Enhanced Azure Bicep Modules for Azure Policy Resources
Tao Yang's System Center Blog
by Tao Yang
3w ago
Introduction I have used the Common Azure Resource Modules Library (CARML) modules for Azure Policies in several projects. I have seen few customers ran into limitations with the policy modules, especially the modules for policy definition and initiatives. When using the CARML modules for policy definitions and initiatives to deploy custom policy definitions, in your Bicep template, you would call the module for every single definition. As we all know, in Bicep, every time when you call a module, it becomes a nested deployment. This means if you have 100 policy definitions to deploy, you will ..read more
Visit website
Azure Bicep Module for Network Security Groups
Tao Yang's System Center Blog
by Tao Yang
1M ago
Introduction Most of my work over the last couple of years has been focused on Azure Bicep and more specifically, CARML(Common Azure Resource Modules Library). I have presented this topic in various occasions (i.e. on the AzureTar’s YouTube Channel, and at Experts Live Australia 2023). I have also made several contributions to the CARML project. In the YouTube videos and the Experts Live talk, I have teamed up with Ahmad Abdalla (@ahmadkabdalla) and Jorge Arteiro (@JorgeArteiro) and covered the concept and benefits of developing your own “overlay” Bicep modules based on CARML modules. The CARM ..read more
Visit website
Managing Azure Private Endpoints using Azure Policy
Tao Yang's System Center Blog
by Tao Yang
3M ago
Using Azure policies to manage the configuration of resources has become a very common practice and there are already many articles covering this topic. When it comes to Azure Private Endpoints (PE), Pretty much all my customers using Azure Policy to register the DNS records for Private Endpoints. This process is well documented here: Private Link and DNS integration at scale. Few weeks ago, I had a requirement to restrict Private Endpoints of certain Azure resources must be created with manual approval. This is because Private Endpoints for certain resources must only be created under very sp ..read more
Visit website
Natively Monitoring Azure Policy Compliance States in Azure Monitor - 2023 Edition
Tao Yang's System Center Blog
by Tao Yang
6M ago
Introduction This is the 3rd time I’m talking about the topic of monitoring Azure Policy compliance states using Azure Monitor. Previously in 2021, I have created a custom solution using an Azure Function app to ingest policy compliance data into Log Analytics. You can find the blog post here Monitoring Azure Policy Compliance States - 2021 Edition. Over the last few years, I have spoken to the Azure governance product group numerous times on the topic of allowing people to query Azure Resource Graph (ARG) within Azure Monitor. Monitoring policy compliance state is a perfect use case for this ..read more
Visit website
Azure Pipeline for Self-Hosted Linux Agent Validation
Tao Yang's System Center Blog
by Tao Yang
8M ago
Introduction Being an DevOps consultant for Azure, most of the large enterprise customers I have worked with are using Azure DevOps (either the cloud version or the on-premises ADO servers). For every project that I’m part of, the Self-Hosted agents have always been a pre-requisites that we request customers to provision before the start of our engagements. The project team would provide customers the requirements for the agents, such as Operating System type and version, list of required software, list of URLs need to be whitelisted on their Firewalls, etc.. Then in the ideal world the custom ..read more
Visit website
AzureTar YouTube Video Series - Infra as Code with CARML Bicep Modules
Tao Yang's System Center Blog
by Tao Yang
9M ago
Over the last few months, I teamed up with my good friend Jorge Arteiro (@JorgeArteiro) and Ahmad Abdalla(@ahmadkabdalla) from Microsoft Australia and recorded a 2-part video series for Microsoft’s open source project Common Azure Resource Modules Library https://aka.ms/carml. CARML is a collection of fully tested and verified Azure Bicep modules that can be used to deploy Azure resources. In part 1 we have given an introduction for CARML, what does it offer. In Part 2, we have dived deeper and demonstrated how we can use CARML modules to deploy Azure resources or further develop more refined ..read more
Visit website
Generate Unique GUID in PowerShell
Tao Yang's System Center Blog
by Tao Yang
9M ago
In Azure ARM / Bicep templates, there is a function called guid() which allows you to generate a unique GUID. You can use this function as many times as you want, as long as the input strings are the same, the output GUID will always be the same. I use the guid() function a lot when working on Bicep code, however, few weeks ago I needed to generate unique GUIDs within a PowerShell script. I couldn’t find any existing code examples, so I came up with my own: Function GenerateGuid { [CmdletBinding()] param ( [parameter(Mandatory = $true)] [string[]]$inputStrings ) $enc = [syste ..read more
Visit website
Experts Live Australia 2023 Announced
Tao Yang's System Center Blog
by Tao Yang
10M ago
It’s been so long since we had the last Experts Live event in Australia. The last Experts Live event I have attended was in March 2019 in Austin, USA. My good friend Daniel Mar was in the process of organising Experts Live Asia and Experts Live Australia for 2020, but unfortunately, due to COVID-19 pandemic, both events were cancelled. I am very excited to announce that Experts Live Australia is back in 2023! The event will be held in Microsoft Sydney Office on 19th-20th 2023. This time, we are getting much needed support from Microsoft, and actually, most of the members in the organising com ..read more
Visit website
Azure Data Factory Global Parameters and Azure Bicep Templates
Tao Yang's System Center Blog
by Tao Yang
1y ago
Few weeks ago, a colleague made me aware of an issue with the Bicep Template I have developed which creates an Azure Data Factory (ADF). After the ADF was created, people started using it and decided to created few Global Parameters in ADF. However those parameters would somehow be deleted after a while. After some investigation, it turned out because those Global parameters are not defined in the Bicep template, when the IaC pipeline runs again after the Global Parameters were created, the Resource Provider would delete the Global Parameters. At that time, my Azure Bicep template did not eve ..read more
Visit website
Script to Create Azure Purview Integration Runtimes
Tao Yang's System Center Blog
by Tao Yang
1y ago
I needed to create Azure Purview with a Self-Hosted Integration Runtime (SHIR) as part of a Infrastructure as Code (IaC) pipeline. Having previously created Azure Data Factory (ADF) with SHIR and I was told by our data engineers the creation process is pretty much the same, I thought it would be fairly easy, just an Integration Runtime resource in my Bicep template. But it turned out although the portal experience is almost identical to ADF, unlike ADF, Purview Integration Runtimes (IR) is not a resource type in Azure Resource Manager. In the Azure REST API documentation, it is under a categor ..read more
Visit website

Follow Tao Yang's System Center Blog on FeedSpot

Continue with Google
Continue with Apple
OR