All Posts
2024-10-24Kim Vaddi

Build a Secure, Self-Hosted AI Agent (Molten) on Azure for Under $10/Month

AzureAIMoltenSelf-HostedCost OptimizationDocker
B

Running AI agents in the cloud often comes with a hefty price tag, especially when relying on managed services or high-performance GPU instances. However, for many data engineering and BI tasks—such as automated reporting, data scraping, or lightweight logical reasoning—you don't always need a GPU. In fact, you can build a robust, secure, and self-hosted AI agent environment on Azure for less than $10 per month.

In this guide, we'll walk through deploying an AI agent (referencing the Molten framework concepts) using Azure's burstable B-series virtual machines, Docker for containerization, and Caddy for automatic SSL security.

Why Self-Host Your AI Agent?

Managed AI services are convenient but can become expensive at scale. Self-hosting offers:

  • Cost Control: You pay for the infrastructure, not per-token or per-run markups.
  • Data Privacy: Your data stays on your controlled infrastructure.
  • Customization: Full control over the environment, libraries, and runtime (e.g., Python version, system dependencies).

The Architecture

To keep costs under $10/month while ensuring security, we will use the following stack:

  1. Compute: Azure Virtual Machines (Standard_B1s or B2s). These are "burstable" instances perfect for agents that are idle most of the time and burst when processing a task.
  2. Containerization: Docker to package the Molten agent and its dependencies.
  3. Security: Caddy Web Server as a reverse proxy to handle HTTPS automatically (Let's Encrypt) and an Azure Network Security Group (NSG) to restrict traffic.
  4. Storage: Standard SSD (LRS) for the OS and agent logs.

Step 1: Provisioning the Azure VM

First, we need to create a resource group and a virtual machine. We'll choose the Standard_B1s size, which offers 1 vCPU and 1 GiB of RAM—sufficient for a lightweight Python-based agent.

# Create a Resource Group
az group create --name ai-agent-rg --location eastus

# Create the VM
az vm create \
  --resource-group ai-agent-rg \
  --name MoltenAgentVM \
  --image Ubuntu2204 \
  --size Standard_B1s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

Note: Check the specific pricing for your region. The B1s instance is typically around $8/month.

Step 2: Security Configuration

Security is paramount when exposing an agent to the internet. We will use Azure's NSG to allow only necessary traffic.

  1. SSH (Port 22): Restrict this to your specific IP address.
  2. HTTP/HTTPS (Ports 80/443): Allow internet access for the web interface or API webhook, secured by Caddy.
az network nsg rule create \
  --resource-group ai-agent-rg \
  --nsg-name MoltenAgentVMNSG \
  --name Allow-My-IP-SSH \
  --priority 100 \
  --source-address-prefixes <YOUR_HOME_IP> \
  --destination-port-ranges 22 \
  --access Allow \
  --protocol Tcp

Step 3: Deploying the Molten Agent with Docker

Once logged into your VM via SSH, install Docker and set up the agent. We'll use Docker Compose to orchestrate the agent and the reverse proxy.

Create a docker-compose.yml file:

version: '3.8'
services:
  molten-agent:
    image: molten-agent:latest # Replace with your specific agent image
    restart: always
    environment:
      - API_KEY=${API_KEY}
    volumes:
      - ./data:/app/data

  caddy:
    image: caddy:latest
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

This setup ensures your agent is isolated and automatically secured with HTTPS certificates managed by Caddy.

Step 4: Cost Analysis

Here is the estimated monthly breakdown for this architecture in the East US region:

  • Virtual Machine (B1s): ~$7.59
  • Storage (32GB Standard SSD): ~$1.54
  • Public IP (Standard): ~$3.00 (Optional: Use Basic IP or Service Endpoint to reduce this)
  • Total: ~$12.13 (or ~$9.13 with Basic IP/Spot instances)

By using Azure Spot instances, you can reduce the compute cost by up to 90%, bringing the total well under the $10 mark, provided your workload is fault-tolerant.

Conclusion

Building a self-hosted AI agent doesn't require enterprise-grade budgets. By leveraging Azure B-series VMs and modern containerization tools like Docker, Data Engineers and BI teams can deploy secure, private agents for a fraction of the cost of managed services. This setup is ideal for running scheduled data pipelines, monitoring tasks, or lightweight logical reasoning bots.