Tag: Microsoft

List Keys for Azure Managed Redis with Bicep

Recently Azure has announced retirement of Azure Cache for Redis and Azure Cache for Redis Enterprise. This of course leads folks to look at Azure Managed Redis. Note that underneath Azure Cache for Redis and Azure Managed Redis use the same resource type but with different SKUs. Overall my general impression is that not many existing customers have moved from Azure Cache for Redis to Azure Cache for Redis Enterprise. The integration with Redis to other services and applications in most cases happen via providing connection string with credentials. It is well known how to list the credentials from Azure Cache for Redis with Bicep but may be it is not so known with how to do that with Azure Managed Redis due its different Azure architecture.

Continue reading “List Keys for Azure Managed Redis with Bicep”

Enabling Defender for APIs on Azure APIM APIs with Azure Bicep

Azure APIM is essential feature in building AI applications. Being part of that it is important to protect your APIs and couple years ago Azure has provided such capability in Defender for Cloud called Defender for APIs. Previously I have demonstrated how to configure Defender for Cloud plans in Enable Defender for Cloud Auto provisioning agents via Bicep. For Defender for APIs plan it is the same resource type Microsoft.Security/pricings but the name of the resource is ‘Api’. Additionally, you will set pricingTier to Standard to enable it and subPlan to P1, P2, P3, P4 or P5. As this is the initial configuration only in this blog post we will look at what to do next.

Continue reading “Enabling Defender for APIs on Azure APIM APIs with Azure Bicep”

Monitoring canceled Azure Subscriptions

Azure Subscription cannot be just deleted. They go trough different states. Although you might have taken all necessary to secure your Azure tenant sometimes mistakes happen or your environment might be compromised by bad actors. The first step of removing Azure Subscription is to cancel it. That is critical action that you may want to monitor although you should have in place other ways to monitor resources that will signal that they are not available. In any case additional alert that this action was done could be useful information to be alerted upon. In this blog posts we will take a look how we can do that by using Azure Monitor. The deployment of the Azure Monitor resource will be done via Azure Bicep.

Continue reading “Monitoring canceled Azure Subscriptions”

Azure Bicep fail() function explained

Azure Bicep fail() function was introduced in Bicep CLI v0.33.93. In short this function allows you to fail your deployment when certain conditions are met. In this blog post we will look at how to use it in real world example.

Continue reading “Azure Bicep fail() function explained”

Azure Resources CMK Encryption with Azure Bicep

Azure Customer Managed Key (CMK) Encryption is quite used feature across Azure resources in order to make sure you are compliant against various certifications and increase your security posture. I have been configuring this feature via IaC since there was only ARM Templates and Bicep was not available. If you have the same experience with me you will notice that the input required for this feature varies from one resource to another. If have to summarize what is required as information that would be:

  • Key Vault
  • A key from Key Vault
  • A version for a key. Some might not require a version.
  • Identity that will be used to access the key from the Key Vault. Most resources will offer the ability to choose between system assigned or user assigned identity although there are sill some resources that will use the identity of the account that is configuring the feature.

With that said in this blog I would like to show you how I used to configured the feature when using ARM templates and how I think it is the better approach when using Bicep code.

Continue reading “Azure Resources CMK Encryption with Azure Bicep”