Sunday, January 16, 2022

Bicep Setup for Log Analytics and App Insights

Bicep makes us human again. After all Json ARM templates, we can now write something with less brackets. I have written a few articles on Bicep and some templates related to APIM before as well. In this article,  I will explain how to setup a Log Analytics workspace and bind App Insights instances to it. 

Monday, January 3, 2022

Understanding the Azure Security Benchmark

Security in IT can keep people awake at nights. There are many new services and features introduced to Azure every year. It is not easy to keep a track of everything as an administrator or even as a team. Sudden exploits at any level can cost organisations valuable money and thereafter their credibility. So how can we make sure our services on cloud are secure as best it can get? 

This is answered with Azure Security Benchmark.

There are three main guidelines provide security standards. 

  1. Center of Internet Security (CIS)
  2. National Institute of Standards and Technology (NIST)
  3. Payment Card Industry Data Security Standards (PCI - DSS)

Friday, December 31, 2021

Plan for Chaos with Azure Chaos Studio

Two things rule the reliability of a system. Application and infrastructure. Developing applications is not easy but complicated and can be controlled to a certain extent. Things we know works are called features and things we cannot or forgot to fixed will be called known issues. There are many tests you can run to ensure the code works and code + UI = application works. Unit tests, UI tests, automated scripts, you name it. 


It is one thing to have a working application. But how about infrastructure? Many thought cloud could make life easier for infrastructure people. It just made life even harder. If things go wrong (chaos happens), there can be very minimal we can do to control. One thing we can do is try to plan for chaos.

Azure Chaos Studio just allows you to plan and test your infrastructure and prepare to be ready for any unexpected situations. It is not just a signal based simulation. It makes infrastructure fail for real. This makes the worst possible scenarios testable. 

Monday, December 27, 2021

Azure Blueprints to replace ARM Templates?

 It is a controversial topic to be discussed. Will Azure Blueprints replace ARM Templates or Bicep? Well, we have been asking too much from ARM Templates. It can be very complexed, not just from the language perspective, but from the organisation perspective. Bicep solves the language complexity, but building a large infrastructure with many policies is always a mess. We can combine ARM templates but chances are multiple teams work in different ones if it is a large organisation. 


Let me be clear for a second. Blueprints does not replaces ARM templates. If you look at the image above, you may figure out why. 

Wednesday, December 22, 2021

How to use Azure Spot VMs?

 There are instances where you need high availability for regular workloads. But there are also instances where you do not need availability all the time. Imagine having a test environment,  things can wait. Late night batch processes might not need very high availability. On the other hand,  these batch processes can be compute expensive. If you are to have a separate instance allocated, that might cost considerably higher.  


Saturday, December 18, 2021

Bicep Templates for APIM Configuration - Part 2

 In previous article I have explained how to create an API with Bicep. But APIs in APIM goes towards versioning and then endpoints. 

If you do not intend to use versioning, you can create API in the last step of the previous article. Otherwise you need to define a version set first. 

resource adminApi_VersionSet_V1 'Microsoft.ApiManagement/service/apiVersionSets@2021-04-01-preview' = {
  name: 'adminApi_VersionSet_V1'
  parent: apim
  properties: {
    description: 'Admin API'
    displayName: 'Admin API'
    versioningScheme:'Segment'
  }
}

Here I am using the Segment as the versioning scheme. You can opt to use the Query String or a header as well instead.  

Sunday, November 28, 2021

Bicep Templates for APIM Configuration - Part 1

Here are some of the Bicep templates I came across when working through. 

Create an APIM Instance


resource apim 'Microsoft.ApiManagement/service@2021-04-01-preview' = {
  name: apimName
  location: region
  sku: {
    name: sku
    capacity: 1
  }
  properties: {
    publisherEmail: publisherEmail
    publisherName: publisherName
    virtualNetworkConfiguration: {
      subnetResourceId: '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.Network/virtualNetworks/${virtualNetworkName}/subnets/${subnetName_ApimAccess}'
    }
    virtualNetworkType:'External'
  }
}

This example allows the APIM to be connected to a subnet on a virtual network.