{"id":1788,"date":"2023-03-16T13:18:20","date_gmt":"2023-03-16T13:18:20","guid":{"rendered":"https:\/\/thecloudmarathoner.com\/?p=1788"},"modified":"2023-03-19T04:57:04","modified_gmt":"2023-03-19T04:57:04","slug":"zero-to-hero-secure-iac-with-bicep","status":"publish","type":"post","link":"https:\/\/thecloudmarathoner.com\/index.php\/2023\/03\/16\/zero-to-hero-secure-iac-with-bicep\/","title":{"rendered":"Zero to Hero: Secure IaC with Bicep"},"content":{"rendered":"\n<p>Hello dear friends,<\/p>\n\n\n\n<p>I would like to welcome everyone who is landed&nbsp;on this page to check out the Azure Spring Clean 2023 event and Learn new cloud skills!<\/p>\n\n\n\n<p>Before kicking off the topic, I would like to start with a \u201cTHANK YOU\u201d message for the organizers of the event; especially for Joe, Thomas, and everyone who is involved in making this event a successful experience&nbsp;for everyone!<\/p>\n\n\n\n<p>Note:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Introduction<\/h4>\n\n\n\n<p>In the spirit of Azure Spring Clean, we will explore how to organize Azure Security Services using the infrastructure-as-Code (IaC) approach with Azure Bicep.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"565\" src=\"\/wp-content\/uploads\/2023\/03\/image-2-1024x565.png\" alt=\"\" class=\"wp-image-1790\" srcset=\"\/wp-content\/uploads\/2023\/03\/image-2-1024x565.png 1024w, \/wp-content\/uploads\/2023\/03\/image-2-300x166.png 300w, \/wp-content\/uploads\/2023\/03\/image-2-768x424.png 768w, \/wp-content\/uploads\/2023\/03\/image-2-1536x848.png 1536w, \/wp-content\/uploads\/2023\/03\/image-2-1200x663.png 1200w, \/wp-content\/uploads\/2023\/03\/image-2.png 1936w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p>We will look into how you could declaratively define and deploy your Azure security resources including Azure Policies to tackle real-world business problems. So, get yourself ready for simple yet powerful demos that will turn you into a hero.<\/p>\n\n\n\n<p>And don&#8217;t worry, if you are new to Azure Bicep as we will have a super express introduction to this new IaC language to get you started with fundamentals.<\/p>\n\n\n\n<p>By the way, if you are super new to Azure Bicep then please check the following YT recording &#8211; <a rel=\"noreferrer noopener\" href=\"https:\/\/youtu.be\/pm6acRazNfI\" target=\"_blank\">&#8220;What is new in Azure Bicep language?&#8221;<\/a><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"What is new in Azure Bicep language? - Azure back to School\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/pm6acRazNfI?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">What is Azure Bicep<\/h4>\n\n\n\n<p>Azure Bicep is a new declarative Domain Specific Language (DSL) for provisioning Azure resources. The purpose of Azure Bicep is to <strong>simplify<\/strong> the resource creation and management experience with a cleaner syntax and more code reuse.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"632\" src=\"\/wp-content\/uploads\/2023\/03\/image-6-1024x632.png\" alt=\"\" class=\"wp-image-1798\" srcset=\"\/wp-content\/uploads\/2023\/03\/image-6-1024x632.png 1024w, \/wp-content\/uploads\/2023\/03\/image-6-300x185.png 300w, \/wp-content\/uploads\/2023\/03\/image-6-768x474.png 768w, \/wp-content\/uploads\/2023\/03\/image-6.png 1109w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Declaring resources as IaC<\/h4>\n\n\n\n<p>There are many benefits in declaring and managing cloud infrastructure resources as a code. It provides benefits, such as increased compliance, visibility, controlled deployments and versioning of changes that get deployed into your cloud environments. <\/p>\n\n\n\n<p>The following screenshot demonstrates how Azure Bicep declares cloud resources on the left side of the panel:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"534\" src=\"\/wp-content\/uploads\/2023\/03\/image-3-1024x534.png\" alt=\"\" class=\"wp-image-1794\" srcset=\"\/wp-content\/uploads\/2023\/03\/image-3-1024x534.png 1024w, \/wp-content\/uploads\/2023\/03\/image-3-300x156.png 300w, \/wp-content\/uploads\/2023\/03\/image-3-768x400.png 768w, \/wp-content\/uploads\/2023\/03\/image-3-1536x801.png 1536w, \/wp-content\/uploads\/2023\/03\/image-3-1200x625.png 1200w, \/wp-content\/uploads\/2023\/03\/image-3.png 1604w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Organizing cloud resources<\/h4>\n\n\n\n<p>No matter how small or big is your project, taking time to think through the approach of how to organize your digital assets is an important task. In Microsoft Azure, you would need to consider a couple of points while trying to make this decision. Namely, you would need to consider the following factors:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resource Governance approach<\/li>\n\n\n\n<li>Management scopes<\/li>\n\n\n\n<li>IaC management options<\/li>\n\n\n\n<li>Modules, ACR, Template Specs, etc.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"620\" src=\"\/wp-content\/uploads\/2023\/03\/image-4-1024x620.png\" alt=\"\" class=\"wp-image-1795\" srcset=\"\/wp-content\/uploads\/2023\/03\/image-4-1024x620.png 1024w, \/wp-content\/uploads\/2023\/03\/image-4-300x182.png 300w, \/wp-content\/uploads\/2023\/03\/image-4-768x465.png 768w, \/wp-content\/uploads\/2023\/03\/image-4.png 1055w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Azure Policies for governance<\/h4>\n\n\n\n<p>The Azure Policies are assigned with a unique mission to guard the compliance aspect of your cloud resources and workloads. It evaluates resources at specific times (by default happens every 24 hours) during the resource lifecycle changes and the policy assignment lifecycle updates.<\/p>\n\n\n\n<p>Thus, whenever you get a resource created, updated, or deleted within a scope of the monitored compliance, or if you update\/create an Azure policy then the compliance evaluation cycle will determine the compliance of these changes by auditing, blocking, or allowing the action to be performed.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"\/wp-content\/uploads\/2023\/03\/image-5.png\" alt=\"\" class=\"wp-image-1796\" width=\"411\" height=\"215\" srcset=\"\/wp-content\/uploads\/2023\/03\/image-5.png 781w, \/wp-content\/uploads\/2023\/03\/image-5-300x157.png 300w, \/wp-content\/uploads\/2023\/03\/image-5-768x403.png 768w\" sizes=\"auto, (max-width: 411px) 85vw, 411px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Securing storage account options<\/h4>\n\n\n\n<p>Note: this section of the post is in progress&#8230;<br>It will be presented with the screenshots and GitHub repo for you.<br>Stay tuned, and check in a few days \ud83d\ude09 <\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><br>video &amp; Demo &#8211; a sweet combo<\/h4>\n\n\n\n<p>In the video below, I briefly cover the posted information in this blog post which also includes the instructions on how to run the demo and get the scripts to deploy Azure Policies for your Tag Governance scenario.<\/p>\n\n\n\n<p>Without any overdue, here is the video that should be available to you:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Zero to Hero Secure IaC with Bicep - Azure Spring Clean 2023\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/KqhUo_5m_g4?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>The following image is a screenshot from the slide that demonstrates the Bicep code that declares the policy definition and initiative, with the final view of deployment&nbsp;on the Azure portal.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"590\" src=\"\/wp-content\/uploads\/2023\/03\/image-7-1024x590.png\" alt=\"\" class=\"wp-image-1806\" srcset=\"\/wp-content\/uploads\/2023\/03\/image-7-1024x590.png 1024w, \/wp-content\/uploads\/2023\/03\/image-7-300x173.png 300w, \/wp-content\/uploads\/2023\/03\/image-7-768x442.png 768w, \/wp-content\/uploads\/2023\/03\/image-7-1200x691.png 1200w, \/wp-content\/uploads\/2023\/03\/image-7.png 1228w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p><br>Please, feel free to check out the GitHub repo &#8211; <a rel=\"noreferrer noopener\" href=\"https:\/\/github.com\/ElYusubov\/Learn-Bicep\" target=\"_blank\">Learn Azure Bicep<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Summary<\/h4>\n\n\n\n<p>Thank you so much for reading this post and learning about Azure security and compliance and how IaC language Azure Bicep can help you in this journey. This is a bit different perspective to strengthen your resource\/workload compliance on Azure using IaC approach.<\/p>\n\n\n\n<p>Please, keep up the good work by securing your organizational and customer cloud environments!<\/p>\n<div class=\"pvc_clear\"><\/div><p id=\"pvc_stats_1788\" class=\"pvc_stats all  \" data-element-id=\"1788\" style=\"\"><i class=\"pvc-stats-icon medium\" aria-hidden=\"true\"><svg aria-hidden=\"true\" focusable=\"false\" data-prefix=\"far\" data-icon=\"chart-bar\" role=\"img\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\" class=\"svg-inline--fa fa-chart-bar fa-w-16 fa-2x\"><path fill=\"currentColor\" d=\"M396.8 352h22.4c6.4 0 12.8-6.4 12.8-12.8V108.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v230.4c0 6.4 6.4 12.8 12.8 12.8zm-192 0h22.4c6.4 0 12.8-6.4 12.8-12.8V140.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v198.4c0 6.4 6.4 12.8 12.8 12.8zm96 0h22.4c6.4 0 12.8-6.4 12.8-12.8V204.8c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v134.4c0 6.4 6.4 12.8 12.8 12.8zM496 400H48V80c0-8.84-7.16-16-16-16H16C7.16 64 0 71.16 0 80v336c0 17.67 14.33 32 32 32h464c8.84 0 16-7.16 16-16v-16c0-8.84-7.16-16-16-16zm-387.2-48h22.4c6.4 0 12.8-6.4 12.8-12.8v-70.4c0-6.4-6.4-12.8-12.8-12.8h-22.4c-6.4 0-12.8 6.4-12.8 12.8v70.4c0 6.4 6.4 12.8 12.8 12.8z\" class=\"\"><\/path><\/svg><\/i> <img loading=\"lazy\" decoding=\"async\" width=\"16\" height=\"16\" alt=\"Loading\" src=\"\/wp-content\/plugins\/page-views-count\/ajax-loader-2x.gif\" border=0 \/><\/p><div class=\"pvc_clear\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Hello dear friends, I would like to welcome everyone who is landed&nbsp;on this page to check out the Azure Spring Clean 2023 event and Learn new cloud skills! Before kicking off the topic, I would like to start with a \u201cTHANK YOU\u201d message for the organizers of the event; especially for Joe, Thomas, and everyone &hellip; <a href=\"https:\/\/thecloudmarathoner.com\/index.php\/2023\/03\/16\/zero-to-hero-secure-iac-with-bicep\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Zero to Hero: Secure IaC with Bicep&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,2,15],"tags":[],"class_list":["post-1788","post","type-post","status-publish","format-standard","hentry","category-azure-bicep","category-infrastructure-as-code-iac","category-security-governance"],"_links":{"self":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/1788","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/comments?post=1788"}],"version-history":[{"count":11,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/1788\/revisions"}],"predecessor-version":[{"id":1826,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/posts\/1788\/revisions\/1826"}],"wp:attachment":[{"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/media?parent=1788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/categories?post=1788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thecloudmarathoner.com\/index.php\/wp-json\/wp\/v2\/tags?post=1788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}