SHIFT-WIKI - Sjoerd Hooft's InFormation Technology
This WIKI is my personal documentation blog. Please enjoy it and feel free to reach out through blue sky if you have a question, remark, improvement or observation.
Terraform Module for setting Diagnostic Settings to send logs to a Log Analytics Workspace
Summary: This is a terraform module that I use to configure diagnostic setting on Azure Resources to send diagnostics and logs to a Log Analytics Workspace.
Date: 8 February 2025
Read the post to learn more about diagnostic settings and:
- How to deploy diagnostic settings using a terraform module
Terraform in Azure DevOps
Summary: On this page I'll show you how to use an azure devops pipeline to deploy azure resources using terraform.
Date: 2 February 2025
The topics covered are:
- Using a service principal to authenticate to Azure
- Setting up a remote backend for your tfstate file
- Using a federated service principal to authenticate to Azure
- Using the Azure DevOps Pipeline Extension
Terraform AWS WebServer
Summary: This is a terraform deployment for an EC2 instance with a security group and the loading of user data.
Date: Around 2021
Refactor: 26 January 2025: Checked links and formatting.
- Create a EC2 web server and output the public IP
- Create a security group for the webserver opening port 80 and 443
- Run a script (user data) on the webserver
AKS with Workload Identity
Summary: Workloads deployed on an Azure Kubernetes Services (AKS) cluster require Microsoft Entra application credentials or managed identities to access Microsoft Entra protected resources, such as a Azure Key Vault. Microsoft Entra Workload ID integrates with the capabilities native to Kubernetes to federate with external identity providers. On this page I'll show you how to quickly deploy an AKS cluster with workload identity enabled.
Date: 26 January 2025
I'll show you the following steps:
- Deploy an AKS cluster using the Azure CLI with the OpenID Connect issuer and a Microsoft Entra Workload ID.
- Create a Microsoft Entra Workload ID and Kubernetes service account.
- Configure the managed identity for token federation.
- Deploy a test workload and verify authentication with the workload identity.
- Grant a pod in the cluster access to secrets in an Azure key vault.
All command shown here are done with powershell in the Azure Cloud Shell.