I’ve been reading more into Azure security lately and explored the topic of Azure Stored Access Policies. These addressed issues inherent in ad hoc Shared Access Signatures and were a tool I wanted in my knowledge base. Available documentation on the Stored Access Policies was good as far as discussing their need and how to create them, but quite lean on actually implementing them. I finally learned that implementing Stored Access Policies requires a method other than Azure Portal but they are quite simple to deploy.
My colleague showed me a neat trick to run scripts on Azure Linux VMs as root. Use the Custom Script for Linux Extension. The Extension isn’t just for deployment – it can be run on an already-deployed Linux VM. By leveraging it to run shell scripts as root, you can make repairs to the system if you lock yourself out or need to add a user or ssh key for access. Store your script in a file and execute the extension via Portal, Azure CLI, or PowerShell.
The steps are covered in this MSDN blog article.
I recently sat the Microsoft exam AZ-100: Microsoft Azure Infrastructure Deployment. This was only my second Microsoft exam, the other being 70-535: Architecting Microsoft Azure Solutions (now retired). I generally approach IT exams with a healthy dose of skepticism as my experience has shown them to be scattered with errors, poor wording, and questions of dubious quality. However I found AZ-100 to be above the average of exams I have taken. Here are some of my thoughts on the exam.
Leveraging commercial cloud services allows increased data redundancy without having to expand and maintain your own infrastructure. A new cloud user can become overwhelmed and confused with the data redundancy options available, especially since each Cloud Service Provider (CSP) tends to use their own terminology. In this post I try to describe the data redundancy methods available in Microsoft Azure in simple terms.
The Azure Portal provides search capability allowing quick review and selection of a desired VM image. But when deploying via the Azure CLI or template you must know some parameters to specify the image to be deployed. This post provides a few examples showing how to search the image listing via the Azure CLI.