Hope you are all doing great and excited about this year’s Azure Spring Clean 2024 event!
In this episode, I will share our new #AzureBicep session with amazing community members like you and my partner in crime, Microsoft Azure MVP Kasun Rajapakse.
🎯 Teaser description of what you could expect:
Embrace the power of comprehensive testing by integrating it seamlessly into your Azure Bicep code! In this session, we will experiment with some testing strategies that allow you to weave testing processes effectively into your Azure Bicep infrastructure-as-code (IaC) development.
We’ll explore the pivotal role of testing in ensuring the reliability, scalability, and security of your Azure deployments. You will learn how to get started with Bicep-specific unit testing frameworks that complement your Bicep code, enabling you to detect and rectify potential issues at an early stage of development.
I hope everyone has a joyful festive season with family and has more than one reason to celebrate. In the spirit of the season, We (#cloudmarathoner community) rolled our sleeves and produced two sessions for the Fesive Tech Calendar 2023 event.
The first session – “The 12 Bicep 💪 Tips of Christmas: Best Practices for Azure Deployment” is done in collaboration with Kasun Rajapakse – a Microsoft Azure MVP and a #cloudmarathoner community contributor.
In this session, we invite you to take a trip to Azure with ‘The 12 Bicep Tips of Christmas: Best Practices for Azure Deployment.’ We encourage you to open the present of knowledge as we show you the ropes and help you use Azure Bicep to its best potential. By joining us you will spread good cheer for a prosperous and trouble-free Azure experience this holiday season in honor of efficient cloud management.
If you have been implementing your customers with the management of enterprise subscriptions and policies, then it is a pretty common need to automate the provisioning of those subscriptions in a controlled and secure manner.
The good news is that you don’t have to reinvent the wheel and do everything from scratch. The Microsoft team that is behind the Azure Landing Zones implementation has a good reference that could tremendously help you.
Microsoft Global Customer Success team
Have you ever checked the subscription vending IaC Modules from the Microsoft Global Customer Success team (the same team behind Azure Landing Zones)?
Subscription Vending IaC Modules
Well, if not then Subscription Vending IaC Modules are available for you in two popular infrastructure-as-code (IaC) tools: Bicep and Terraform. AND designed to help you implement the best practices for subscription provisioning.
Why use these modules?
Using these modules, you can quickly and easily provision new Azure subscriptions that are pre-configured to meet your organization’s specific needs. The modules include parameters/variables for Role-Based Access Control, Networking, Tags, and more.
Recently, I have been asked for a reference on how to implement a microservices architecture from code to production, using an open-source stack with Azure.
In this workshop, you will build a complete application including a website with authentication and 3 microservices, deploy it to Azure using a CI/CD pipeline, monitor and tune the scaling of our services, and use log tracing to debug issues.
And yes, all that is done without needing to use Kubernetes while using the #AzureBicep 💪 for #infrastructureascode (IaC) and deployment!
This workshop approach is one of many ways to get started with Node.js Microservices in Azure. But, I am interested to hear from you.
What is your preferred way to implement microservices in Azure ⁉ 🤔 Please, share your feedback 💬 in the comments or in the following LinkedIn post.
In Summary
I hope you will enjoy this reference architecture and the @GitHub code repo. More importantly, you got a chance to learn something new. Hopefully, you’ll be able to take this knowledge back to your projects and improve your solutions.
I would like to welcome everyone who is landed on this page to check out the Azure Spring Clean 2023 event and Learn new cloud skills!
Before kicking off the topic, I would like to start with a “THANK YOU” message for the organizers of the event; especially for Joe, Thomas, and everyone who is involved in making this event a successful experience for everyone!
Note:
Introduction
In the spirit of Azure Spring Clean, we will explore how to organize Azure Security Services using the infrastructure-as-Code (IaC) approach with Azure Bicep.
We will look into how you could declaratively define and deploy your Azure security resources including Azure Policies to tackle real-world business problems. So, get yourself ready for simple yet powerful demos that will turn you into a hero.
And don’t worry, if you are new to Azure Bicep as we will have a super express introduction to this new IaC language to get you started with fundamentals.
Azure Bicep is a new declarative Domain Specific Language (DSL) for provisioning Azure resources. The purpose of Azure Bicep is to simplify the resource creation and management experience with a cleaner syntax and more code reuse.
Declaring resources as IaC
There are many benefits in declaring and managing cloud infrastructure resources as a code. It provides benefits, such as increased compliance, visibility, controlled deployments and versioning of changes that get deployed into your cloud environments.
The following screenshot demonstrates how Azure Bicep declares cloud resources on the left side of the panel:
Organizing cloud resources
No matter how small or big is your project, taking time to think through the approach of how to organize your digital assets is an important task. In Microsoft Azure, you would need to consider a couple of points while trying to make this decision. Namely, you would need to consider the following factors:
Resource Governance approach
Management scopes
IaC management options
Modules, ACR, Template Specs, etc.
Azure Policies for governance
The Azure Policies are assigned with a unique mission to guard the compliance aspect of your cloud resources and workloads. It evaluates resources at specific times (by default happens every 24 hours) during the resource lifecycle changes and the policy assignment lifecycle updates.
Thus, whenever you get a resource created, updated, or deleted within a scope of the monitored compliance, or if you update/create an Azure policy then the compliance evaluation cycle will determine the compliance of these changes by auditing, blocking, or allowing the action to be performed.
Securing storage account options
Note: this section of the post is in progress… It will be presented with the screenshots and GitHub repo for you. Stay tuned, and check in a few days 😉
video & Demo – a sweet combo
In the video below, I briefly cover the posted information in this blog post which also includes the instructions on how to run the demo and get the scripts to deploy Azure Policies for your Tag Governance scenario.
Without any overdue, here is the video that should be available to you:
The following image is a screenshot from the slide that demonstrates the Bicep code that declares the policy definition and initiative, with the final view of deployment on the Azure portal.
Thank you so much for reading this post and learning about Azure security and compliance and how IaC language Azure Bicep can help you in this journey. This is a bit different perspective to strengthen your resource/workload compliance on Azure using IaC approach.
Please, keep up the good work by securing your organizational and customer cloud environments!
I have been getting a strange error on the Azure Bicep Insert functionality on my laptop, while it was working as expected on my work laptop.
Thus, I started to compare Azure Bicep versions and extension plugin versions on VS Code. Even though, both have the same versions, I was getting the following errors:
ChainedTokenCredential failed due to an unhandled exception
“Caught exception fetching resource: The ChainedTokenCredential failed due to an unhandled exception: Azure CLI authentication failed due to an unknown error. See the troubleshooting guide for more information.”
After a couple of hours of troubleshooting, I was getting a different error:
“Caught exception fetching resource: The ChainedTokenCredential failed due to an unhandled exception: Azure PowerShell authentication failed due to an unknown error. See the troubleshooting guide for more information.”
First thing first, I have eliminated the possibility of Azure authentication not working on my VS Code, by running the following commands and seeing the results:
Issues that helped to dig for a fix
I was seeing an error: “The system cannot find the path specified.”. This was in my Windows Command Prompt and PowerShell consoles.
Here are the screenshots of the errors that I was seeing:
Resolving path issues
First, I checked all my paths in Environment Variables on my Windows laptop, and there were 1-2 unresolved paths that I removed.
Cleanup of the Registry AutoRun
The next step was removing any Auto Run values that I may have in Win Registry. This last step was helpful to resolve all the errors on Windows Command Prompt and PowerShell.
In Summary
At the end of the troubleshooting and after a couple of hours of banging my head into the wall, I was happy that the Path and “ChainedTokenCredential failed” issues had been resolved.
Thank you for reading my post and I hope this post has helped you to troubleshoot the issues that you may have.
If your issue is still not resolved after following my post, please reach back to me.
In this post, I will be addressing a common an error that could be seen in your GitHub actions, once in a while, called “Error: Az CLI Login failed. Please check the credentials and make sure az is installed on the runner”.
I am very glad to announce the latest stats and progress on our community repo “Awesome Azure Bicep”!
What is Awesome Azure Bicep
This is a GitHub repo that helps you to learn and discover resources that are helping you with the adoption of Azure Bicep – a new #infrastructureascode approach to manage Azure resources.
As I mentioned in a previous post, we are in a festive December month with a great event! The Festive Tech Calendar is in a full swing and presents new sessions to everyone, every day.
If you missed my live session, No problem. I have recorded it and you can re-watch it 🙂
Check this session below, if you want to learn important things on how to configure your Azure Bicep environment and use Azure security resources with them!
I hope you are all excited about the upcoming special, a month-long event. The Festive Tech Calendar 2022 Session details are coming soon!
This year, organizers are aiming for something a bit different and more joyful. It will be a joyful learning experience throughout the month of December as the event will bring you much new content from different speakers and communities around the globe.
We are presenting
Awesome news came from the Festive Tech Calendar, as I am presenting this year too, with the recent content on Azure Bicep configuration details.
Thank you, organizers, I will be doing a session with a holiday theme to help our community members with configuring the Azure Bicep development environment.
Bicep – a new 
Check out a curated list of blogs, videos, tutorials, code, tools, scripts, and anything useful to help you learn 
and 40+ 
from the 
