Azure - dennisholee/notes GitHub Wiki
Terraform
Setup CLI
Run the following from the working directory.
# Mount current working directory to Podman machine's /export/devs
podman machine init -v ${PWD}:/export/devs
podman machine start
# Run terraform from Ubuntu
podman pull ubuntu:latest
# Mount working directory via Podman's machine to containuer's /export
podman run -it -v /export/devs:/export ubuntu /bin/bash
# Update APT - should be running from container's prompt
apt update
# Install sudo and curl packages
apt install sudo curl
# Install Azure CLI - https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
# Install Terraform
# Follow instructions in https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
Login to Azure via Command Line
az login
Initialize Terraform
terraform init
Management Groups
- Recommended to use this for environment separation e.g.:
- Production and pre-production.
- Internal vs external facing services.
Subscriptions
- Define resource usage availability and quota.
Resource Group -
Resources
Tags
- Metadata and documentation
- Automation
- Cost optimization i.e. by team or department
- Links:
Azure Active Directory
Conditional Access Policy
Conditional Access:
- Grant - https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grant
- Session - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session
Azure Device Identities:
-
Azure AD Registered
- User signs in with local device account
- Control access by using identity type and conditional access policy
- Typical use case:
- Bring Your Own Device (BYOD)
- Personal devices
-
Azure AD Joined
- User has an AD account
- Able to apply organization policies
- Typical use case:
- Device belongs to the organization
- Can operate in the absence of an organization / internal network
- Can operate without an organization's Windows AD
-
Hybrid Azure AD Joined
- Requires synchronization between Windows AD and Azure AD.
- Typical use case:
- User login using organization's Windows AD
Multi Factor Authentication
Usage Model:
- Per Authentication:
- Purchasing model that charges per authentication.
- Typically used for scenarios that use Azure Multi-Factor Authentication in a consumer-facing application
- Per Enabled User:
- Purchasing model that charges per enabled user.
- Typically used for employee access to applications such as Office 365.
Virtual Machines
First time bootstrap
Cloud-Init Azure Linux Agent (WALA)