Monitoring canceled Azure Subscriptions

Azure Subscription cannot be just deleted. They go trough different states. Although you might have taken all necessary to secure your Azure tenant sometimes mistakes happen or your environment might be compromised by bad actors. The first step of removing Azure Subscription is to cancel it. That is critical action that you may want to monitor although you should have in place other ways to monitor resources that will signal that they are not available. In any case additional alert that this action was done could be useful information to be alerted upon. In this blog posts we will take a look how we can do that by using Azure Monitor. The deployment of the Azure Monitor resource will be done via Azure Bicep.

Continue reading →

Passing Resources between Azure Bicep modules

Bicep modules is core feature for structuring your code and achieving certain functionality when deploying Azure resources. When using modules quite often you will have to pass pass resource information like resource ID in order to be used within the module. Another use case is when an end user have to provide information for existing resource so that resource can be used for the deployment of another resource. This blog post will focus on the different methods for passing resources between modules or from bicep parameters file to module.

Continue reading →

Azure Bicep fail() function explained

Azure Bicep fail() function was introduced in Bicep CLI v0.33.93. In short this function allows you to fail your deployment when certain conditions are met. In this blog post we will look at how to use it in real world example.

Continue reading →

Testing Data Processing Azure Bicep Functions Easily

These days Azure Bicep has a lot of more functions that can be used for processing data. Most notably I am referring to the lambda Azure Bicep functions. Often times I use two or more of these functions all together in Bicep templates. When using several of these functions chained one after another it is easier to get lost how data will be processed. Also to test all the different input that will be passed to those functions will results in doing several different deployments. That is time consuming process as deployments takes time to run not to mention that along I have several other resources also deployed via those templates. Thankfully just to test if the data is processed according to how I have imagine it there is easier method by using Bicep parameters files.

Continue reading →

Azure Resources CMK Encryption with Azure Bicep

Azure Customer Managed Key (CMK) Encryption is quite used feature across Azure resources in order to make sure you are compliant against various certifications and increase your security posture. I have been configuring this feature via IaC since there was only ARM Templates and Bicep was not available. If you have the same experience with me you will notice that the input required for this feature varies from one resource to another. If have to summarize what is required as information that would be:

Key Vault
A key from Key Vault
A version for a key. Some might not require a version.
Identity that will be used to access the key from the Key Vault. Most resources will offer the ability to choose between system assigned or user assigned identity although there are sill some resources that will use the identity of the account that is configuring the feature.

With that said in this blog I would like to show you how I used to configured the feature when using ARM templates and how I think it is the better approach when using Bicep code.

Continue reading →

Spread the word:

Spread the word:

Spread the word:

Spread the word:

Spread the word: