Tag: powershell

Azure Policy: Deny HTTP listeners (Application Gateway)

Here is the second Azure Policy example in addition to the first one . The following policy is quiet simple and denies creation of HTTP listeners for Application Gateways, so only HTTPS Listeners are allowed:

#Version1
{
  "mode": "All",
  "policyRule": {
    "if": {
      "anyof": [
        {
          "not": {
            "field": "Microsoft.Network/applicationGateways/httpListeners[*].protocol",
            "notEquals": "Http"
          }
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {}
}

#Version2
{
  "mode":"All"
  "policyRule": {
    "if": {

        "not": {

            "equals": "Https",

            "field": "Microsoft.Network/applicationGateways/httpListeners[*].protocol"

        }

    },

    "then": {

        "effect": "deny"

    }
},
"parameters": {}
}

To assign the policy by using PowerShell:

# Create the Policy Definition (Subscription scope)
$policyrules = "URI here"
$policyparams = "URI here (optional)"
$definition = New-AzPolicyDefinition -Name 'Deny HTTP Listeners' -Policy $policyrules  -Parameter $policyparams -Mode All

# Set the scope to a resource group; may also be a resource, subscription, or management group
$scope = Get-AzResourceGroup -Name 'mvphero'

# Create the Policy Assignment
New-AzPolicyAssignment -Name 'Deny HTTP Listeners' -DisplayName 'Deny Application Gateway HTTP Listeners' -Scope $scope.ResourceId -PolicyDefinition $definition

Passed Microsoft Certified: Azure DevOps Engineer Expert (AZ-400)

Today I have finished my Azure certification path by successfully passing the AZ-400: Microsoft Azure DevOps Solutions exam. This exam measures your ability to accomplish the following technical tasks: design a DevOps strategy, implement DevOps development processes, implement continuous integration, continuous delivery, dependency management, application infrastructure, and continuous feedback.

The exam consists of 2 case studies, 12 lab tasks, 42 test questions that must be answered in 180 minutes. I had two lab tasks that couldn’t be finished because of Azure environment issues (exam’s account didn’t have required permissions on Azure resources to complete certain sub-tasks). Fortunately, I was pretty sure for overall result and, after speaking with proctor, decided to jump into the next exam’s sections.

How to prepare

  1. You must either earn the Azure Administrator Associate or Azure Developer Associate certification
  2. You must have an active Azure DevOps account. The Azure Pipelines and Azure Repos are needed at least.
  3. Check out the free Azure/DevOps training courses (AZ-400 OpenEDX that’s based on MCT training guides and AzureDevOps Labs). In addition, there are a lot of videos at Pluralsight for getting started with Azure DevOps and understand DevOps principles.
  4. The labs are all about Azure Services (IaaS/PaaS/IaC), so you must know how to prepare environments for CD, environment types and differences between them, make IaC, understand security options for each Azure resource, CI/CD. Also, I was pretty surprised to see the lab tasks to be completed on localhost file system before pushing the code to Azure.
  5. The certification will be valid only for 2 years, so keep learning and practice every day! I wish you good luck on the exam and may the force be with you.