π« How to reach me:
I am a cloud domain architect, mentor, and cloud advocate with over 20 years professional experience. I specialise in designing and building enterprise applications and solutions, principally in the Azure Cloud. I love a challenge and I'm skilled at progressing from a simple proposal into a well-defined and deliverable solution.
I live and work in Melbourne, Australia, but over my careeer I have lived and work in Singapore, Japan and USA (North Carolina).
Terraform has been my new favourite bit of tech in the last few years - solves so many problems of those "infra" issues in a simple elegant way.
Looking forward to full Terraform support in AZD, that will then allow to combine infrastructure provisioning and application deployment in the same GitHub Action / ADO Pipeline, with something like
## Provision Infrastructure
azd provision
## Deploy Application
azd deploy
### or do both, with
azd up
Developer Portal : https://devportal.microsoft.com
DevBox Portal : https://devbox.microsoft.com/
Azure Portal : https://portal.azure.com
Preview Azure Portal : http://preview.portal.azure.com/
RC Azure Portal : http://rc.portal.azure.com/
APIM CheatSheet : https://github.com/Azure/api-management-policy-snippets/blob/master/policy-expressions%2FREADME.md/
Azure : https://learn.microsoft.com/en-us/azure/architecture/icons/
Power Platform : https://learn.microsoft.com/en-us/power-platform/guidance/icons
Dynamics 365 : https://learn.microsoft.com/en-us/dynamics365/get-started/icons
Microsoft 365 : https://learn.microsoft.com/en-us/microsoft-365/solutions/architecture-icons-templates?view=o365-worldwide
Terraform Awseome : https://github.com/shuaibiyy/awesome-tf/blob/master/README.md
Provider: Azure : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Provider: Entra : https://registry.terraform.io/providers/hashicorp/azuread/latest/docs
Provider: AZAPI : https://registry.terraform.io/providers/hashicorp/azuread/latest/docs
Provider: PPlatform : https://registry.terraform.io/providers/microsoft/power-platform/latest/docs
Please use OIDC Federation (OpenID Connect) for better security, that way you require no secrets or certificatres to expired or get compromised.
Setting up Terraform Azure provider to use OIDC Federation
Setting up Terraform Entra ID provider to use OIDC Federation
Setting up Terraform Power Platform provider to use OIDC Federation
## Example: Add a Federation identity for GitHub to an Azure Application
resource "azuread_application_federated_identity_credential" "example_federation" {
for_each = github_repository.example
display_name = "fedcred-example-github"
application_id = azuread_application.yourapp.id
audiences = ["api://AzureADTokenExchange"]
issuer = "https://token.actions.githubusercontent.com"
description = "Federated identity for ...."
## permission for just the main branch
subject = "repo:${each.value.full_name}:ref:refs/heads/main"
## permission for the GitHub environmnet
subject = "repo:${each.value.full_name}:environment:${var.environment_name}"
}
## Example: Add a Federation identity for GitHub to an Azure User Managed Identity (UMI)
## This works, even if you don't have the ability to created applications within Entra ID
resource "azurerm_federated_identity_credential" "example_federation" {
for_each = github_repository.example
name = "fedcred-example-github"
resource_group_name = azurerm_resource_group.example.name
audience = ["api://AzureADTokenExchange"]
parent_id = azurerm_user_assigned_identity.example.id
issuer = "https://token.actions.githubusercontent.com"
## permission for just the main branch
subject = "repo:${each.value.full_name}:ref:refs/heads/main"
## permission for the GitHub environmnet
subject = "repo:${each.value.full_name}:environment:${var.environment_name}"
}