewal.

Configure the Domain

Create a workload in Azion Console and associate your custom domain. See Workloads Documentation.

Point the Domain to Azion

Point the subdomain to the Azion-generated domain:

www CNAME xxxxxxxxxx.map.azionedge.net

This keeps your current DNS provider while routing traffic through Azion.

Configure your domain to use Azion DNS nameservers:

ns1.aziondns.net
ns2.aziondns.com
ns3.aziondns.org

This gives Azion full DNS control, required for apex domains.

Verify Propagation

dig www.yourdomain.com CNAME +short
curl -I https://www.yourdomain.com/

Reference documentation

2. Migrating TLS to Certificate Manager

Fastly Platform TLS, TLS Service Options, and Certainly-backed workflows manage certificates and HTTPS service behavior. Azion Certificate Manager manages Let’s Encrypt, custom certificates, Azion SAN certificates, and Trusted CA certificates for mTLS scenarios.

Key Differences

Aspect	Fastly TLS	Azion Certificate Manager
Managed certificates	Platform TLS and Certainly workflows	Let’s Encrypt and Azion SAN certificates
Custom certificates	Upload or API-managed certificates	Upload custom certificates and private keys
Automation	Fastly API	Console and Azion API
mTLS	Fastly TLS and security configuration	Trusted CA certificates and mTLS configuration
Association	Fastly service/domain	Workload or domain association

Custom Certificate Upload

Go to Products menu > Certificate Manager.
Click + Certificate.
Select Custom Certificate.
Upload your certificate in PEM format.
Upload your private key.
Upload the intermediate CA chain if applicable.
Associate the certificate with your workload.

curl -X POST 'https://api.azionapi.net/v4/workspace/tls/certificates' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "my-custom-cert",
  "certificate": "-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----",
  "private_key": "-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----"
}'

Reference documentation

3. Migrating Fastly Next-Gen WAF to Web Application Firewall

Web Application Firewall protects applications from malicious traffic, SQL injection, cross-site scripting, and other application-layer attacks. Migrating WAF rules requires careful mapping of rule logic, match conditions, and enforcement modes.

Key Differences

Aspect	Fastly Next-Gen WAF	Azion WAF
Managed protection	Next-Gen WAF rules and signals	WAF Rule Sets
Custom logic	WAF rules and conditions	Rules Engine for Firewall
Actions	Allow, block, log, challenge patterns	Allow, deny, drop, redirect, custom HTML, hold connection
Tuning	Signal exclusion and thresholds	Learning and Blocking modes, sensitivity settings
Association	Service or domain scope	Firewall associated with workloads

Migration Steps

Access Azion Console.
Go to Products menu > Firewall.
Select or create a Firewall instance.
Navigate to WAF.
Enable the desired managed rule sets.
Configure sensitivity per rule set.
Create custom rules in Rules Engine.
Associate the Firewall with your workload.

curl -X POST 'https://api.azion.com/v4/workspace/wafs' --header 'Accept: application/json' --header 'Authorization: Token [TOKEN]' --header 'Content-Type: application/json' --data '{
  "active": true,
  "name": "Fastly Migration WAF",
  "product_version": "1.0",
  "engine_settings": {
    "engine_version": "2021-Q3",
    "type": "score",
    "attributes": {
      "rulesets": [1],
      "thresholds": [
        { "threat": "sql_injection", "sensitivity": "medium" }
      ]
    }
  }
}'

Rule Migration Example

# Fastly-style intent
Block requests to /admin unless the client IP is in an approved network.

# Azion criteria
Variable: ${uri}
Operator: matches
Argument: /admin

AND

Variable: ${remote_addr}
Operator: does not match
Argument: 10.0.0.0/8

Behavior: Deny (403)

Reference documentation

4. Migrating DDoS Protection

DDoS protection guards against volumetric attacks, protocol attacks, and application-layer floods. Azion provides automatic DDoS protection and Network Shield capabilities for network-layer controls.

Key Differences

Aspect	Fastly DDoS Protection	Azion DDoS Protection
Activation	Product and service configuration	Automatic protection with configurable security controls
Layer coverage	Network and application-layer mitigation	L3, L4, and L7 protection patterns
Customization	Fastly security controls	Firewall, Network Shield, Rules Engine
Visibility	Fastly security dashboards and logs	Real-Time Metrics, Real-Time Events, Data Stream

Migration Steps

Document current Fastly DDoS assumptions, support processes, and escalation paths.
Confirm the Azion workload, Firewall, and Network Shield configuration.
Recreate application-layer controls using Rules Engine for Firewall.
Validate observability through Real-Time Metrics, Real-Time Events, and Data Stream.
Keep rollback and escalation procedures ready during the cutover window.

Reference documentation

5. Migrating Bot Management

Bot management protects applications from automated abuse while allowing legitimate bots. Azion Bot Manager provides detection and response controls, and Bot Manager Lite is available through Marketplace for simpler use cases.

Key Differences

Aspect	Fastly Bot Management	Azion Bot Manager
Detection	Bot signals and behavior	Machine learning, behavioral analysis, fingerprinting, reputation intelligence
Actions	Allow, block, challenge patterns	Allow, deny, drop, redirect, custom HTML, random delay, hold connection
Lite option	Plan-dependent Fastly features	Bot Manager Lite from Marketplace
Rule integration	Fastly security configuration	Firewall Rules Engine

Custom Bot Rules

Criteria: ${user_agent} contains "BadBot"
Behavior: Deny (403)

Criteria: ${user_agent} contains "Googlebot"
Behavior: Allow

Verification

curl -A "BadBot/1.0" https://yourdomain.com/
curl -A "Mozilla/5.0" https://yourdomain.com/

Reference documentation

6. Migrating Edge Rate Limiting

Rate limiting protects applications from abuse by limiting request rates per client, route, method, token, or custom key. Recreate Fastly rate limiting behavior with Firewall rules and Functions where custom counters or logic are required.

Key Differences

Aspect	Fastly Edge Rate Limiting	Azion Rate Limiting Pattern
Configuration	Fastly rate limiting controls	Firewall Rules Engine + Functions
Granularity	Client, route, service-specific keys	IP, path, method, headers, custom logic
Actions	Block or penalize clients	Deny, drop, redirect, custom response
Custom counters	Fastly controls or Compute logic	Functions + KV Store

Firewall-Based Rate Limiting

curl -X POST 'https://api.azionapi.net/v4/workspace/firewalls/{firewall_id}/request_rules' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "Rate Limit API",
  "criteria": [[{"variable": "${uri}", "operator": "starts_with", "argument": "/api/"}]],
  "behaviors": [
    {"type": "rate_limit", "attributes": {"rps": 100, "window": 60, "action": "block"}}
  ]
}'

Reference documentation

Store

The Store category covers data services. Migrate object and key-value data with attention to consistency, access patterns, object naming, permissions, and application compatibility.

1. Migrating Fastly Object Storage to Object Storage

Object storage powers files that matter to users and business operations: images, documents, static assets, media files, uploads, and generated content. Azion Object Storage is S3-compatible and can be used as an origin for Applications.

Key Differences

Aspect	Fastly Object Storage	Azion Object Storage
Protocol	S3-compatible workflows	S3 standard
Endpoint	Fastly object storage endpoint	`s3.us-east-005.azionstorage.net`
Delivery path	Fastly delivery services	Applications + Connectors
Object management	S3-compatible tools	S3-compatible tools, API, CLI, Runtime API
End-user delivery	Delivery service	Application with Object Storage Connector

Update Configuration

import { S3Client } from '@aws-sdk/client-s3';

const client = new S3Client({
region: 'us-east-005',
endpoint: 'https://s3.us-east-005.azionstorage.net',
credentials: {
  accessKeyId: Azion.env.get('AZION_ACCESS_KEY'),
  secretAccessKey: Azion.env.get('AZION_SECRET_KEY')
}
});

Migrate Data with S3-Compatible Tools

Use tools such as s3cmd, rclone, or AWS CLI to move objects:

Task	Command Pattern
List buckets	`s3cmd ls`
Upload object	`s3cmd put file.png s3://my-bucket/`
Download object	`s3cmd get s3://my-bucket/file.png`
Sync buckets	`s3cmd sync s3://source-bucket/ s3://dest-bucket/`

Reference documentation

2. Migrating Edge Data Storage to KV Store

Fastly Edge Data Storage and related key-value patterns are commonly used for configuration, feature flags, personalization, authorization metadata, and lightweight state. Azion KV Store provides distributed key-value storage accessible from Functions.

Key Differences

Aspect	Fastly Edge Data Storage	Azion KV Store
Data model	Key-value containers	Namespaces with key-value pairs
Access pattern	Compute access	Functions through `Azion.KV`
Common use cases	Config, flags, session metadata	Config, flags, session metadata, lightweight state
Consistency planning	Application dependent	Plan for distributed key-value behavior

API Comparison

// Before: Fastly data access varies by product and runtime
const value = await edgeData.get('feature:checkout');
await edgeData.put('feature:checkout', 'enabled');

// After: Azion KV Store
const kv = await Azion.KV.open('my-namespace');

const value = await kv.get('feature:checkout');
await kv.put('feature:checkout', 'enabled');

Create a KV Store Namespace

Access Azion Console.
Go to Store > KV Store.
Create a namespace for the migrated data.
Import or recreate keys using your migration script.
Update Functions to use the namespace name.

curl -X POST 'https://api.azionapi.net/v4/workspace/kv/namespaces' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "fastly-migration-kv"
}'

Migration Checklist

Export keys, values, metadata, and expiration rules from Fastly.
Preserve key prefixes and naming conventions where possible.
Document default behavior for missing keys.
Validate value encoding, JSON serialization, and binary data handling.
Test read and write paths before moving production traffic.

Reference documentation

Observe

The Observe category covers metrics, events, logs, and external streaming destinations. Migrating observability ensures you keep production visibility, troubleshooting capability, and compliance reporting after cutover.

1. Migrating Domain and Origin Inspector to Real-Time Metrics

Fastly Domain Inspector and Origin Inspector provide traffic and origin visibility. Azion Real-Time Metrics provides dashboards and GraphQL access for requests, bandwidth, status codes, latency, cache, and origin behavior.

Key Differences

Aspect	Fastly Inspectors	Azion Real-Time Metrics
Scope	Domain and origin reporting	Application, workload, cache, performance, and traffic metrics
Access method	Fastly UI and APIs	Console and GraphQL API
Use cases	Traffic trends, origin performance	Traffic trends, latency, cache hit ratio, errors, origin behavior
Migration focus	Dashboard and alert parity	Dashboard, filters, GraphQL queries, Grafana if needed

Available Metrics

Azion Real-Time Metrics tracks:

Request metrics: total requests, requests by status code, requests by HTTP method
Performance metrics: response time, upstream header time, origin response time
Bandwidth metrics: data transferred and data saved by cache
Cache metrics: hit ratio, miss ratio, expired objects
Error metrics: 4xx errors, 5xx errors, origin errors

Access Real-Time Metrics

Access Azion Console.
Go to Products menu > Real-Time Metrics.
Select your application or workload.
Configure the time range and filters.
Export or recreate dashboards if needed.

query HttpMetricsQuery {
httpMetrics(
  limit: 10,
  filter: {
    tsRange: {begin: "2024-01-01T00:00:00", end: "2024-01-02T00:00:00"}
  }
  aggregate: {sum: requests}
  groupBy: [ts]
) {
  ts
  sum
}
}

Reference documentation

2. Migrating Log Explorer & Insights to Real-Time Events

Log data is essential for debugging, security analysis, and compliance. Real-Time Events provides immediate log access through Console or GraphQL API for troubleshooting and investigation.

Key Differences

Aspect	Fastly Log Explorer & Insights	Azion Real-Time Events
Access method	Fastly UI	Console and GraphQL API
Data model	Fastly log fields	HTTP, WAF, DNS, Functions, image, and other event datasets
Querying	Explorer filters	Console filters and GraphQL
Use cases	Debugging and security investigation	Debugging, security investigation, compliance evidence

Access Real-Time Events

Access Azion Console.
Go to Products menu > Real-Time Events.
Select the dataset, such as HTTP Requests or WAF.
Configure the time range and filters.
Click Search to query logs.
Click a row to inspect event details.

query HttpEvents {
workloadEvents(
  limit: 100,
  filter: {
    tsRange: {begin: "2024-01-01T00:00:00", end: "2024-01-01T01:00:00"}
  }
) {
  ts
  remoteAddress
  requestUri
  status
  upstreamResponseTime
}
}

Reference documentation

3. Migrating High Volume Logging to Data Stream

Fastly High Volume Logging exports logs to downstream destinations. Azion Data Stream exports logs continuously to external destinations for long-term storage, analytics, SIEM, and operational monitoring.

Key Differences

Aspect	Fastly High Volume Logging	Azion Data Stream
Delivery model	Log streaming to configured endpoints	Push to external destinations
Format	Endpoint-specific log formats	JSON and customizable templates
Destinations	External logging and storage services	S3, Azure Blob, Datadog, Splunk, Kafka, BigQuery, Elasticsearch, HTTP endpoints, and more
Source selection	Fastly service logs	Applications, WAF, Functions, and other event sources

Configure Data Stream

Access Azion Console.
Go to Products menu > Data Stream.
Click + Stream.
Configure the source, such as Applications or WAF.
Select or create a template for the log format.
Choose a destination.
Configure destination credentials.
Activate the stream.

curl -X POST 'https://api.azion.com/v4/workspace/stream/streams' --header 'Authorization: Token YOUR_TOKEN' --header 'Content-Type: application/json' --data '{
  "name": "Fastly Migration Log Stream",
  "source": {
    "type": "applications"
  },
  "template_id": 12345,
  "endpoint": {
    "type": "s3",
    "name": "my-s3-endpoint",
    "bucket": "my-logs-bucket",
    "region": "us-east-1",
    "access_key": "YOUR_ACCESS_KEY",
    "secret_key": "YOUR_SECRET_KEY"
  },
  "active": true
}'

Supported Destinations

Data Stream supports multiple destination patterns:

Cloud Storage: Amazon S3, Azure Blob Storage, Azion Object Storage
Monitoring: Datadog, Splunk, Elasticsearch, Azure Monitor
Streaming: AWS Kinesis Data Firehose, Apache Kafka
Analytics: Google BigQuery
Security: IBM QRadar
Custom: HTTP Webhook, Standard HTTP/HTTPS POST

Reference documentation

Troubleshooting

Common Issues

Issue	Likely Cause	Solution
Application responds differently from Fastly	Rules, VCL, cache key, or origin selection was not fully mapped	Compare Fastly service version behavior with Azion Rules Engine and Connector configuration
Environment variables not found	Variables were not configured on the Function instance	Confirm variables exist and code uses `Azion.env.get()`
Redirects not working	VCL pattern was converted to an incorrect regex	Test capture groups and verify Rules Engine criteria
Headers missing	Response settings or VCL header logic was not migrated	Add response rules or a Function for dynamic headers
Cache hit ratio drops	Cache key, TTL, or shielding behavior changed	Review Cache Settings, Advanced Cache Key, Tiered Cache, and Origin Shield
Compute code fails	Runtime-specific Fastly APIs remain in the code	Rewrite platform APIs using Azion Functions and Runtime APIs
KV data missing	Edge Data Storage export or import was incomplete	Re-export keys, validate namespaces, and check value encoding
Object Storage access denied	S3 credentials or endpoint are incorrect	Verify credentials and use `s3.us-east-005.azionstorage.net`
WebSocket upgrade fails	Upgrade headers or application module configuration are missing	Confirm `Upgrade` and `Connection` headers and validate `101 Switching Protocols`
Logs missing in destination	Data Stream source, template, or endpoint is misconfigured	Validate stream status, destination credentials, and selected variables
Certificate not active	Domain ownership or certificate association is incomplete	Confirm certificate status and workload association before DNS cutover

Key Advantages After Migration

Migrating from Fastly to Azion is strongest when the team treats the first cutover as a repeatable migration pattern. The immediate goal is continuity: users keep reaching the same domains, critical routes continue working, security controls remain active, and observability is ready before traffic moves.

The larger value comes after migration, when teams operate delivery, compute, storage, security, and observability in one platform model.

Area	Advantage after migration	What it means in practice
Migration strategy	Incremental migration path	Teams can migrate one Fastly service at a time and validate each layer independently.
Platform model	Unified application platform	Build, Secure, Store, and Observe capabilities are managed through a connected platform model.
Build	Modern application deployment	Applications can be deployed from GitHub or CLI with Azion configuration.
Build	Rules-based application control	Rules Engine can manage redirects, headers, cache behavior, routing, and request/response logic.
Build	Distributed function execution	Functions can replace Compute logic that controls authentication, personalization, APIs, and integrations.
Build	Integrated cache and origin protection	Cache, Tiered Cache, Origin Shield, and Application Accelerator reduce origin dependency.
Build	Image optimization at delivery time	Image Processor transforms and optimizes images through URL parameters and application configuration.
Secure	Controlled domain and TLS cutover	Workloads, Edge DNS, and Certificate Manager can be prepared before switching production traffic.
Secure	Integrated application security	WAF, Bot Manager, Network Shield, rate limiting patterns, and Firewall rules can protect workloads together.
Store	S3-compatible Object Storage	Fastly Object Storage workflows can be migrated using familiar S3-compatible tools and SDKs.
Store	KV for low-latency application data	Edge Data Storage use cases can be migrated to KV Store for configuration, flags, metadata, and lightweight state.
Observe	Real-time metrics for production visibility	Real-Time Metrics replaces inspector-style views with dashboards and GraphQL access.
Observe	Real-time events for investigation	Real-Time Events provides detailed logs for requests, functions, WAF, DNS, image processing, and other datasets.
Observe	Data streaming to external tools	Data Stream sends logs to external destinations for SIEM, analytics, storage, and compliance workflows.

With Azion, teams can build and run applications on globally distributed infrastructure while combining compute, delivery, storage, security, and observability capabilities in one environment. This reduces the fragmentation that often appears when modern applications depend on many separate services and configuration patterns.

Next Steps

After your migration is complete:

Review Real-Time Metrics to monitor application performance.
Set up Real-Time Events for production visibility.
Configure Web Application Firewall for production security.
Review the individual feature guides for advanced configuration.

Get Started with a Small Service

The best way to begin is not with the most complex Fastly service in your portfolio. Start with a service that is meaningful enough to validate the migration path, but small enough to move quickly and safely.

Choose a service that includes representative pieces of your architecture: one or two domains, a few origins, cache rules, redirects, headers, maybe one Compute package, and one logging destination. Use that service to validate the workflow, document the process, and identify internal patterns your team can reuse.

From there, expand gradually. Migrate more complex VCL. Move additional Compute services. Bring over storage and key-value data. Add observability. Review security rules. Then prepare production cutovers with greater confidence.

Recommended Next Steps

Need Help?

Get help from the Azion Support team, or join our Discord community to see how others are using Azion.