Martin Ehrnst ehrnst
ehrnst
/ postgres-policy.json
Created
November 29, 2021 08:23
Postgres Azure policy for geo replication with tag override
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "displayName": "PostgreSQL should have Geo replication enabled", | |
| "policyType": "Custom", | |
| "mode": "Indexed", | |
| "description": "This policy checks wheter Geo replication is enabled or not. You can exclude the database from the policy by adding 'noGeo' : 'true' as tag and value", | |
| "metadata": { | |
| "category": "SQL", | |
| "createdBy": "75e5f040-6c35-4bc7-baef-eae05fc48acb", | |
| "createdOn": "2021-03-22T12:10:49.814614Z", |
ehrnst
/ querySql.ps1
Created
November 26, 2021 12:52
Query Azure SQL server using PowerShell and access token
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## This will use your Azure access token and establish a connection to your Azure SQL instance. | |
| ## useful when testing network connections or similar | |
| $token = Get-AzAccessToken -Resource "https://database.windows.net" | |
| # connect to database | |
| $dbConn = New-Object System.Data.SqlClient.SqlConnection | |
| $dbConn.ConnectionString = "Server=tcp:my-sql-server.database.windows.net,1433;Initial Catalog=myDB;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;" | |
| $dbConn.AccessToken=$token.Token | |
| $dbConn.Open() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| targetScope = 'subscription' | |
| var location = deployment().location // set same location as the deployment | |
| // deploy resource group | |
| resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = { | |
| name: 'myapp-rg' | |
| location: location | |
| } |
ehrnst
/ add-service-connections-to-project.ps1
Last active
June 23, 2021 11:34
Azure devops powershell automation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $uatServiceConnection = @" | |
| { | |
| "data": { | |
| "subscriptionId": "bbd7a8c4-fc4c-4e00-a3dc-7caa5d8ea455", | |
| "subscriptionName": "{SubscriptionName}", | |
| "environment": "AzureCloud", | |
| "scopeLevel": "Subscription", | |
| "creationMode": "Manual" | |
| }, | |
| "name": "{service-connection-name}", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "targetMGs": { | |
| "type": "array", | |
| "metadata": { | |
| "description": "An Array of Target Management Group for the assignment" | |
| } | |
| }, |
ehrnst
/ gist:951053c9b803636863296457ad500093
Created
January 4, 2021 14:38
Mangagement group arm template to deploy policy for subscription diagnostics
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "assignmentMgmtGroupId": { | |
| "type": "string" | |
| }, | |
| "workspaceId": { | |
| "type": "string" | |
| }, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $x = Invoke-restmethod -Uri "https://api.github.com/repos/gohugoio/hugo/releases/latest?draft=false" -Headers @{"accept"="application/vnd.github.v3+json"} -UseBasicParsing | |
| $release = $x | where-object { -not $_.draft} | Select-Object id,name,assets -First 1 | |
| $windows = $release.assets | Where-Object {$_.Name -like '*Windows*64*' -and $_.browser_download_url -like '*extended*'} | |
| $windowsReleaseDownload = $windows.browser_download_url | |
| $hugoFolder = "${env:TEMP}\hugotask_" | |
| $hugoExe = "${hugoFolder}\hugo.exe" |
ehrnst
/ find-resource-writes.kql
Last active
August 28, 2020 08:04
Azure Monitor Logs subscription activity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AzureActivity | |
| | where Authorization_d.action has "write" | |
| | where CategoryValue == "Administrative" | |
| | where ActivityStatusValue == "Success" | |
| | where OperationNameValue !in ( | |
| "MICROSOFT.AUTHORIZATION/POLICYDEFINITIONS/WRITE", | |
| "MICROSOFT.AUTHORIZATION/POLICYSETDEFINITIONS/WRITE", | |
| "MICROSOFT.AUTHORIZATION/POLICYASSIGNMENTS/WRITE") | |
| | distinct _ResourceId |
ehrnst
/ start-policyRemediation.ps1
Created
June 11, 2020 13:10
Create Azure policy set remediation task with powershell https://adatum.no/?p=6903
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in case you have multiple subscriptions... | |
| select-azsubscription -SubscriptionName "SubscriptionName" | |
| # get all non-compliant policies that can be remediated | |
| $nonCompliantPolicies = Get-AzPolicyState | Where-Object { $_.ComplianceState -eq "NonCompliant" -and $_.PolicyDefinitionAction -eq "deployIfNotExists" } | |
| # loop through ans start individual tasks per policy | |
| foreach ($policy in $nonCompliantPolicies) { | |
| $remediationName = "rem." + $policy.PolicyDefinitionName |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "appName": { | |
| "type": "string", | |
| "defaultValue": "[concat('fnapp', uniqueString(resourceGroup().id))]", | |
| "metadata": { | |
| "description": "The name of the function app that you wish to create." | |
| } |