Kusto / Resource Graph Explorer queries from PowerShell

The code snippet below shows how to run Resource Graph queries with PowerShell.  The example uses a custom PowerShell class  that may be used for streaming objects back to a Log Analytics workspace.

Azure’s YAML provisioning templates

Azure’s ARM templates have been a rite of passage for all Azure engineers.  No one who has been working with the cloud at any depth will be without late-night stories of frustration.  The Azure Resource Manager is a service that accepts specially constructed JSON templates and uses those templates to provision each object represented within.

Programmatically retrieving ‘latest’ Azure REST API versions

Every object in Azure is identified by a unique, hierarchy-based Resource ID.

Every object type has an associated range of different API versions that act as different schemas for that object type.

Powershell, Azure Management API & Password Grant Type - example

This example uses PowerShell and REST for connecting to the Azure Management API for managing the cloud platform.

This example uses the Password grant type (Username and Password) for connecting to Azure.


Powershell, Graph API & Password Grant Type - example

The OAuth 2.0 Password Grant Type allows authentication (in this case to Graph) using a username and password.

Take note of the Resource Identifier used with REST queries as this changes based on te resources being accessed.



Azure Custom Script Extensions, Software Deployment and Package Management

Azure allows Virtual Machine extension objects to be attached to provisioned virtual machines.  As they are objects, they may be declared directly with Resource Manager templates.

Enabling Azure Point-to-site-VPN

Using Azure's Point-to-site vpn avoids having to expose ssh or winrm ports to the internet to get onto the systems.

Before a Point-to-site VPN can be established, a Virtual Network Gateway must be created.  This will be associated with the Virtual Network that will be accessible.

Access to the network will be controlled by certificates.

Create an Azure App Registration for Disk Encryption

Enabling Azure Disk Encryption requires the creation of a dedicated account to be able to access a Key Vault for the backup of disk encryption keys.  This occurs through enabling an Application Registration in the desired tenant and providing the associated Service Principal Key Wrap and Secret Set rights to the Key Vault in question.

Create an Azure Application & SPN with Certificate Authentication

This PowerShell code snippet creates an Azure AD application registration with an associated SPN and self-signed certificate for Azure authentication.

I've used this for generating certificates that Virtual Machines can use for authenticating to Azure as an alternative to Managed Identities.

Updating Azure Automation Modules

Azure Automation Module versions are continually changing with Azure.  The inconsistencies caused due to module dependencies is a modern equivalent of DLL Hell and questions the wisdom of creating complex runbooks for use with Azure.


Subscribe to Laurie Rhodes' Info RSS