-
Cross-Tenant Entra-ID Authentication for Azure Function Apps
When deploying function apps in Azure, it’s common to configure a trigger endpoint to invoke the function on demand. Whether this endpoint is reachable via the Internet, or only available to internal networks, it’s sensible to authenticate requests to prevent nuisance triggering of your function app. In order to keep your app as lean as…
-
Migrating GitLab Projects to GitHub
I’m currently working on a large project in need of modernization. Amongst the various threads of technical debt, the project as inherited has its source code hosted on a self-hosted GitLab Enterprise server. The organization wishes to converge on GitHub Enterprise (cloud, not self hosted) as its source control solution, and so I was tasked…
-
Preventing Automatic Sign-out in Azure Portal
When working with multiple organizations and their Azure estates, draconian application of policies dictating user behaviors can quite quickly become an annoyance. Among the first of these experienced on a new account is often the Azure Portal inactivity timer. Whilst it’s entirely understandable to limit the exposure of an authorized Azure Portal browser tab for…
-
Introduction to HashiCorp Nomad
Nomad is “a simple and flexible workload orchestrator” that is capable of running not just containers, but pretty much any workload you can build. Whilst related solutions like Kubernetes focus on containerized application hosting, Nomad has a broader reach and this might be a great selling point if your environment is more heterogenous, or if…
-
Checking out GitHub pull requests to a local branch
After some trial and error, here’s how I check out Github pull requests to a local branch with tracking. Edit .git/config, add the following line in the section for the desired remote. Ensure to add it before the existing line for remote branches, e.g. Run git fetch and see all the new remote “branches” appear.…
-
Accessing AWS Services When Remoting
Having recently moved out of my place, where I had comparitively great Internet access supplied with static IP addresses, I’m currently working mostly tethered to my phone. It turns out that good LTE service actually works pretty well for most things – even long distance SSH – but sitting on a cellular network with a…
-
Terraform: AWS ACM Certificates for Multiple Domains
My life got better when AWS introduced Certificate Manager, their service for issuing validated TLS certificates for consumption directly by other AWS services. You don’t get to download certificates issued by ACM to install on your own servers, but you can use them with your EC2 Load Balancers, CloudFront and some other services, alleviating the…
-
AWS Account Switching with Ansible
I recently worked on a project involving multiple AWS accounts, with different projects and environments spread through those accounts in different combinations. Having opted to use Ansible for driving deployments, I looked at built-in capabilities for account switching. It turns out you can easily inject credentials authenticating with another IAM user, but this can only…
-
Terraform: Cross Account S3 Bucket Access Control
Whilst auditing a set of organizational AWS accounts, I wanted to consolidate operational S3 buckets into a single account and grant access as required. It might not be immediately obvious the first time you do this, so this post is a bit of a primer on cross-account S3 access control, and implementing such with Terraform.…
-
Beyond Facts: Retrieving AWS Resource IDs
I’m a huge fan of Ansible and I’ve made use of it in several projects to orchstrate AWS services. Ansible is designed to be simple, with most functionality contained in modules which are callable via tasks in playbooks. This has huge benefits, but also bears the major drawback of significant boilerplate when you need to…