Exporting Azure Management Group Activity Logs
I’ve been working with Management Groups a lot recently in my day job and have really seen the benefit of being able to enforce governance by assigning RBAC roles and policies once, and have all new subscriptions inherit them. However, I soon realised there was no way in the Azure Portal or the native Azure RM Terraform provider to export the Activity Logs to a Log Analytics Workspace for use with Sentinel, so I decided to figure out a solution to this.
Continue Reading...Creating A Working Powershell Based Azure Function With Terraform
This is a post I’ve wanted to write for a while, but was one of those side projects I’ve picked up and put down a few times due to other priorities getting in the way. This idea came about because I wrote a PowerShell script to perform some housekeeping actions in Azure and I wanted it to run unattended on a scheduled basis.
Continue Reading...How I Protect Secrets In Terraform Configurations
I have already touched on the importance of Terraform state in a previous post, but I wanted to expand on this from a security perspective. Let’s get this out the way now, Terraform stores secrets in its state file in plain text! There I said it. So how do I protect against secrets being revealed that could allow an attacker to compromise my systems? Well, I use a defence in depth strategy in a number of ways.Continue Reading...How I Minimise Terraform Admin Effort & Manage The Constant Change
In a previous post I explained why I don’t advocate the use of child modules, but I wanted to quickly explain how I keep Terraform admin overhead to a minimum when creating standard resources whilst also working with the constant rate of change that cloud brings.
Continue Reading...