RBAC in a modern DevOps world

As I can see in my blog’s stats, and as I can hear from feedback I get from attendees of my talks, Terraform, ARM Templates, and Infrastructure as code obviously are some of the hottest topics to talk and write about nowadays. In this context, I’ve recently often been asked how identity governance, role-based access control, the principle of least privilege, segregation of duties, and security come together in a modern DevOps world. Well, hold my beer…

Howdy folks!

Infrastructure-as-code tools like ARM templates and Terraform are more and more used to deploy infrastructure solutions. In general, these tools run within the context of a service principal so there needs to be an account with high privileges – at least high enough to deploy a given type of resource in your cloud environment. However, in terms of security, it seems to be hard to adhere to the principles security experts tend to suggest, like segregation of duties, role-based access control, the principle of least privilege, and so on. Really? Well, let’s first have a closer look at some of these principles. Continue reading “RBAC in a modern DevOps world”

Terraform – use Azure KeyVault secrets during deployments

In the second part of my Terraform blog series I explain how to access Azure KeyVault secrets during deployments and how to get your external IP address to refer to in a Network Security Group rule. Happy deploying.

Howdy folks,

in my last article I explained how to configure Terraform so you can use it to securely deploy Azure resources. Today I want to go one step further and provide you some information about how to deploy an Azure VM including all depending resources using Terraform. Continue reading “Terraform – use Azure KeyVault secrets during deployments”

How to securely deploy Azure infrastructures with Terraform

Recently, I have intensely been using Terraform for infrastructure-as-code deployments. Since I’m always looking for security in automation I decided to start a blog series in which I explain how to configure and use Terraform to get the best out of it. This article describes the initial config of an Azure storage account as Terraform remote backend. Happy reading.

Howdy folks,

if you have recently attended one of my talks or workshops you know that in my opinion, DevOps, infrastructure as code, and automated deployments are essential for security in cloud environments. For example, you can only access an Azure KeyVault secret during your VM deployment if you do not use Azure portal. You can chose whatever tool you want, however, in this post I’m going to focus on PowerShell, ARM templates and Terraform. Continue reading “How to securely deploy Azure infrastructures with Terraform”

Azure VM auto-shutdown scheduler

As of now you can automatically shutdown your VMs without having to use Azure Automation. Check it out!

Automatically shutdown VMs in Azure is a mandatory task to save time and money, for example in testing environments. Until now, you had to use Azure Automation to have your testing environment shutdown and deallocate. As of now there is a new feature called auto-shutdown scheduler that makes your lives way easier. Continue reading “Azure VM auto-shutdown scheduler”

PowerShell, Azure and macOS? Absolutely!

Azure CLI on macOS is good for some Azure scripting but it lacks many features PowerShell can offer. Learn how to teach your Mac to talk PowerShell to your Azure environment.

Hi folks,

as you might know – I’m a PowerShell enthusiast. And I’m an Azure enthusiast. That’s why I normally use PowerShell for automating tasks around my cloud environment. Well, and I love my Macbook. With Azure CLI on macOS you can do interesting things like provisioning new VMs or get a status overview on them. But Azure CLI is not PowerShell and so it lacks some features I really appreciate.

Bildschirmfoto 2016-11-11 um 19.01.04.png
Azure CLI after executing the azure vm list command

Today I’m gonna show you the best of two worlds – how to manage your Azure environments using a Mac with Azure PowerShell cmdlets on macOS. How it works? Learn it here!

Continue reading “PowerShell, Azure and macOS? Absolutely!”

How to use stored secrets from Azure Key Vault while deploying ARM VMs

Server deployments can be very challenging when it comes to delegating deployments to admins that must not know local admin credentials. Learn how to automate deployments without giving your passwords away using Azure Key Vault.

Who does not know this scenario? You want a trainee to deploy a Windows Server but you do not want to give him or her access to your secret administrator passwords at all. Or you want to delegate deployments to a service provider but you need your passwords to stay save? Azure Key Vault could be what makes your life way easier.

Continue reading “How to use stored secrets from Azure Key Vault while deploying ARM VMs”