Our school has an Imagine subscription, which allows lecturers and students to sign up for Azure for Students.
Now we would like to create a HTML5 web service as described in this tutorial: https://learn.microsoft.com/en-us/azure/app-service-web/app-service-web-get-started-html
The problem is, that we can not use Cloud Shell, because it keeps asking for Microsoft.Storage, which is apparently not included in Azure for Students?
How could we resolve this problem and succeed with the above mentioned "HTML5 web app tutorial" with our "Azure for Students accounts"?
Best regards, AndrĂ¡s
The Cloud Shell is a convinient feature, but not a requierment to go through the sample.
You can install the Azure CLI localy to your machine:
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli
Once you have the CLI installed, you can run the same commands locally from your machine. This does not require you to have a storage account.
Bryan is correct in his posting above, you should be able to complete your web apps scenario without Cloud Shell.
That being said, unfortunately the Imagine subscription is not enabled to provision cost-incurring resources. As a result you are correct you cannot access Cloud Shell without the pre-req of an Azure File share. However you can create an Azure free trial that provides credits to provision cost-incurring resources and thus would enable you access to Cloud Shell.
Related
I want to create an automation demo for customers, where I have a single page web app with a couple of input text fields, and the inputs get used as parameters in the creation of an Azure Resource Group and VNETs/VMs/etc within the Resource Group.
I can do all of the above with Azure CLI (v2.0) on my laptop, and also from CLI using a Azure CLI in a bash script on a Linux server, but I wanted something web-based. I considered standing up a web page on the Linux server to call the bash script, but that seems a bit painful (especially with permissions etc). I also thought maybe Azure Functions could provide a solution to host the single web page app and call the Azure CLI commands, but I've never used Functions before so not sure if Functions can do this; the description of Functions' capabilities aren't clear to me.
What is the best way to achieve what I'm after, quickly?
Note I'm not a developer, I'm a network engineer, so whilst I can hack around in a few languages from Notepad and vi, I'm not looking to build something in a full SDK, or have something with enterprise-level reliability, version control, etc. This is really all about proof of concept and web-based demo of something I already have in Azure CLI / bash script.
Thanks in advance :-)
For a quick and relatively dirty way, you could create an Azure Runbook (using the scripts created from the Azure Portal) and invoke using the Automation API This could use the scripts (or close to) what you already have.
When you roll out a new service in Azure you get the option now to download the Automation Script, you can then follow this article to deploy the generated script via a runbook
To follow on from Jamie's idea.
You can code your Azure Cli script (or Powershell) into an Azure Automation Runbook, you can have variables etc to access it with.
You can then attach a webhook to that runbook, and call it from a standard HTTP Post request.
Meaning you could create a HTML form, that would pass whatever variables are required and build whatever is needed.
The downside of this would be that you will be creating it on your infrastructure.
You can have a solution that will deploy to someone else's infrastructure with a deploy to Azure button
This lets you host it in Github etc, it takes a bit more knowledge to make it work but saves your account dollars!
Having read
"The Microsoft Antimalware Client and Service is installed by default in a disabled state in all supported Azure guest operating system families in the Cloud Services platform.
...
When using Azure Websites, the underlying service that hosts the web app has Microsoft Antimalware enabled on it. This is used to protect Azure Websites infrastructure and does not run on customer content."
here: https://learn.microsoft.com/en-us/azure/security/azure-security-antimalware
it appears that although the underlying execution environment is scanned and protected, nothing prevents the deployment of infected files (contrary to the response given here: https://stackoverflow.com/a/44805995/8354791).
And therefore the service needs to enabled.
It also appears this can only be done so via powershell, using the Set-AzureServiceAntimalwareExtension command, as per https://stackoverflow.com/a/25847270/8354791 and Powershell: Add Diagnostics/Antimalware to Azure PaaS Cloud Service using ExtensionConfiguration Parameter
Q: the link is a bit old (2015). Is powershell still the only way to turn on debugging for an App Service?
Q: is the analysis of the above text correct that MS is scanning its own environment, but exclude the scanning of files deployed to their services?
Q: is there a cost to enabling this service?
Q: What is the relationship to Malware Assessment (https://learn.microsoft.com/en-us/azure/log-analytics/log-analytics-malware)? Is that a more current way of scanning Web Apps?
Q: this is a manual approach, using Powershell. Is there a link to understanding how to enable this service using an CI/CD deployed ARM template?
Q: I see this service is mentioned as a solution for scanning deployed code files -- but can this service be used to scan Blobs where uploaded media would be stored?
I know I've asked a lot of questions...but hopefully you agree they are all tightly related...
Thanks immensely!
Azure App Service is a managed platform. Microsoft Antimalware Client and Service is enabled by default on app service instances, there is no user action that allows enabling/disabling this feature for apps hosted in App Service.
All of the documentation you are referencing is about "Azure Cloud Services" and "Azure VM's" and not Azure App Service. Here is the security documentation for Azure App Service: https://learn.microsoft.com/en-us/azure/app-service/app-service-security-readme
Malware Assessment is part of OMS suite and its an additional tool for managing large deployments and detecting instances that might be affected by malicious code.
Runbooks can be used to stop/start classic and ARM Virtual Machines in Azure.
Is this also possible from an Azure Function?
Some good news to update this thread. You will be able to do that now in Azure Functions. The steps are documented here based on HTTP-triggered Functions.
Azure Function role like permissions to Stop Azure Virtual Machines
You may switch out the trigger type to fit your use-case.
See Ling's response above. We've addressed this now. :)
It's not currently possible to do this via the Azure PowerShell commandlets in Azure Functions. You can write against the Azure C# SDK or use the x-plat CLI (if you bring it yourself, as it isn't installed by default). You'll need to upload a cert or use a service account to perform those actions.
FYI - I'm on the Functions team and we're working on improving this story, in the near future. I'll update this answer once it's been made possible.
You can either use the Azure REST API from here -> Docs or make use of the SDK to do the operations.
Is it possible, using the Azure portal or some other means, to export the subscriptions configuration, for example as an XML file?
I mean things like details of web sites / roles, virtual machines, the size of the machines etc?
Then I could export every day and use a diff tool to check nothing has changed by mistake....
Just thought I'd ask before I write a giant PowerShell script.
I agree this would be a nice feature to have. It's often easier to build out the environment via the portal, but copying that from one tenant (dev) to another (prod) would be much faster and easier if it could be exported to JSON or XML and processed via PowerShell.
Azure Resource manager however does not support resources like Cloud Services, API Management, Mobile Services, Azure Scheduler, Azure Automation, Azure Active Directory, Recovery Services, Media Services, etc. ...
So the summary is - No, there is no such service yet to help you export all your subscriptions configurations.
If you just look for Virtual Machines and Web Sites, then Azure Resource Manager may be in help. But if you look for a complete backup - there is no way to easily achieve this today (2015-03-17).
Probably you could write some Powershell script combining the power of Azure Service Management + Azure Resource Manager, but frankly I am not really sure whether that would also help.
I created my custom Azure Worker Role. This code is ready. What I'm trying to do is to create instances of this Azure-Worker-Role in specific Azure data-center, at the requested time. For example, I'm want to send command to Azure to create 10 instances of my Custom-Azure-Worker in West-Europe data-center - now.
It's important to pass this command also a parameter that will be the input problem to be solved by my workers.
I pretty sure that this automation task must be covered by Azure automation. Is that true? Looking for more information\directions.
Thank you!
You can use Azure Management Libraries to create and deploy your cloud services from C# code. Just create application (eg ASP.NET MVC) to manage your cloud services by sending commands and deploy it also on Azure or even keep it locally.
See this article for more details http://www.bradygaster.com/post/getting-started-with-the-windows-azure-management-libraries
You'll want to leverage the service management API to spin up and tear down roles. It can be accessed any number of way, including directly via REST.
RE: providing a parameter to the worker role, one option is leveraging the cloud service configuration file that you provide with the cspkg. Define specifics for the role there.
Depending on the complexity or simplicity of your scenario, you may also get away with simply having a table in storage that you personally poke with desired configuration values and that the worker can read to retrieve.
The Azure Automation service should definitely be able to automate this task for you. Anything you can script via the Azure PowerShell module, can be imported as a runbook and called manually, via a third-party system, or on a schedule in Azure Automation.
Whether there is an existing runbook for the specific task you are looking to automate, I do not know. But Azure Automation has a gallery of community-contributed content for many common processes, so this may be available there.