Isn’t that title a mouthful.
Coming from Terraform, there are somethings that seem strange in Bicep.
One of those is the way that the Resource Manager API handles assigning User Assigned Managed Identities (UAMIs).
If you look at the API documentation for a resource
(in this case we are going to use an Event Hub Namespace, but this applies to all resources that can have a UAMI assigned)
you will see that the userAssignedIdentities value of the identity property looks lkie this:
Read more…
In a recent project we used GitHub Actions to deploy our Terraform code. While not the best way to deploy Terraform, we had it working nicely.
One of the biggest challenges we encountered was how to download the private Terraform modules we had created. In a GitHub Actions workflow you can specify the permissions that the runner should be granted. However, these permissions are scoped to the repository that the Action is running on, and it is not possible to add additional repos to the permission set.
Read more…
Recently Microsoft announced a public preview of native IP Address Management in Azure, powered by Virtual Network Manager.
Being new technology, and with a new landing zone to build, I decided to test and see if we could use it to make IP management simpler.
The starting point was to completely miss the documentation and try and work it out myself.
Sadly, the API documentation has yet to be updated to cover the new properties, and tracing the portal requests didn’t help either, since it uses a slightly different flow (sigh!).
Read more…
I recently had the privilege of opening the New Zealand GitHub User Group with a presentation on using Azure Container Apps for self-hosted GitHub Actions Runners. The recording of the session is available on YouTube.
<div style="position: relative; padding-bottom: 56.25%; height: 0; overflow: hidden;">
<iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen="allowfullscreen" loading="eager" referrerpolicy="strict-origin-when-cross-origin" src="https://www.youtube.com/embed/vVTpss4WpOA?autoplay=0&controls=1&end=0&loop=0&mute=0&start=0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border:0;" title="YouTube video"></iframe>
</div>
In May 2024 Microsoft released the Public Preview of the new Flex Consumption Azure Functions. This is an exciting release, primarily because it finally allows a consumption Function App to be VNet integrated. Before the release of Flex Consumption Function Apps, we had to either decide to use a consumption plan or allow access to internal resources (and pay 24/7 for the privilege). While there have been workarounds (e.g. run a Function App in Container Apps) none were ideal.
Read more…
Have you ever had one of those days where your troubleshooting resembles doing the foxtrot? Forward. Sideways. Backwards. Round in Circles. I had one of those last week.
My current customer is using Ansible for orchestration. As part of proving out the capabilities, and working through the best way to make it all work, I needed to set up my local environment.
Running macOS typically makes setup a breeze. Thanks to the wonderful Homebrew Pacakge Manager. Tools such as Ansible and Ansible Lint are just a brew install away.
Read more…
Microsoft have make controlling routing within a Virtual WAN much easier thanks to a combination of Routing Intent and Route Maps (in preview at time of writing). Route Maps work in the same manner (at least theoretically) to route map configuratons network administrators are used to in on-premises equipment.
In testing tehm out for a customer, I ran straight into a problem. I like to keep things tidy, and when I looked at the output of the outbound route map configuration for a site to site VPN with AWS, I didn’t like that it showed all my AWS routes being published back out to the VPN. So I configured a route map rule to drop reflected routes.
Read more…