Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Azure RBAC Key Vault | Role Assignment for Specific Secret

Background Azure role-based access control (Azure RBAC) provides fine grained control over access to Azure resources. Azure RBAC is founded on top of the Azure Resource Manager which allows us to provide access authorisation at differing scope levels ranging from the Management Group through to …


Azure API Management | Unintentional Pass through of Subscription Key Header

Problem Space There is a potential unintentional side effect when you add a APIM subscription key as a header to an inbound request. The header is not stripped from the request prior to being sent to the configured backend service. Rather it is retained. If you manage the backing service and are not …


Bicep | Deployment Scope Hopping

Background An Azure Tenant is hierarchically structured with the following make up: Tenant One or more Management Groups One or more Subscriptions One or more Resource groups One or more Resources Deployment Scopes {Tenant, Management Group, Subscription, Resource Group} allow us to deploy …


Bicep | Conditional Iterative Deployment

Background I have recently been looking at creating multiple of the same resource using Bicep. There is however a condition where I would wish for the set of resources not to be deployed. The following stages show my work through of this particular problem (using a storage account resource as an …


Bicep Template | Shared Variable File Pattern

Background I have recently been playing around with some of the Bicep functions when I came across a pattern by Microsoft called the Shared Variable File Pattern. This nifty pattern describes a method in which you can extract what would either be commonly used or complex configuration values away …