Skip to content
Menu
e-lo [IT Engineer life]
  • Home
    • Note
  • Database
    • T-SQL
    • SQL Server quick
    • SQL server docs
    • MySql quick sheet
    • Postgre
    • InfluxDB
  • Programming
    • MS Azure Powershell
    • MS Azure Command-Line Interface (CLI) doc
    • Python Docs
    • Python Logging
    • Python-cheat-sheet
    • Git-guide
  • Azure
    • MS Windows virtual machines in Azure
    • MS ARM Docs
    • MS ARM Template Docs
    • MS ARM Functions
    • MS Bicep+ARM
    • MS ARM Tutorial
    • MS Deployment scripts (intern/extern)
    • MS Virtual Network
  • Az-nutshell
    • ms-technology-choices-compute-decision-tree
    • ms-data-store-decision-tree
    • ms-data-explorer
    • ms-storage-explorer
    • ms-azure-sql
    • ms-common-data-services
    • ms-azure-mysql-daas
    • ms-sla
    • az paas
    • az glossary-quicksheet
    • az-test-vm-script-quickguide
  • Linux
    • Top CMD’s
    • Useful CMD Linux
    • ss64 Linux
    • Ubuntu
    • 30 things Ubuntu 18.04
    • Bootable Ubuntu USB
    • LinuxFilesystemTreeOverview
  • Sys Admin
    • System Administrator
    • Sys News
  • Zen
    • Not thinking about anything is Zen
e-lo [IT Engineer life]

Governance and Compliance 102

Posted on August 24, 2020October 5, 2020 by espenk

Region is an area, geographical containing on or more datacenters.

Azure subscription, Logical unit of services linked to account, billing is by subscription, organize access to services.

Azure accounts, account is identity in AD. Types of account, enterprise, resellers, partners, personal. Free, wont be charged before you upgrade.

Cost Management

Pay for what you use, monitor and control spending and also optimize resource use.

Resource tags

Name:Value, Enviroment, Test etc. With tags you can retrieve all resources in the subscription with the name and value for tag. (Many tags, Powershell or CLI)

Cost savings

  • Reservations, pre-pay for 1 or 3 years for VM’s,SQL db capacity, get discount on resources.
  • Hybrid benefits, when you have licenses with software assurance, that helps existing on-premises win server/sql license migrating to Azure. A calculator for this
  • Credits
  • Regions, price can be different from region to region
  • Budget, plan, drive cost over time, and monitor

Pricing calculator

https://azure.microsoft.com/en-us/pricing/calculator/

Policy

Management groups

If the company has many subscriptions, Management groups provide management on a level over subscription. Organize subscriptions in boxes(containers) and use governance to the groups.

  • Alignment of organization with hierarchies / groups
  • Policies / budget across subscriptions with inheritance ->
  • Cost report and compliance

Policy

Service for creating, assign and control the use with rules over resources. This forces the resources to stay compliant with standards and SLA

Advantages

  • Built in or custom policies, real time scan
  • Apply policies to management groups, several or exclude policies
  • Reversing / stopping policies in real time

https://docs.microsoft.com/en-us/azure/governance/policy/

RBAC

Role-bases access control

RBAC manage who has access to resources, and what action they can do.

RBAC is built on Azure Resource Manger authorization.

RBAC

Allow access to all resources in a group for an application or user, allow one user to create VM’s and another to to create vnet’s, DBA to manage SQL.

The concepts are

  • Security principal, Objects (user, groups, identity) requesting access
  • Role definition, set of permissions that can be done (read, write contributor, etc)
  • Scope, Level of access, subscription, resources, management groups
  • Assignment, ad a role definition to a SP (Security principal) for a selected scope, users can grant access by making assigments.

Role definition

  • Is properties in a json file (Name, Id, Description, Actions,NotActions and scope (read, write etc))
  • The “*” is all actions, “/” is all scopes.

Role assignment

  • is the process of adding a role def to user, group , service principal, managed identity for a scope to grant access

Azure RBAC vs Azure AD

  • Subscription admin roles (classic)
  • RBAC roles
  • Azure AD admin roles

Azure RBAC roles control security/permis. to manage Azure resources, Azure AD admin roles controls security/permis. to Azure Active Directory resources.

Nb, subscription admin roles (classic) should not be used if using Azure Resource Manager.

RBAC Roles

  • Owner, 100% access and can delegate
  • Contributor, create/manage all types of resources, but cannot delegate
  • Reader, view all
  • User Access Administrator, manage user access to resources

RSS Azure

  • Scale your cloud-native apps and accelerate app modernization with Azure, the best cloud for your apps May 24, 2022

RSS RabbitMQ

  • RabbitMQ 3.8.15 release

RSS Python

  • PEP 691: JSON-based Simple API for Python Package Indexes May 4, 2022

Tags

5 min (26) Ansible (1) ARM (10) azure (40) cmd (3) Django (4) Docker (1) e-lo (2) Flask (2) Github (9) Grafana (2) Information (7) Information Retrieval (13) JAVA (1) kivy (2) Kotlin (6) linux (15) mobile (2) Natural Language Prossesing (NLP) (2) Net.Core (1) Networking and Security (6) OPC (2) PEP8 (1) Philosophy (3) Python (47) Python Networking and Security (5) Reason (2) RMQ (3) Solr (11) Sql (10) Uncategorized (2) VSC (1) Warframe (2) WMVARE (4) Zabbix (7)

Recent Posts

  • 5 min Logic App Storage Table
  • 5 min Logic App PSQL
  • 5 min Logic App
  • 5 MIN Azure Data Explorer
  • TODO Build a Hash Table in Python With TDD Real Python

Archives

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Photo by Markus Spiske from Pexels "Matrix"

©2022 e-lo [IT Engineer life] | Powered by WordPress & Superb Themes