The DevOps Jedi

Taking the cloud by storm one line of code at a time....

Welcome To My Blog

2023-01-011 min readDarren Johnson

One of my goals for 2023 was to start a blog so I could keep all my notes in one place, and that would then allow me to share the content with the cloud community and hopefully benefit others who are embarking on the same journey.

I plan to capture my thoughts on technologies I use in my day job, and those I evaluate and use in my own time.

Continue Reading...

Deleting An Azure Resource That Is Stuck In A 'Deleting Resource' Status

2024-08-194 min readAzureDarren Johnson
I have recently been working with some of Azure’s Artifical Intelligence (AI) resources, and had built out a lab in Terraform only to find when destroying it the resource was stuck in a ‘Deleting Resource’ state. I wasn’t able to remove it via the portal or via Terraform & couldn’t find a solution online either. So this post is to capture what I did in the hope it helps someone in the future.Continue Reading...

Creating A Modern Azure Diagnostics Policy That Generative AI Couldn't - Yet!

2024-07-2315 min readGovernanceDarren Johnson
I have recently been working with an organisation who wanted to improve their security posture in Azure by using Azure Policy to configure Diagnostic Settings for their Azure resources at scale. They wanted to make use of Category Groups to dynamically collect all available logs and metrics and simplify the policy logic so it could be reused across multiple resources. I thought ‘that sounds simple enough as there will be a built in policy that does all that’, but there wasn’t, so I set to work.Continue Reading...

Modifying An Existing Azure Policy

2024-07-1410 min readGovernanceDarren Johnson

There may well come a time when there isn’t a Built In Azure Policy that meets your needs, and you need to either modify an existing policy, or create new a policy from scratch. Creating custom policies should always be a last resort, as the BuiltIn policies Azure provides are kept up to date and version controlled by Microsoft. As soon as you create a custom policy, you are responsible for maintaining it when capability is added or deprecated.

Continue Reading...

Exporting Azure Management Group Activity Logs

2024-03-124 min readIaCDarren Johnson

I’ve been working with Management Groups a lot recently in my day job and have really seen the benefit of being able to enforce governance by assigning RBAC roles and policies once, and have all new subscriptions inherit them. However, I soon realised there was no way in the Azure Portal or the native Azure RM Terraform provider to export the Activity Logs to a Log Analytics Workspace for use with Sentinel, so I decided to figure out a solution to this.

Continue Reading...

How I Protect Secrets In Terraform Configurations

2023-01-213 min readDarren Johnson

I have already touched on the importance of Terraform state in a previous post, but I wanted to expand on this from a security perspective.

Let’s get this out the way now, Terraform stores secrets in its state file in plain text! There I said it.

So how do I protect against secrets being revealed that could allow an attacker to compromise my systems? Well, I use a defence in depth strategy in a number of ways.

Continue Reading...
Older Posts