Background

The Bicep existing keyword is a powerful capability that allows us to reference a resource that wasn’t deployed as part of the current Bicep file.

One of the typical use cases that I often see is where a resource is deployed as part of a module called by the parent template, the resource that was …

Overview

In previous articles I have subtly referenced risks and best practices regarding HTTP triggered workflows and their use of Access Keys for security, such as:

• Some Potential Risks:

  • If a Key is leaked, it can be used by anyone who obtains it to call your Logic App Workflow.
  • If a Key has expired or been …

The Try-Catch Pattern

Following the idea of defensive programming or as I like to call it for Logic Apps (being low code): defensive processing, it is considered good practice to wrap your workflows in a try-catch pattern to handle the unexpected. The pattern makes use of a mixture of Run After conditions and the Scope …

Overview

Prior to the Christmas break I was involved in writing some integrations that used a mixture of Logic Apps Standard and Function Apps. It was agreed as part of the architecture that user-assigned identities would be the best fit. As part of the implementation, I observed that the differences in configuration …

Overview

The recent work that I have been doing with Standard Logic Apps and linking them as backends to Azure API Management has relied on the use of the Logic App Workflow SAS key for security. This is a valid authentication approach, but there are risks that you need to be aware of as well as best practices …

Overview

The recent work that I have been doing with Function Apps and linking them as backends to Azure API Management has relied on the use of the Function Apps Function SAS key for security. This is a valid authentication approach, but there are risks that you need to be aware of as well as best practices that …

Overview

Following on from a previous set of posts from earlier this year where I detailed how to securely implement Logic App Standard backends in Azure API Management, there has been questions on how this would be achieved in a similar manner with Azure Function Apps.

To read-up on how this was achieved with …

I recently had the privilege to be hosted on the Azure on Air podcast by the Turbo360 team. I had a great conversation with Lex discussing the importance of a “security first” mindset in the world of Azure solutions, and how this mindset should be carried out as a priority in every stage from …

Problem Space

One of my recent projects has involved the use of a static module bundler called webpack to bundle a typescript site so I can serve static content from a Static Web App in Azure.

For a while now the site content has not deviated between environments [ dev / test / prod ] and therefore we have simply built …

Problem Space

Deploying solutions into Azure that rely on Role Based Access often involve us creating IaC automation for the assignment of roles, such as:

• A services access to Key Vault
• A services access to a Key Vault specific secret
• A services access to a storage account
• A services access to a Service Bus Queue or …