Question about support of some resources via ARM - azure

I am about to publish an app on Azure Market Place and I am trying to create a "Test drive".
My application is based on several Azure resources :
App Service (webapp + api)
Azure search index
Azure storage
SQL Database
PowerBI Embedded
My question is: Are these resources all supported via ARM?
(especially the creation of an azure search index and PowerBI Embedded "linked" to a PowerBI account)
Thank you.

The resources except Azure search index are all supported via ARM.(Azure search service is supported)
For the ARM templates of them, you could refer to the Reference in this link. Also, in the portal, you could check them when you creating the resource in Automation options of the creation blade after filling the properties.

Related

How to find out Azure resources using ResourceGUID from an Azure invoice

I have an Azure invoice from Microsoft sponsorship. In that, I can see the details of the usage of Azure services using an identifier called "ResourceGuid". Is it possible to find out the resources in the Azure console using the identifier "ResourceGuid"?
I've checked the normal resource pages and couldn't find a mapping between the identifier in the invoice and the details in the Azure console. Is there a possible way?

My Dashboard in Azure for App Services outage

I am working on a custom Dashboard in Azure. My Application is hosted in an APp Service. If App services is down at Microsoft end, i want to show a Red Dot in my dashboard.
KUSTO will work here?
Some API calls i need to do and some Programming to create dashboard?
Please guide me
You can create the Azure dashboard using template deployment in which Azure offers the ability to orchestrate the deployment of multiple resources.
Once the required resources for Azure Dashboard can be configured in template ARM template format, you can deploy using REST APIs, PowerShell, Azure CLI and Azure Portal template deployment.
This Microsoft Documentation helps you to create the Azure Dashboard using the Sample Templates given.
You can enable Health checks for your App Service using Azure Monitor App and that you can bring on Azure Dashboard to see your app service is up or down in the form of graph.
Source: Azure Service Health Dashboard

Is there a list of Azure services supported by Azure Resource Manager?

Is there a list of Azure services that can be initiated by Azure Resource Manager templates?
And are there sample templates available?
Is there a list of Azure services that can be initiated by Azure
Resource Manager templates?
Almost every service in Azure can be initiated by ARM templates. Only exceptions are the services that have "Classic" in their name (Classic Storage Account, Classic Cloud Service for example).
And are there sample templates available?
You can find the sample templates (at least the schema and some quick start templates) for all Azure Services here: https://learn.microsoft.com/en-us/azure/templates/.

Can non-administrative users be provisioned in Azure SQL via an ARM template?

Most of the sample ARM templates I find for deploying an Azure App Service + Azure SQL database end up configuring the connection string for the web app using the administrator login credentials provided when creating the Azure SQL Server (this one from Microsoft, for example). I've also seen the App Service configured for Managed Identity and then that user granted administrative access over the Azure SQL instance via AAD.
I'd never want to provision a production application this way, but I can't find examples in a more secure configuration.
The only other info I find about provisioning non-admin users is via SQL after the Azure SQL instance is already up. This means I have to add another step outside of my ARM deployment to get my system fully functional.
As of the time this question was written, running custom Powershell scripts as part of an ARM deploy is in preview and that could be a path forward, but it's not ideal.
Can non-administrative users be provisioned in Azure SQL via an ARM template, without resorting to PowerShell?
If you want to create non-administrative users in Azure SQL database via arm template, it is impossible. Because Azure ARM template team just defines Administrators type and does not define user type or user property in server. We just can create SQL Admin or Azure AD Admin via ARM template. For more details, please refer to here and here
So if you want to create non-administrative users, you need to write custom scripting.
If you want to create the users as part of a template deployment, you can use the deploymentScripts resource to run TSQL or any arbitrary script:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template?tabs=CLI
If you want to do it as part of the declaration of the Microsoft.SQL/servers resource, no you can't (as Jim mentioned).

How can I allow other users to deploy to my Azure cloud services?

I created an empty Azure cloud service and I want to allow other developers to deploy to it. So far the only route I can see is adding the developers as Azure subscription administrators. I would rather give them more specific access to the cloud services only.
No such functionality exist today which will allow you to grant/revoke permissions at the cloud service level. Once a developer is provided access to the subscription, they would have access to all the resources under that subscription.
There's a REST API behind cloud service deployments and all the tools (including Windows Azure Portal and Visual Studio) consume this API for creating deployments. One possible solution would be to build your own solution consuming this API. In this solution you will implement access control based on your requirements so that when your user use this service, they will only see the cloud service they're assigned to and can only manage that cloud service. There's a managed library for consuming this API. You can find more information here: http://www.bradygaster.com/post/getting-started-with-the-windows-azure-management-libraries.
It seems that if the original developer downloads the publish profile from Azure (it's an xml file that with a .PublishSettings extension), you can copy the userPWD from that file, give it to another developer and they can paste it into the password field in the Connection section of the Publish dialog.
The userPWD is a string that looks something like this:
EFFCLfDqDKHlXcA2YDZPvX4BZXWFaobxaLN0aPJd4HCfa8WxlqEkt2yywBsx

Resources