Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Azure API Management | Logic App (Standard) Backend Using a Swagger Definition

Overview After setting up a Logic App (Standard) Backend in Azure API Management (APIM) in my last post, I wanted to try and see if I could create a Swagger definition from a Standard Logic App which could then be used to simplify the API authoring process in APIM. This post shows my methods of doing so. If you haven’t already I would recommend reading my previous post as this one will be working off of the building blocks of the last.

Posted by Andrew Wilson on Thursday, February 1, 2024

Azure API Management | Logic App (Standard) Backend

Overview Updated [31/01/2024]: See New Post showing methods of linking a Logic App Standard as a Backend to APIM through a Swagger Definition. I have recently been reviewing the method in which a Logic App (Standard) workflow would be setup as an API in API Management. My aim is to overcome and simplify the limitation whereby directly importing a Logic App (Standard) workflow is not available, only in consumption. After some exploration I believe I have identified a configurable and secure method in setting up the front-to-backend routing as can be seen in the diagram below: The overall design aims to abstract the backend from the api operations, i.

Posted by Andrew Wilson on Tuesday, January 2, 2024

Azure RBAC Key Vault | Role Assignment for Specific Secret

Background Azure role-based access control (Azure RBAC) provides fine grained control over access to Azure resources. Azure RBAC is founded on top of the Azure Resource Manager which allows us to provide access authorisation at differing scope levels ranging from the Management Group through to individual resources. With RBAC enabled key vaults we can manage access to the resource and data stored in the vault. We can also manage access for individual keys, secrets, and certificates.

Posted by Andrew Wilson on Wednesday, November 22, 2023

Azure API Management | Unintentional Pass through of Subscription Key Header

Problem Space There is a potential unintentional side effect when you add a APIM subscription key as a header to an inbound request. The header is not stripped from the request prior to being sent to the configured backend service. Rather it is retained. If you manage the backing service and are not concerned with the disclosure of the subscription key, then no problem. However, being overly permissive of this information may make your API more vulnerable to security threats and disallows a separation of concerns.

Posted by Andrew Wilson on Tuesday, November 21, 2023

Bicep | Deployment Scope Hopping

Background An Azure Tenant is hierarchically structured with the following make up: Tenant One or more Management Groups One or more Subscriptions One or more Resource groups One or more Resources Deployment Scopes {Tenant, Management Group, Subscription, Resource Group} allow us to deploy respective types of resources at each level. A Scope is dictated by two attributes, the selected scope level, and the identifier of the item at that scope level.

Posted by Andrew Wilson on Tuesday, April 25, 2023

avatar

Andrew Wilson
Husband - Father - Principal Consultant at Black Marble.

Has a passion for creating software [especially solution integrations] that help others execute their jobs faster and more efficiently.

QUICK LINKS
FEATURED TAGS
api-management apim apim-policy arm azure azure-devops azure-portal bicep biztalk biztalk-deployment-framework btdf dsc fluent-ui git keyvault logic-app logic-app-standard nerd-fonts office-ui-fabric ohmyposh powershell rbac react roles sso storage-account strong-name-key swagger typescript vs-code windows-terminal winget winget-configuration yaml-pipeline