Skip to content

Instantly share code, notes, and snippets.

View astaykov's full-sized avatar

Anton Staykov astaykov

  • Microsoft (former Microsoft Azure MVP)
  • Berlin, Germany
  • X @astaykov
View GitHub Profile
@astaykov
astaykov / az-storage-disallow-sas.sh
Created June 10, 2024 09:28
Disallow use of shared access keys in Azure Storage Account (force Entra ID authN)
az storage account list --query "[].id" -o tsv | az storage account update --allow-shared-key-access false --ids @-
@astaykov
astaykov / unifi.sh
Last active July 30, 2024 11:26
import HTTPS certificate to UNIFI console
# create csr
cd /usr/lib/unifi
sudo java -jar lib/ace.jar new_cert unifi.idhero.de "Unifi" "Germany" "BE" DE
# the CSR is in data subfolder (/usr/lib/unifi/data)
# strip from new lines
tr -d '\n\r' < DigiCertCA.crt | echo $(cat -) > DigiCertCA.crt
tr -d '\n\r' < TrustedRoot.crt | echo $(cat -) > TrustedRoot.crt
tr -d '\n\r' < unifi_idhero_de.crt | echo $(cat -) > unifi_idhero_de.crt
@astaykov
astaykov / az-storage-disallow-blobpulicaccess
Created May 24, 2024 09:58
Update all azure storage accounts to disallow blob public access
az storage account list --query "[?allowBlobPublicAccess].id" -o tsv | az storage account update --allow-blob-public-access false --ids @-
@astaykov
astaykov / workflow.json
Created March 21, 2024 08:49
Logic App to check results of access review and execute termination workflow
{
"definition": {
"$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
"contentVersion": "1.0.0.0",
"triggers": {
"Recurrence": {
"type": "Recurrence",
"recurrence": {
"frequency": "Day",
"interval": 1
@astaykov
astaykov / run.csx
Created March 19, 2024 07:30
Azure Function code for Entra ID custom authentication extension
#r "Newtonsoft.Json"
using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json;
public static async Task<IActionResult> Run(HttpRequest req, ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
@astaykov
astaykov / aws-list-resources.sh
Last active November 24, 2023 16:42
list all resources in all available regions. filter by specific resource type. only for current account.
#!/bin/bash
## Define the output CSV file
output_file="aws_resources.csv"
## List of resource types to include in the report
resource_types=("ec2" "lambda" "ecs" "eks" "rds" "dynamodb" "elasticmapreduce" "kinesis" "elasticache")
## Check if the AWS CLI is installed
if ! command -v aws &> /dev/null; then
@astaykov
astaykov / az-functions-all.sh
Created October 17, 2023 08:20
List all azure function apps and then all functions within the function apps
!#/bin/bash
az functionapp list --query "[].{n:name,g:resourceGroup}" -o Table
az functionapp list --query "[].{n:name,g:resourceGroup}" -o tsv | awk -F'\t' '{system("az functionapp function list -n "$1" -g " $2 " --query \"[].{g:resourceGroup,n:name,t:type}\" -o table")}'
using namespace System.Net
# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)
function Parse-JWTtoken {
[cmdletbinding()]
param([Parameter(Mandatory=$true)][string]$token)
@astaykov
astaykov / SendgridCustomTemplateId.xml
Created November 18, 2022 09:25
Azure AD B2C custom e-mail with SendGrid - custom template id per locale
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
PolicySchemaVersion="0.3.0.0"
TenantId="yourtenant.onmicrosoft.com"
PolicyId="B2C_1A_SendgridCustomTemplateId"
PublicPolicyUri="http://tonycosite.onmicrosoft.com/B2C_1A_SendgridCustomTemplateId"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
# First, connect to Azure AD
Connect-AzureAD
# Make sure there is no same policy already defined
# Get your policies and inspect them
Get-AzureADPolicy
# modify your gorup filter as appropriate
# ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-claims-mapping-policy-type#group-filter
$PolicyDefinitionString = "{