Quick tip: Get in control by using your GitHub context

GitHib actions and workflows are very powerful by nature. They help me to build and deploy my Azure environments, without having me to do all the tedious and errorprone work. I create a pull request, have it peer reviewed and once approved my environments are provisoned the way I envisioned it. This is also the case at my current assignment for a large organization. Last year the organization decided that a new change management system (which name I refuse to pronounce) should handle all changes. Continue reading

Quick tip: Find permissions in RBAC roles easily

When building infrastructures in Azure, you sometimes come to a point in which you need to add an additional action to a RBAC role in order to access certain Azure resources. In our case we needed to add read permissions on the Front Door activity logs to an internal security administrator role. The way I used to do it, was browing MS-learn to can find a comprehensive list of built-in roles. Continue reading

Where is that documentation? A tale on setting up diagnostic settings...

I’m a big fan of Azure and building infrastructure on it using IaC (Infrastructure as Code) and deploy it through pipelines (Azure DevOps) or workflows (Github). The last two years, I primarily used Bicep to build the infrastructure. This is often a very satisfying experience but in some cases it can be quite frustrating. Frustrating because I can’t find the information that I need in the MS Learn documentation at the location where I would expect it to be. Continue reading

A nightmare on FrontDoor in Bicep...

For some reason I seem to attract the most exotic scenarios when it comes to building Infrastructure as Code (IaC). This time it was no different. For a client I’m working on building an environment in which disaster recovery is a top priority. Besides being zone redundant, the client requires region redundancy as well, in case a complete Azure region gets wiped out by a disaster or a combination of disasters… My imagination gets triggered and I envision all kinds of apocalyptic movie scenarios. Continue reading

Note to self: fix invalid GitHub credentials in VSCode

From time to time I start working on projects for new customers. As soon as I start I receive an invitation from Github to join the customer’s Github organization. Most of the organization have a SAML based single sign on (SSO). After joining the organization using my personal Github account, I’m able to work on the repositories on which I have access. So far so good… Then the moment comes that I need to clone the repository, which can be a hassle from time-to-time. Continue reading

GHAS - How to use CodeQL custom queries?

Over the last two years, I have seen a growing awareness when it comes to zero trust computing. When organizations look at zero trust computing, the first thing that comes into mind is getting the infrastructure secure. Assuming breach, ensuring that there are multiple layers of security applied. As an engineer I love seeing this growing awareness. What a lot of organizations seem to forget is that perhaps the most important part of securing its data starts with analyzing the source code of its proprietary software. Continue reading

How to prepare for the Azure Cybersecurity Architect SC-100 exam

Frustration! If one word should describe the learning experience using Microsoft Learn (other words could have been: indigestable, wut?!, uncohesive etcetera). I have never encountered a Microsoft Learning path that was so hard to digest. Then you could ask yourself: “Is the subject that hard?”. It is not the subject, it is the way the self-study was written. In this blog post, I will share the way I prepared for this exam. Continue reading