Upload Terraform State files to remote backend – Amazon S3 and Azure Storage Account

As you might have already learned, Terraform stores information about the infrastructure managed by it by using state files. By default, if we run Terraform code in a directory named /code/tf, it will record state in a file named /code/tf/terraform.tfstate file. This file contains data in JSON format which contains information about resources mentioned in the configuration files from the real-world infrastructure. Using this file, terraform knows what has been deployed and compare that to what has been mentioned in the configuration files, and come up with a plan on what needs to be changed. So its very critical that terraform is referring to correct state file, which ideally should be 1:1 mapping of real-world infrastructure.

Read More »

Create and Manage Blueprints using Azure Portal

In previous post, we have defined what are Azure Blueprints and how they are important to deploy Azure Environments with a set of compliance and standards packaged together into a single definition. In this post, we are going to go through Blueprint lifecycle making use of Azure Portal. Like many resources within Azure, a blueprint in Azure Blueprints has a typical and natural lifecycle. They’re created, deployed, and finally deleted when no longer needed or relevant. Blueprints supports standard lifecycle operations. It then builds upon them to provide additional levels of status that support common continuous
Read More »

Work with Azure Blueprints to design and deploy Governed Azure Environments

Traditionally, Blueprints are used by architects and engineers to design and build new things. Blueprints are used to ensure that final product are built up to very specifications as laid out and are in the compliance with certain standards and requirements.

Azure Blueprints are used in the same way as traditional blueprints. Using Azure Blueprints, cloud architects and IT groups can design and deploy azure resources repeatedly that adhere to organizational standards, requirements and patterns. By leveraging Azure Blueprints, cloud architects can quickly build and deploy new environments that are always compliant ready. Using Azure Blueprints, teams can deploy new Azure Environments, with a set of built-in Azure Resources, with a trust that they are deploying in accordance with standards and compliance.
Read More »

Using Azure Log Analytics Alerts for non-compliant Azure Resources

In our previous blog post, we discussed how we can leverage Azure Policy to bring Azure Resources to into compliance with the Organizational configuration standards. We also created a custom Azure Policy and observed its effects on compliance. There are however close to 100 Builtin Azure Policy which are applied at any time under the default initiative. To this, add the number of policies that would be created and applied to manage resources for different departments and to enforce different standards. You’ll be quickly looking at hundreds of Azure Policies and assignments and exclusions and need some help to manage them.
Read More »

Determine Non-Compliance and trigger remediation for Azure Resources

In our previous post, we discussed how we can access compliance data for the Azure Resources. Compliance data can be accessed using various channels such as Azure Portal, Azure CLI, Azure REST APIs and Azure PowerShell. Once the compliance data is available, one should check which resources are non-compliant in accordance to the Azure Policy or Initiative, why they are flagged as non-compliant and what actions could be taken to remediate the same. In this blog post, we are going to discuss the same.
Read More »

Access Compliance Data and Manage Compliance for Azure Resources

In our previous blog post, we discussed how we can write custom Azure Policies in accordance with Organization’s Strategic and Compliance Requirements. We also learned how to apply policies at different scope levels in Azure. While planning, writing and applying compliance requirements in the form of Azure Policies is important, it is equally important to audit existing resources for appropriate configurations and settings, evaluate the results and take certain actions. One needs to be evaluate how many resources are compliant with the defined requirements, what resources are non-compliant, what corrective actions can be taken to bring them in compliance and also remove any false positives.
Read More »

Create and Assign Custom Azure Policies for Azure Governance

In our previous blog post, we discussed on using Azure Policies for Azure Governance and staying compliant with the same. We also discussed how we can use built-in Azure Policies to meet the governance criteria and start easily. However, the relationship between business and IT varies a lot from Organization to Organization. So from time to time, you’ll need to create your own Azure Policies and applying them to a scope. Custom Azure policies allows you to be lot more compliant and a lot more flexible. In this blog post, we are going to discuss the same. Read More »

Governing Azure and Staying Compliant using Azure Policies

Azure Governance includes not only identifying business and compliance standards, planning of the initiatives, defining Organizations goals in clear and standard way, but it also includes the implementation of same. Often times, getting them implemented in the proper and timely manner has long proven the hardest step to complete. There is no easy way to know if the Organizational goals and initiatives are getting implemented, what is not compliant and what actions can be taken to mitigate the drift created. For some sectors like finance industry, if the IT is not able to align to and follow the compliance and regulatory standards, it can become disastrous. Read More »