Category: Bicep

Testing Data Processing Azure Bicep Functions Easily

These days Azure Bicep has a lot of more functions that can be used for processing data. Most notably I am referring to the lambda Azure Bicep functions. Often times I use two or more of these functions all together in Bicep templates. When using several of these functions chained one after another it is easier to get lost how data will be processed. Also to test all the different input that will be passed to those functions will results in doing several different deployments. That is time consuming process as deployments takes time to run not to mention that along I have several other resources also deployed via those templates. Thankfully just to test if the data is processed according to how I have imagine it there is easier method by using Bicep parameters files.

Continue reading “Testing Data Processing Azure Bicep Functions Easily”

Azure Resources CMK Encryption with Azure Bicep

Azure Customer Managed Key (CMK) Encryption is quite used feature across Azure resources in order to make sure you are compliant against various certifications and increase your security posture. I have been configuring this feature via IaC since there was only ARM Templates and Bicep was not available. If you have the same experience with me you will notice that the input required for this feature varies from one resource to another. If have to summarize what is required as information that would be:

  • Key Vault
  • A key from Key Vault
  • A version for a key. Some might not require a version.
  • Identity that will be used to access the key from the Key Vault. Most resources will offer the ability to choose between system assigned or user assigned identity although there are sill some resources that will use the identity of the account that is configuring the feature.

With that said in this blog I would like to show you how I used to configured the feature when using ARM templates and how I think it is the better approach when using Bicep code.

Continue reading “Azure Resources CMK Encryption with Azure Bicep”

The Resource Type behind Azure Update Manager Dynamic Scope

When helping folks at Microsoft Q&A I saw a question regarding creating Dynamic scope with Bicep or Terraform. That led to creating this blog post where we will see what is the resource type behind Azure Update Manager Dynamic scope and how it can be created with Bicep. Of course the same thing applies to Terraform and AzAPI provider.

Continue reading “The Resource Type behind Azure Update Manager Dynamic Scope”

Azure Monitor Workspace, Managed Prometheus and Prometheus Alerts via Bicep

Recently Azure Monitor team has introduced Azure Monitor workspace. This is a new resource that is described as "Azure Monitor workspaces will eventually contain all metric data collected by Azure Monitor. Currently, the only data hosted by an Azure Monitor workspace is Prometheus metrics.". So basically this new resource is a store for metrics and in future will also support Azure resource metrics. This is similar to Azure Log Analytics workspace which is store for logs. Of course Azure Log Analytics can also store metrics but Azure Monitor workspace is optimized for the structure of metrics data. We are yet to see full picture of this initiative. Currently Azure Monitor workspace is known also as Azure Monitor managed service for Prometheus (Managed Prometheus). The full documentation on this new feature/service you can find here. As a long time user and expert on Azure Monitor and Log Analytics I wanted to try this feature and test its capabilities. My knowledge on Prometheus and Grafana is very little so I always like to challenge myself with such exercises. This new feature has 3 distinct scenarios:

  • Using Prometheus and Grafana only – you do not have to use Log Analytics and Container Insights
  • Using Prometheus and Grafana along with Log Analytics and Container Insights
  • Use your own Prometheus server and send data to Azure Monitor workspace and visualize it in Grafana. You can use Log Analytics and Container Insights as additional monitoring as well.
Continue reading “Azure Monitor Workspace, Managed Prometheus and Prometheus Alerts via Bicep”

Enable Defender for Cloud Auto provisioning agents via Bicep

Often I see questions around how I can the auto provisioning agents capabilities (now renamed to Settings & monitoring) in Defender for Cloud via API.

Defender for Cloud Settings and Monitoring
Continue reading “Enable Defender for Cloud Auto provisioning agents via Bicep”