CYBAUER SECURITY
Home About Blog Certifications GitHub Contact Me
Login

BLOG POSTS

Azure - Pulumi Infrastructure Part 4 By Brett Bauer on July 31, 2024, 7:35 p.m.

Container Registry, Managed Identity, Container App Environment and Container App

Now that the database and key vault is set up with the secrets ready to go, I can start creating the app. I am going to need container registry to hold my docker image, a container app environment for the container app to sit in, and a container app to run my docker container.

Container Registry

Since I am trying to cut cost I need to use a basic sku container registry. This sku has one major downside, which is it blocks you from setting firewall rules and using private endpoints. Which means I cannot restrict the traffic to my container app subnet.

A screenshot of a computer Description automatically generated

Because of this I have no choice but to keep it open. To secure t…

Azure - Pulumi Infrastructure Part 3 By Brett Bauer on July 29, 2024, 6:22 p.m.

Key Vault and PostgreSQL Server

In this post I will create the key vault to hold the secrets I need for my Django app connections. In the settings.py file of my app I use the function I created in it to grab the secret values from secrets in a key vault names cybauer-vault. I need to make sure to name the key vault the same in Pulumi and I also need to make sure I give the secrets the same name as the ones I have in settings.py.

After creating the key vault I will set up the PostgreSQL server and the cybauer database that goes with it. I want the server to be integrated with my VNET so I will link it to the delegated subnet and the private DNS zone I created previously. After the server and d…

Azure - Pulumi Infrastructure Part 2 By Brett Bauer on July 26, 2024, 11:52 a.m.

Networking, Storage Account, and Resource Group

Plan:

Here is a quick diagram I threw together that has most of the main parts. Basically an end user will make a request to the gateway public ip, that gateway has a listener listening on port 443 and when it that listener is hit it will direct the traffic to the container app that is in the container app subnet. The container app has connections with the postgres server, the container registry, the app gateway,  the key vaults, and the storage account. There is three subnets all in one vnet. Traffic in and out of the subnets are restricted by Network Security Groups (NSGs).  Each subnet has its own NSG associated with it. All of this…

« First   - Previous Page 2 of 3 Next   - Last »