Category

Azure

Azure

Live notifications from an Azure Keyvault to your Slack

In a world where monitoring is key for sensitive information, or even for alerts that can put your system down (such as an expired certificate), it is necessary sometimes to be alerted “right away”. Azure Alerts are great, but they have a delay, as the data needs to get ingested into your analytics and then need to run with the alert frequency you have set for you to be aware that something is going on. In this post I will show a way where you can be alerted somewhat instantly. We will consume 2 types of event data from a keyvault, that is the diagnostics AuditEvent and the events that Azure provides us out of the box. Once consumed, we…

Read more
Azure, DevOps

Automating your OpenAPI updates to API Management through your CI/CD pipeline

Microservices are the trend in today’s day and age, even if you may have read that some are going back the monolith way. Most microservices architectures are built to communicate through REST: each service is an API that shares a contract for other services to consume. Since your product ecosystem will (hopefully) evolve over time, your contracts are to evolve overtime as well. If you decided to consolidate your contracts consumption into one point of entry (using the API Gateway pattern), how do you actually make sure that those contracts are properly updated in your gateway for each of your environments up to your production environment? In this post, I will show you how you can update your APIs contracts…

Read more
Azure, SQL Server

Backing up SQL Server databases to Blob Storage using Impersonation

One of the main goals I’m trying to achieve when developing solutions is giving as much autonomy to individuals and teams while still keeping the boat tight. I had an interesting challenge that came up recently where a developer was doing massive changes in the data and needed to take incremental backups of the database, as he was working, to give himself a safety net in case he screwed up. We can say this is the source control way, database style. The physical hardware space of the server is limited. Taking backups often can become expensive in terms of size. Thanks to the SQL Server team, we can backup (and restore) a database to (or from) an Azure Blob Storage….

Read more
Azure, DevOps

Migrating your applications to Azure using Virtual Machine Scale Sets, Packer and Virtual Machine extensions – Part 3

This is a continuation of the previous post about migrating your not ready cloud application to the Azure cloud. The last post discussed about creating a managed image to be able to be used by a virtual machine scale set for provisioning. What will we do in this series I decided to do a series of posts about this topic as it touches a variety of aspects. I will use a concrete example that may or may not have happened to you and I plan to cover Building a managed image from an Ubuntu image as base, and setting up a web server (Tomcat for instance) to host an application Creating a Virtual Machine Scale Set using ARM templates Adding…

Read more
Azure

Migrating your applications to Azure using Virtual Machine Scale Sets, Packer and Virtual Machine extensions – Part 2

This is a continuation of the previous post about migrating your not ready cloud application to the Azure cloud. The last post discussed about creating a managed image to be able to be used by a virtual machine scale set for provisioning. What will we do in this series I decided to do a series of posts about this topic as it touches a variety of aspects. I will use a concrete example that may or may not have happened to you and I plan to cover Building a managed image from an Ubuntu image as base, and setting up a web server to host an application Creating a Virtual Machine Scale Set using ARM templates (this post) Adding a…

Read more
Azure

Migrating your applications to Azure using Virtual Machine Scale Sets, Packer and Virtual Machine extensions – Part 1

So you are ready to move your application to Azure but it is not fully optimized for the cloud. You looked into App Services (web apps), but to be able to really get the best of them, it would need some definitive improvements in the code. You go back to your team and management and propose them a lift and shift that would make everyone happy. You then plan your improvements in your timeline and estimates. How can you effectively lift and shift your application so that it can be highly available (within one region) and scalable? In this series of posts, I will show you how you can package your application in an image and have it ready for…

Read more
Azure, PowerShell

SSL certificates management using Lets Encrypt, Azure Automation and Web Apps

I’ve been doing a lot of automation lately in regards to SSL certificates and Lets Encrypt. As you know, and I’m sure you are the same, I do not like redoing stuff over and over when I can just automate the process. Azure Az PowerShell modules gives us a lot of flexibility for that and I like to take advantage of it. In this post, I would like to guide you on how you can achieve Automating the generation of Lets Encrypt certificate to your Key Vault using Azure Automation Updating the certificate on your App services so that you can rebind it to your Web Apps Automation of generation of Lets Encrypt certificate(s) Lets Encrypt has a way of…

Read more
Azure, PowerShell

Finding the SKUs of Azure VMs images with Powershell

I always struggle to know what to put in the imageReference node of the storageProfile node for an Azure VM when I want to automate the creation process through ARM (Azure Resource Manager) templates. We can find all of those using the Azure PowerShell modules. Below is a small script to automate the creation of the imageReference node where you can find and filter through the different location, publishers, offers and skus to get what you need.

Happy ARMing!

Read more
Azure

End to End SSL solution using Web Apps and Azure Application Gateway multisite hosting

High performance and security (amongst other things) are the 2 non-functional requirements that usually first come to mind when we design an infrastructure architecture for the applications we develop. The usual 2 concepts that pop up with these 2 requirements are load balancing and firewalls. How can you easily achieve and check these 2 concepts when you are developing your architecture in Azure? One component that you can use for this is the Azure Application Gateway. Azure Application Gateway is a web traffic load balancer (OSI layer 7 load balancer) that enables you to manage traffic to your web applications. Some of its features include (but not limited to): URL-based routing: make routing decisions based on additional attributes of an…

Read more
Azure, Docker

Connecting to Azure Redis Cache with Docker

If you are a Windows user and you want to access your Redis cache, you probably have realized that getting the redis-cli for Windows is not as easy as 1,2,3. You probably also wandered around the internet trying to find a free GUI that does the job of access Redis in a secure way (that is that is supports SSL/TLS out of the box). You then realized again that they probably have limitations themselves and it’s also not easy as 1,2,3. Your last solution, use the redis-cli that comes with the redis server on a linux flavored distro. Lucky for you, in Windows 10, you can install the Linux subsystem and then install redis which includes the redis-cli. Great, but…

Read more
Azure, C#

Loading a X509 certificate from Azure KeyVault into a .NET Core application

In a context where we are now using APIs a lot more than we used to, it becomes important to secure them. One way we can secure them is using the OAUTH/OpenId protocol, which relies on Json Web Tokens (JWTs).  A JWT needs to be generated and digitally signed by the authority (what we call a Security Token Service (STS)) your APIs trust. They require signed JWTs to prevent attackers from altering or counterfeiting such tokens in an attempt to gain unauthorized access to the resources secured by the APIs. A good open source implementation of such authority is IdentityServer4 which also gives you a lot more features than just being a STS. In development mode, IdentityServer4 provides you with…

Read more
Azure, Database, Web

Using managed identities with SQL Azure Database in ASP.NET Core

We are now in a world where we want to eliminate passwords as much as possible, and Microsoft, through its cloud platform Azure, is trying to help us do that. Today, I want to show you how you can secure your SQL Azure database using managed identities so you don’t have to create any SQL Login and carry passwords around. Prerequisites To demonstrate this, I will be using the following Azure resources: Azure App Service Plan / App Service Azure SQL Server 1 Azure SQL Database Make sure you have those already created. You also will need either the Azure CLI or Azure Az powershell module. In my case, I will be using the Azure Az powershell module. Moreover, in…

Read more
Azure

Remove a directory from your Azure account

My account had a directory in Azure that I was not a member of anymore and that I wanted to remove.  You may be in a similar situation in that you have a directory in your Azure account that you don’t need anymore and you want to remove it from your account. It is now possible to self-leave a directory as show in this post. Here is the accepted answer: 1. Log into the Access Panel at https://myapps.microsoft.com In the upper-right corner, select your name. 2. Next to Organizations, select the settings icon (gear). Note: If you can’t see the settings icon (gear), widen the browser screen. The Access Panel user interface is a reactive interface that adepts to the…

Read more
Azure, C#, Web

Connecting Azure AD and Azure AD B2C to IdentityServer4

I’ve been playing with IdentityServer4 lately and I wanted to share you guys the findings I’m finding while I am playing with it. IdentityServer4 for the ones who don’t know it, is an OpenID Connect and OAuth 2.0 framework for ASP.NET Core 2. You can read all about it here. In today’s post, I would like to show you how you can connect Azure AD and Azure AD B2C to IdentityServer4 as external providers. When doing so, IdentityServer becomes a federated gateway. Both implementation are similar, however, Azure AD and Azure AD B2C have specificities that are particular to them. Connecting to Azure AD We can connect Azure AD to IdentityServer through an external OpenIdConnect provider. To do that, you…

Read more
Azure, C#, Visual Studio

The moment I came to play with .NET Standard 2.0 – Azure Functions

A lot has changed ever since I played with Azure Functions and .NET Standard 2.0. If you remember from my previous post, I was talking about how you had to set the FUNCTIONS_EXTENSION_VERSION to beta in order to benefit from the new runtime. I also talked about how I had a problem with the connection manager to access the app settings. Well the good news is that the team now fully migrated to the new Configuration modeling from ASP.NET core. You can now easily refer to your configurations by importing the following packages and using the following code to have access to your configuration: Nuget package Description Microsoft.Extensions.Logging Main logging package Microsoft.Extensions.Logging.Abstractions Makes SetBasePath() available Microsoft.Extensions.Logging.Json Makes AddJsonFile() method available…

Read more