Using Azure Key Vault with your application settings (environment variables) powering Azure Functions

Introduction

Last week the blog post “Simplifying security for serverless and web apps with Azure Functions and App Service” was published. In essence, it talks about how you can integrate Azure Functions with Azure Key Vault in order to retrieve secrets and import them into the application settings (being environment variables). You can do this in a secure manner, by providing the Azure Functions platform with a Managed Service Identity, and granting its underlying service principle with (limited: list & read) rights to the Key Vault.

 

Let’s take a look!

The first thing we’ll need to do, is to enable the “Managed service identity” for our Azure Function plan. Let’s browse to our Azure Function plan, and then select “Platform features”.

Continue reading “Using Azure Key Vault with your application settings (environment variables) powering Azure Functions”

Traffic Light Protocol alike Security Reference Architecture for Azure

Introduction

The way how organizations categorize/handle classified information can vary significantly. Where it can go from about 6 categories towards a more “limited” set of 3 to 4 categories. Where you see that some government organizations have even tried to reduce this in an effort to make it more accessible.

 

So for today, we’ll be looking at how we can handle sensitive/classified information in Azure. And to ensure you that you Azure implementations can facilitate sensitive data.

 

Side Story : Security should be like a roundabout

Though I don’t remember which conference talk it was… One visual has always stuck with me when talking about security. Imagine security like road infrastructure. Having a complex situation might be needed at times, though it will increase the risk that the drivers (~users) will make mistakes.

Continue reading “Traffic Light Protocol alike Security Reference Architecture for Azure”

Enabling Azure Active Directory support in OpenShift (Origin)

Introduction

In today’s post we’ll go through the steps to get Azure Active Directory (AAD) integrated in RedHat’s OpenShift. So that we can use the AAD identity we all love in OpenShift too.

 

Prerequisites

For the next steps, I’m assuming you already have an OpenShift deployment up & running. If not, check out this repository!

Continue reading “Enabling Azure Active Directory support in OpenShift (Origin)”

VMchooser now supports Azure Migrate Exports

Introduction

The “BulkUploader” module of VMchooser has existed for quite some time. It is without doubt the most loved capability by all the visitors/users. Though where many are accustomed to working with the CSV Input file, do know that you can now also use the export files of Azure Migrate! For today’s post, let’s go through the process…

 

Let’s take a look

Go to your Azure Migrate project

Continue reading “VMchooser now supports Azure Migrate Exports”

From Cloud Dev Station to Terraform landscaping in Azure

Introduction

A lot of people always keep telling me that they love Azure’s Cloud Shell. Oddly enough, I use it more occasionally and find my self using the WSL (Windows Subsystem for Linux) more. If I analyze it a bit, I recon it’s because I want to easily edit & use files with the Azure CLI (etc). Now, the Azure Cloud Shell has a way to persist files! Therefor I embarked on a small test to see what kind of workflow would work whilst working with Terraform and leveraging the Cloud Shell to apply the configurations.

 

Basic Workflow

So what did I come up with? As you know, I’m running my development workstation in the cloud. In addition, I’ve mounted the CloudDrive onto my workstation and cloned my GitHub repo to that location. Next up, I can author my files locally and afterwards push to my repository. As the local files are synced with the CloudDrive, they’ll immediately pop up in my Cloud Shell too. So I can apply them there…

Sounds great? Let’s take it for spin!

Continue reading “From Cloud Dev Station to Terraform landscaping in Azure”

Putting Azure FrontDoor in front of your webapp

Introduction

Today we’ll be going through the process of putting Azure FrontDoor in front (pun intended!) of a web app.

 

Step One) Adding the custom domain

The first stepĀ  is to add a new custom domain to your Frontend hosts ;

Now if you go through this, you’ll see that AFD expects you to link the custom domain to the azurefd.net domain in order to proceed.

Continue reading “Putting Azure FrontDoor in front of your webapp”

Using Azure DevOps to deploy your static webpage (SPA) to Azure Storage

Introduction

To, without shame, grab the introduction of the “Static website hosting in Azure Storage” page ;

 

Azure Storage now offers static website hosting, enabling you to deploy cost-effective and scalable modern web applications on Azure. On a static website, webpages contain static content and JavaScript or other client-side code. By contrast, dynamic websites depend on server-side code, and can be hosted using Azure Web Apps.

As deployments shift toward elastic, cost-effective models, the ability to deliver web content without the need for server management is critical. The introduction of static website hosting in Azure Storage makes this possible, enabling rich backend capabilities with serverless architectures leveraging Azure Functions and other PaaS services.

 

Which, to me, sounds great! As one of my projects (VMchooser) is actually a static site (VueJS based Single Page App) that could just as well run on Azure Storage (thus reducing my cost footprint). So today we’re going to test that one out, and afterwards integrate it into our existing CI/CD pipeline (powered by Azure DevOps).

 

Continue reading “Using Azure DevOps to deploy your static webpage (SPA) to Azure Storage”