Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I am a bit confused about using Azure Logic Apps vs Azure Automation to manage jobs for Azure Database. Which product should I use for Azure SQL Database?
Reference what #Aravind said, Azure Logic Apps is for managing a workflow. It is more powerful than Azure Automation.
Azure automation is for creating runbooks to automate tasks like deployment, updates using powershell scripts, python scripts.
Due to SQL agent jobs those are available only in Azure SQL Managed Instance.
If you are using Azure SQL, there are multiple ways to run automated scripts on Azure SQL Database as below:
Using Automation Account Runbooks.
Using Elastic Database Jobs in Azure
Using Azure Data factory.
If you are running just one or some simple scripts, I would suggest you to take a look into Automation Account Runbooks.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 months ago.
Improve this question
I am trying to implement azure cloud services extended support thorugh terraform.
I have checked the official documentation and did not find any existing code to implement it.
Can you check to let me know if it possible to implement it through terraform
I also Search for that there is no document to create Azure Cloud Service (Extended Support) using terraform.
Cloud Services (extended support) is a new Azure Resource Manager
(ARM) based deployment model for Azure Cloud Services. Azure Cloud
Services is a platform as a service (PaaS) offering that allows you to
quickly deploy and manage powerful applications and services. It
manages provisioning, load balancing, and health monitoring.
This is new Service in Azure so this might be the reason I think currently azurerm terraform does not cover extended version of Cloud Service feature. You can raise a discussion in Github for the same request.
https://github.com/hashicorp/terraform-provider-azurerm/issues/11234
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
Net core application and my application communicates to various azure resources such as Storage Account V2. My app is deployed into azure app service. I have various ways for my web app to connect to storage account. Out of them first way is using connection string like below
CloudStorageAccount storageAccount = CloudStorageAccount.Parse(_azureStorageClient.AzureStorageAccount03ConnectionString);
In the above code I am passing connection string. I can get connection string from azure key vault and I can avoid hard coding of connection string in appsettings.json. This is secured I can understand but If someone changes or regenerates access key in storage account accidentally then my app will not work.
I found one more way using app registred in azure portal and give RBAC in storage account.
TokenCredential credential = new ClientSecretCredential(
_authenticationConfig.TenantId, clientId, _authenticationConfig.ClientSecret, new TokenCredentialOptions());
In this way also I can avoid using connection strings and based on roles I can access storage account. But in this case also I will end up with managing client secrete and client id in code/key vault.
I found last option which is using managed identities. I feel this is more reliable way so far.No secretes in code nor in keyvault. This is all my understanding and I am in conclusion that third way is more reliable and I am trying to implement through out the application. So I want to know all my understanding is correct and I can get rid of first two ways and go with third approach and it does not have any problems? Can someone help me weather I am in correct understanding or If I have understood the things in wrong way then someone can help me to design best practices? Any help would be appreciated greatly. Thanks a lot
Where possible do use managed identities as they allow you to access azure resource withouth having to expose secrets. An early blog post by microsoft states:
Your code needs credentials to authenticate to cloud services, but you want to limit the visibility of those credentials as much as possible. Ideally, they never appear on a developer’s workstation or get checked-in to source control. Azure Key Vault can store credentials securely so they aren’t in your code, but to retrieve them you need to authenticate to Azure Key Vault. To authenticate to Key Vault, you need a credential! A classic bootstrap problem. Through the magic of Azure and Azure AD, MSI provides a “bootstrap identity” that makes it much simpler to get things started.
Here is an overview of the supported services. As you can see most services do support managed identities.
Here is a step-by-step tutorial that shows you how to connect to azure storage using managed identities.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am trying to connect Azure DevOps with Azure KeyVault by whitelisting the IP addresses of Azure DevOps into the key vault. Now I need to add the service tag of Azure DevOps into KeyVault. I am following the below process to do it. Please correct me if I am wrong?
Create a Network Security Group
Click on Inbound security rules
Click on Add button to add a rule
Select Source as “Service Tag”
Select the Souce service tag as “AzureDevOps” (unfortunately this tag is not available).
Please let me know how can I add the Service Tag of Azure DevOps in the Network security group and map the Network Security Group with Azure Key Vault?
As of today they are available on the Portal (18-11-2021)
Original reply
You can't. Azure Devops Service Tag is not available from the Portal
Info taken from documentation.
Now that a service tag has been set up for Azure DevOps Services, customers can easily allow access by adding the tag name AzureDevOps to their NSGs or firewalls programmatically using Powershell and CLI.
Here os the info on the blog.
And what is important here is:
The Service Tag does not apply to Microsoft Hosted Agents. Customers are still required to allow the entire geography for the Microsoft Hosted Agents. If allowing the entire geography is a concern, we recommend using the Azure Virtual Machine Scale Set Agents. The Scale Set Agents are a form of self-hosted agents that can be autoscaled to meet your demands.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
I have set up Azure API management in front of the Azure kubernetes application APIs and would like to place Azure App Gateway in front of the Azure API management, how would I do this?
You could refer to this doc - https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway
This article covers how to use a single API Management service for both internal and external consumers and make it act as a single frontend for both on premises and cloud APIs. You will also see how to expose only a subset of your APIs (in the example they are highlighted in green) for External Consumption using routing functionality available in Application Gateway.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
Microsoft strongly recommend to use Microsoft Graph instead of Azure AD Graph API to access Azure Active Directory resources
There are a very limited number of scenarios for which Azure AD Graph API might still be appropriate according to this post written in 2017 May.those Gaps between Microsoft Graph and Azure AD Graph still exist ?
Yes.
For example Applications and Service principals are only available on the beta endpoint for MS Graph API.
And the beta endpoint is not recommended to be used in production applications.
So if you need to make automation related to app registrations, permissions etc., AAD Graph is still the way to do it safely.