Zero to Hero: Secure IaC with Bicep

Hello dear friends,

I would like to welcome everyone who is landed on this page to check out the Azure Spring Clean 2023 event and Learn new cloud skills!

Before kicking off the topic, I would like to start with a “THANK YOU” message for the organizers of the event; especially for Joe, Thomas, and everyone who is involved in making this event a successful experience for everyone!

Note:

Introduction

In the spirit of Azure Spring Clean, we will explore how to organize Azure Security Services using the infrastructure-as-Code (IaC) approach with Azure Bicep.

We will look into how you could declaratively define and deploy your Azure security resources including Azure Policies to tackle real-world business problems. So, get yourself ready for simple yet powerful demos that will turn you into a hero.

And don’t worry, if you are new to Azure Bicep as we will have a super express introduction to this new IaC language to get you started with fundamentals.

By the way, if you are super new to Azure Bicep then please check the following YT recording – “What is new in Azure Bicep language?”

What is Azure Bicep

Azure Bicep is a new declarative Domain Specific Language (DSL) for provisioning Azure resources. The purpose of Azure Bicep is to simplify the resource creation and management experience with a cleaner syntax and more code reuse.

Declaring resources as IaC

There are many benefits in declaring and managing cloud infrastructure resources as a code. It provides benefits, such as increased compliance, visibility, controlled deployments and versioning of changes that get deployed into your cloud environments.

The following screenshot demonstrates how Azure Bicep declares cloud resources on the left side of the panel:

Organizing cloud resources

No matter how small or big is your project, taking time to think through the approach of how to organize your digital assets is an important task. In Microsoft Azure, you would need to consider a couple of points while trying to make this decision. Namely, you would need to consider the following factors:

  • Resource Governance approach
  • Management scopes
  • IaC management options
  • Modules, ACR, Template Specs, etc.

Azure Policies for governance

The Azure Policies are assigned with a unique mission to guard the compliance aspect of your cloud resources and workloads. It evaluates resources at specific times (by default happens every 24 hours) during the resource lifecycle changes and the policy assignment lifecycle updates.

Thus, whenever you get a resource created, updated, or deleted within a scope of the monitored compliance, or if you update/create an Azure policy then the compliance evaluation cycle will determine the compliance of these changes by auditing, blocking, or allowing the action to be performed.

Securing storage account options

Note: this section of the post is in progress…
It will be presented with the screenshots and GitHub repo for you.
Stay tuned, and check in a few days 😉


video & Demo – a sweet combo

In the video below, I briefly cover the posted information in this blog post which also includes the instructions on how to run the demo and get the scripts to deploy Azure Policies for your Tag Governance scenario.

Without any overdue, here is the video that should be available to you:

The following image is a screenshot from the slide that demonstrates the Bicep code that declares the policy definition and initiative, with the final view of deployment on the Azure portal.


Please, feel free to check out the GitHub repo – Learn Azure Bicep.

Summary

Thank you so much for reading this post and learning about Azure security and compliance and how IaC language Azure Bicep can help you in this journey. This is a bit different perspective to strengthen your resource/workload compliance on Azure using IaC approach.

Please, keep up the good work by securing your organizational and customer cloud environments!

Troubleshooting steps with the Azure Bicep Insert and system path errors

Hello Cloud Marathoners!

I have been getting a strange error on the Azure Bicep Insert functionality on my laptop, while it was working as expected on my work laptop.

Thus, I started to compare Azure Bicep versions and extension plugin versions on VS Code. Even though, both have the same versions, I was getting the following errors:

ChainedTokenCredential failed due to an unhandled exception

“Caught exception fetching resource: The ChainedTokenCredential failed due to an unhandled exception: Azure CLI authentication failed due to an unknown error. See the troubleshooting guide for more information.”

After a couple of hours of troubleshooting, I was getting a different error:

“Caught exception fetching resource: The ChainedTokenCredential failed due to an unhandled exception: Azure PowerShell authentication failed due to an unknown error. See the troubleshooting guide for more information.”

I was not sure what was wrong, and thus I opened a GitHub issue on Azure/Bicep. Link to the issue: https://github.com/Azure/bicep/issues/9911

Not an Authentication issue

First thing first, I have eliminated the possibility of Azure authentication not working on my VS Code, by running the following commands and seeing the results:

Issues that helped to dig for a fix

I was seeing an error: “The system cannot find the path specified.”. This was in my Windows Command Prompt and PowerShell consoles.

Here are the screenshots of the errors that I was seeing:

Resolving path issues

First, I checked all my paths in Environment Variables on my Windows laptop, and there were 1-2 unresolved paths that I removed.

Cleanup of the Registry AutoRun

The next step was removing any Auto Run values that I may have in Win Registry.
This last step was helpful to resolve all the errors on Windows Command Prompt and PowerShell.

In Summary

At the end of the troubleshooting and after a couple of hours of banging my head into the wall, I was happy that the Path and “ChainedTokenCredential failed” issues had been resolved.

Thank you for reading my post and I hope this post has helped you to troubleshoot the issues that you may have.

If your issue is still not resolved after following my post, please reach back to me.

How to fix the GitHub pipeline issues when credentials are expired?

Hello Cloud Marathoners,

In this post, I will be addressing a common an error that could be seen in your GitHub actions, once in a while, called “Error: Az CLI Login failed. Please check the credentials and make sure az is installed on the runner”.

UPDATES coming soon…

Happy New Year and Congratulations to “Awesome Azure Bicep” community of contributors!

Good day, #CloudMarathoner community!

I am very glad to announce the latest stats and progress on our community repo “Awesome Azure Bicep”!

What is Awesome Azure Bicep

This is a GitHub repo that helps you to learn and discover resources that are helping you with the adoption of Azure 🚀 Bicep – a new #infrastructureascode approach to manage Azure resources.

📌 Check out a curated list of blogs, videos, tutorials, code, tools, scripts, and anything useful to help you learn Microsoft #AzureBicep language 👉https://lnkd.in/e58nEfbd

Awesome Azure Bicep repo

who are the contributors?

Huge Kudos to #community contributors who made the latest version possible:

Luke Murray
Kasun Rajapakse
John Lokerse
Sam Cogan
Christopher Maneu
Matt Willson

call for action

Thanks for the 145+ 🌟 and 40+ 🍴 from the #community we are growing and looking for your contribution 😍

Please, check this #community maintained and updated repo and feel free to open an issue or provide feedback.

📌 Check out the post details on LinkedIn platform 👍

Thank you for all your hard work!

New episode on “What you need to know about Azure Bicep configurations?”

Hello, dear community friends!  

As I mentioned in a previous post, we are in a festive December month with a great event!
The Festive Tech Calendar is in a full swing and presents new sessions to everyone, every day.

If you missed my live session, No problem. I have recorded it and you can re-watch it 🙂

Check this session below, if you want to learn important things on how to configure your Azure Bicep environment and use Azure security resources with them!

Direct link to the YouTube video: https://www.youtube.com/watch?v=Ss4012kSRcE


Summary

Please, let me know if you have any questions, and feel free to DM me on @LinkedIn or @Twitter!

Festive Tech Calendar 2022 Session details are coming soon!

Hi friends,

I hope you are all excited about the upcoming special, a month-long event.
The Festive Tech Calendar 2022 Session details are coming soon!  

This year, organizers are aiming for something a bit different and more joyful. It will be a joyful learning experience throughout the month of December as the event will bring you much new content from different speakers and communities around the globe.

We are presenting

Awesome news came from the Festive Tech Calendar, as I am presenting this year too, with the recent content on Azure Bicep configuration details.

LinkedIn post details

Thank you, organizers, I will be doing a session with a holiday theme to help our community members with configuring the Azure Bicep development environment.

📌 Visit every day >> https://lnkd.in/dKFawYNn to learn new things!

And don’t forget to check out the DAY 16 😉

Have a festive and warm month in December!

🎄
✨

Learning infrastructure as code with Azure Bicep

Hello cloud marathoners!

I am very honored to prepare an Azure Bicep session for the Azure Dominicana meetup group and would like to thank Gregory for extending his invitation.

As you know, the Azure Bicep language brings a new Infrastructure as a Code (IaC) approach to managing your Azure resources in a clean way. In addition, we also have a classic ARM JSON template that is traditionally used to define Azure infrastructure resources in a declarative way. However, it is not easy to author and maintains ARM JSON templates when your project grows in complexity.

That is when Azure Bicep comes into play, to simplify the management of your infrastructure while re-using code. So, please join my session and I will explain to you how to start using Azure Bicep and easily manage your cloud infrastructure.

Azure Dominicana user group

“This Meetup is for all those interested in knowing and learning more about Azure and trying to keep up with the latest trends and new features.
Let’s talk together about interesting topics in our language and let’s all grow together in new knowledge and experiences!” – according to the Azure Dominicana meetup page.

Learning infrastructure as code with Azure Bicep

Summary

If you are also excited about this session, please register here.
I hope to hear from all of you in this session and address the questions that you may have.

Updates

Please, check the meetup homepage as I have been told that the session recording is going to be uploaded soon. Thanks!

Azure Back to School with Bicep session

Hello friends,

The Azure Back to School event is still in full swing and I am happy to announce my second session on this great event.

My session #2

This session is focused on new features and capabilities of Azure Bicep’s latest language. But don’t worry if you never used it before as I will have a brief introduction into what it is and where it could help you.

In this demo heavy session, I am planning to demonstrate how it is simple to create, manage a modularized Azure infrastructure-as-code, while using familiar tools.

Presenting at GIRA ONLINE SPEAKERS LATAM 2022 on Azure Bicep tips and tricks

Hello Cloud Marathoners,

This week, I am presenting at GIRA ONLINE SPEAKERS LATAM 2022 event.
It is one of the largest technology events that is made available to all of Latin America and Microsoft communities.

Please, check the following LinkedIn post where I made announcements about this session.

No alternative text description for this image

My session is focused on a brief introduction to IaC with Azure Bicep and Productivity tips for setting your infrastructure-as-code on your VS Code environment.

recorded session:

The Azure Bicep – Productivity tips session has been published on YouTube channel.

Please, check it out and let me know your feedback.

Thank you for following the #CloudMarathner journey!

What is new in Azure Bicep v0.6?

Hello freinds,

Thank you everyone who has landed in this page to check out my Global Azure 2022 session – What is new in Azure Bicep language?

I had a great joy while interacting with a number of attendees.
Thank You for checking this blog and please feel free to reach out back with your questions.

What is new in Azure Bicep language?

As you might know, the Azure Bicep language brings a new Infrastructure as a Code (IaC) approach to manage your Azure resources in a clean way.
We also have a classic ARM JSON template that is/was traditionally used to define Azure infrastructure resources in a declarative way.

However, it is not easy to author and maintain ARM JSON templates when your project grows in complexity.

A demo screenshot from the session

But, I have good news for you – Microsoft infrastructure team has been working on new language to ease this process. Thus, an Azure Bicep language is created to simplify management of your infrastructure while re-using the code.

In this, I have introduced new features and capabilities of Azure Bicep v0.5 & v0.6 language. You also see demos on how it is simple to create, manage a modularized Azure infrastructure-as-code, while using familiar tools and extensions on VS Code.

A screenshot from the slides

If you missed this session, no worries, you are covered, as this session was recorded. It is freely availiable on the #cloudmarathoner 🖐 ⏩ YouTube channel here.

The slides and as well as links to the recommended resources are posted on my 🖐 🍴 GitHub repo here.

Please, feel free to check up this GitHub repo, share & fork it as you like 👍