Go to top
Create an Automatic Service Principal Azure RM Service Connection in Azure DevOps via Azure CLI
Category: Azure
10 Jul

Create an Automatic Service Principal Azure RM Service Connection in Azure DevOps via Azure CLI

With more and more of our development and infrastructure projects being built and released via Azure DevOps, I find myself creating a few DevOps projects which, at creation time, share identical configs like service connections, permissions, repository names etc. Therefore, this week I have been trying to automate the creation of Azure DevOps projects. Many of the configs are easily configurable with AzureCLI and the Devops extension of it, but one thing I was struggling with was the creation of the service connections to our Azure subscriptions the way we do it from the GUI. We are using the Automatic Option when setting up the service connections for each one of our Azure subscriptions.

24 Jun

The curious case of an Azure Application Gateway showing no metrics and logs

  • 24 Jun, 2020
  • Alexandre Verkinderen

This is the curious case of an Azure Application Gateway showing no metrics and logs at all. Even thought this was one of the main customer’s production Application Gateways we could see 0 requests in the metrics. Which was strange as behind the Application Gateway was an online webshop which served thousands of customers every day.

10 Jun

Publish the new Azure API Management Service Developer Portal behind an Application Gateway

  • 10 Jun, 2020
  • Alexandre Verkinderen

There are currently 2 developer portals for the Azure API Management service: a legacy portal and the new portal experience. We deployed our Azure APIM instance before the new portal was released so we were still running on the legacy portal. We are running our Azure APIM instance with custom domains on an internal vnet behind an application gateway with WAF and the default OWASP 3.0 rules enabled. This appeared to be a real challenge with the new developer portal.

07 Jun

Setting an Azure AD group to Azure SQL Database with ARM templates

  • 07 Jun, 2020
  • Alexandre Verkinderen

I was recently looking at a way to automatically set an Azure AD group as the SQL admin for our Azure SQL databases with ARM tempplates. We use SQL authentication and Azure AD authentication for our SQL databases. The password for the SQL admin gets generated randomly as part of our pipeline and stored in Keyvault. We also have a dedicated team of SQL DBAs who would need to connect to the deployed SQL resources using their Azure AD credentials. Technically it is possible as per this link to set an Azure AD group as the SQL admins but I could not find a good example on how to do this with ARM.

28 May

New Book: Inside Azure Management V4

  • 28 May, 2020
  • Alexandre Verkinderen

Super proud to announce that our new book Inside Azure Management V4 has been released! This book is the 4th edition and covers a broad range of Azure Management related topics like cloud governance, process automation, infrastructure updates, application, and container monitoring. Writing an ebook was something new to me and definitely a refreshing experience compared to paperback System Center Unleashed series.

15 May

Use Azure DevOps Self Hosted agents with Azure App Service access restrictions

  • 15 May, 2020
  • Alexandre Verkinderen

By default, when you deploy a new Azure WebApp, Function app or API app it will be publicly available to the internet. For the current customer I’m working on we made it a standard that all webapps should not be directly publicly available. To enhance our security we deploy Azure Frontdoor and Azure API Management Service for our APIs and also enable IP restrictions. As mentioned in my previous blog post we currently use Azure DevOps with Microsoft hosted agents to build and release all of our web apps and API apps.

08 May

Use Azure DevOps pipelines for continuous delivery of APIs to Azure API Management Service

  • 08 May, 2020
  • Alexandre Verkinderen

One of my customers is on a journey to re-architect old on-premises web application to more modern webApps using APIs. All APIs should use Azure DevOps CI/CD pipelines and will only be exposed through Azure API Management Service. We wanted to ensure that every time a developer has released a new build the API definition in APIM would get updated.

26 Apr

Dynamically create README Files from Azure DevOps Pipeline and Commit to Repository

Bernie White has a Powershell Module (PSDocs) that can generate mark down files (*.md) and Stefan Stranger’s blog post shows us how to upload these to Azure DevOps Wiki. We started investigating this as we saw this being a great feature to automate the creation and maintenance of our README.md files within our IaC Templates. The only issue is that our README.md files live side by side with our ARM Templates in the Azure DevOps Repositories and not in the Wiki section that Stefan’s post updates. So the challenge is, how do we make our Azure Pipelines write back the README.md files it dynamically creates on the build agent to the repository?