CYBAUER SECURITY
Home About Blog Certifications GitHub Contact Me
Login

BLOG POSTS

Azure - P2S Azure VPN with Terraform By Brett Bauer on Oct. 17, 2024, 11:43 a.m.

Architecture Overview

This is a blog post about setting up a Point-to-Site VPN inside Azure with a Hub and Spoke architecture. Lets have a quick overview of what we are trying to build here. First thing is we want a way for a user to be able to connect into our network securely with a VPN that they sign into with their Entra ID account. We want all traffic to pass through a firewall so we can create rules to whitelist connections. And lastly we need the user to be able to access multiple spokes from the VPN that is in the central Hub.

So lets look a simple diagram that I created with Draw.io. I’m not exactly an artist but this diagram should be good enough for people to get a quick grasp of w…

Azure - Pulumi Infrastructure Part 5 By Brett Bauer on Aug. 10, 2024, 12:59 p.m.

Application Gateway and Network Security Groups

Basically everything is set up now. All I need to do now is create the application gateway and attach my SSL certificate to it so people can access the web app by going to cybauer.com. Once I get the application gateway set up I am going to set up network security groups for each subnet so I can lockdown the network access to everything and make sure only approved connections are getting through.

Application Gateway

There are two ways to attach certificates to the application gateway. The first is to store the certificate in a key vault and give the application gateway a user assigned managed identity with a role that allows it to grab the cert. …

Azure - Pulumi Infrastructure Part 4 By Brett Bauer on July 31, 2024, 7:35 p.m.

Container Registry, Managed Identity, Container App Environment and Container App

Now that the database and key vault is set up with the secrets ready to go, I can start creating the app. I am going to need container registry to hold my docker image, a container app environment for the container app to sit in, and a container app to run my docker container.

Container Registry

Since I am trying to cut cost I need to use a basic sku container registry. This sku has one major downside, which is it blocks you from setting firewall rules and using private endpoints. Which means I cannot restrict the traffic to my container app subnet.

A screenshot of a computer Description automatically generated

Because of this I have no choice but to keep it open. To secure t…

Page 1 of 2 Next   - Last »