Those pages by Guillaume Bordier try to collect different assets and explanation, usually supported by scripts or home-made tools.
Old command line tools pre-dating powershell and originally built for very old version of Windows, most of those still work and several have been updated along the years such as fileacl
While I am a huge adept of my collegue CloudTrooper and his extensive blog about Azure networking, I sometile need to dig myself into things to make sure I understood them well. I recently had to go to a project where private networking was a new requirements and it was not clear for everyone what it meant. Check out this article about Private Endpoint / Service Endpoint / Azure Network Perimeters
In my job, we are often asked to swtich azure subscriptions, I carry a bulk of old VMs for advanced testing purposes or repro of customer situations, so I finally came up with a good script to Copy my vm from one place to another.
CopyVMCrossTenant is a tool to copy Azure Virtual Machines from One Tenant to the Other while doing some modifications
These days, running pwsh on Linux has never been so easy, there are still several ways of doing this. Microsoft documents this here
On ARM machine such as Rasberry PI it can be a bit more tricky and you may need to rebuild it from scratch, but it works well after that.
the easiest way I found is to actually run it inside docker, the microsoft [repository](https://mcr.microsoft.com/powershell However for distributions such as debian on ARM (raspbian) those distribution do not work, but we can use the SDKs images instead such as.
docker run -it mcr.microsoft.com/dotnet/sdk:9.0 pwsh
which will run pwsh nicely.
Entra ID (formerly known as Azure Active Directory) is the Identity provider for all Microsoft Cloud workloads.
Background : the azurerm provider handles azure resource manager API interaction for terraform. authentication always has been a weird topic with the mix of interactive, service principal, managed service identity and the backend (handling terraform state) somewhat using different mechanism. now with the advent of terraform v1.11 and azurerm provider starting at around version 4.0.
Now Azure CLI (az login) can be used to authenticate both to azure backend and azurerm provider and azapi provider, including service principal authentication with federated credentials. simply put, terraform developper can now test their code from the command line using az login and use the federated authentication with github action using the AzLoginv2 task without changing a single line of tf code. a demo for this is in my azurerm test repo a short summary here
- name: Azure login
uses: azure/login@v2
with:
client-id: $
tenant-id: $
subscription-id: $
enable-AzPSSession: false
- name: 'init terraform'
working-directory: "tf"
env:
ARM_SUBSCRIPTION_ID: $
ARM_USE_AZUREAD: true ## to acces TF backend storage account with Entra ID
run: |
terraform init -backend-config="use_azuread_auth=true" \
-backend-config="storage_account_name=$" \
-backend-config="resource_group_name=$" \
-backend-config="container_name=$" \
-backend-config="key=tfstate.${currentmodule}"
- name: Terraform Plan
working-directory: $
env:
ARM_SUBSCRIPTION_ID: $
ARM_USE_AZUREAD: true ## to acces TF storage account
run: |
echo "using configfile $"
terraform plan -var-file=../$ \
-out="out.plan"
- name: Terraform Apply
working-directory: $
env:
## this replaces -backend-config setup for OIDC
## no need to give the CLIENT ID, USE_OIDC everything is inherited from the az login
## terraform retrieves the access token from "az account get-access-token"
ARM_SUBSCRIPTION_ID: $
ARM_TENANT_ID: $
ARM_USE_AZUREAD: true ## to acces TF storage account
run: |
terraform apply ./out.plan