Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Easy Auth | Function App with Azure API Management

Overview The recent work that I have been doing with Function Apps and linking them as backends to Azure API Management has relied on the use of the Function Apps Function SAS key for security. This is a valid authentication approach, but there are risks that you need to be aware of as well as best practices that you need to be abiding by. Such as: Some Potential Risks:

Azure API Management | Function App Backend

Overview Following on from a previous set of posts from earlier this year where I detailed how to securely implement Logic App Standard backends in Azure API Management, there has been questions on how this would be achieved in a similar manner with Azure Function Apps. To read-up on how this was achieved with Standard Logic Apps have a look at the following: Azure API Management | Logic App (Standard) Backend Azure API Management | Logic App (Standard) Backend Using a Swagger Definition Easy Auth | Standard Logic App with Azure API Management At a high level comparison with Azure Logic Apps, Azure Functions are a developer-centric serverless compute offering allowing authors to write code in languages such as C#, Java, Javascript, Python, and PowerShell.

Speaking | Azure Security Do's and Don'ts: A Developer's Checklist for Secure Azure Applications

I recently had the privilege to be hosted on the Azure on Air podcast by the Turbo360 team. I had a great conversation with Lex discussing the importance of a “security first” mindset in the world of Azure solutions, and how this mindset should be carried out as a priority in every stage from Requirements Gathering, Design, Development, and Release. During our time together we discussed topics such as:

webpack | Build Time Environment Variables With Azure DevOps Yaml CI/CD

Problem Space One of my recent projects has involved the use of a static module bundler called webpack to bundle a typescript site so I can serve static content from a Static Web App in Azure. For a while now the site content has not deviated between environments [ dev / test / prod ] and therefore we have simply built and bundled the site for deployment. Recent changes however have required that there be some deviation between environments, at which point the question raised, at what point should this deviation be set or retrieved?

Azure Role Based Access Control (RBAC) | Removing Orphaned Role Assignments

Problem Space Deploying solutions into Azure that rely on Role Based Access often involve us creating IaC automation for the assignment of roles, such as: A services access to Key Vault A services access to a Key Vault specific secret A services access to a storage account A services access to a Service Bus Queue or Topic In many of these instances we may wish to leverage the source resource identity (System Assigned Managed Identity) for the assigned access.