Skip to content

Instantly share code, notes, and snippets.

Avatar

Martin Ehrnst ehrnst

View GitHub Profile
@ehrnst
ehrnst / inherit-tag-from-sub-mg.json
Created Jan 27, 2021
Azure policy managment group
View inherit-tag-from-sub-mg.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"targetMGs": {
"type": "array",
"metadata": {
"description": "An Array of Target Management Group for the assignment"
}
},
@ehrnst
ehrnst / gist:951053c9b803636863296457ad500093
Created Jan 4, 2021
Mangagement group arm template to deploy policy for subscription diagnostics
View gist:951053c9b803636863296457ad500093
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"assignmentMgmtGroupId": {
"type": "string"
},
"workspaceId": {
"type": "string"
},
@ehrnst
ehrnst / downloadRunHugo.ps1
Last active Sep 29, 2020
Hugo + powershell + az devops
View downloadRunHugo.ps1
$x = Invoke-restmethod -Uri "https://api.github.com/repos/gohugoio/hugo/releases/latest?draft=false" -Headers @{"accept"="application/vnd.github.v3+json"} -UseBasicParsing
$release = $x | where-object { -not $_.draft} | Select-Object id,name,assets -First 1
$windows = $release.assets | Where-Object {$_.Name -like '*Windows*64*' -and $_.browser_download_url -like '*extended*'}
$windowsReleaseDownload = $windows.browser_download_url
$hugoFolder = "${env:TEMP}\hugotask_"
$hugoExe = "${hugoFolder}\hugo.exe"
@ehrnst
ehrnst / find-resource-writes.kql
Last active Aug 28, 2020
Azure Monitor Logs subscription activity
View find-resource-writes.kql
AzureActivity
| where Authorization_d.action has "write"
| where CategoryValue == "Administrative"
| where ActivityStatusValue == "Success"
| where OperationNameValue !in (
"MICROSOFT.AUTHORIZATION/POLICYDEFINITIONS/WRITE",
"MICROSOFT.AUTHORIZATION/POLICYSETDEFINITIONS/WRITE",
"MICROSOFT.AUTHORIZATION/POLICYASSIGNMENTS/WRITE")
| distinct _ResourceId
@ehrnst
ehrnst / start-policyRemediation.ps1
Created Jun 11, 2020
Create Azure policy set remediation task with powershell https://adatum.no/?p=6903
View start-policyRemediation.ps1
# in case you have multiple subscriptions...
select-azsubscription -SubscriptionName "SubscriptionName"
# get all non-compliant policies that can be remediated
$nonCompliantPolicies = Get-AzPolicyState | Where-Object { $_.ComplianceState -eq "NonCompliant" -and $_.PolicyDefinitionAction -eq "deployIfNotExists" }
# loop through ans start individual tasks per policy
foreach ($policy in $nonCompliantPolicies) {
$remediationName = "rem." + $policy.PolicyDefinitionName
@ehrnst
ehrnst / azuredeploy.json
Created Jun 9, 2020
ARM template for function with key output
View azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appName": {
"type": "string",
"defaultValue": "[concat('fnapp', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of the function app that you wish to create."
}
@ehrnst
ehrnst / context-examples.ps1
Created May 5, 2020
Multiple Azure users/context in PowerShell
View context-examples.ps1
# Connect to Azure specifying a tenant
# If you want to connect to multiple tenants, you can connect multiple times.
Connect-AzAccount -tenantId customer1.onmicrosoft.com
# adding a new PowerShell Azure context
# setting a friendly name to allow for easy switching.
Set-AzContext -name "Subscription 1 in tenant 1" -SubscriptionId "31ffbc99-4cbf-43b2-8789-ba8d73171e70" -tenantid customer1.onmicrosoft.com
Set-AzContext -name "Subscription 2 in tenant 1" -SubscriptionId "b5c85827-0afd-49a0-8923-8fe35cfa8dd0" -tenantid customer1.onmicrosoft.com
@ehrnst
ehrnst / azuredeploy.json
Created Mar 4, 2020
Deploy function app at subscription level
View azuredeploy.json
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.1",
"parameters": {
"resourceGroupName": {
"type": "string",
"metadata": {
"description": "Specify the name of the resource group"
}
},
@ehrnst
ehrnst / get-all-documents
Created Feb 25, 2020
Azure API management cosmosDB policy
View get-all-documents
<!--
IMPORTANT:
- Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
- To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
- To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
- To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
- To remove a policy, delete the corresponding policy statement from the policy document.
- Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
- Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
- Policies are applied in the order of their appearance, from the top down.
@ehrnst
ehrnst / acknowledge-alerts.ps1
Last active Feb 24, 2020
Retrieving data from Azure Monitor REST api with powershell: https://adatum.no/?p=6096
View acknowledge-alerts.ps1
# alert handeling
# updating alert status
# get alerts
$alerts = Invoke-RestMethod -Method Get -Uri "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.AlertsManagement/alerts?api-version=2018-05-05" -Headers $headers
# fore every alert I have. get it's ID and acknowledge it.
# pay attention to the method is now POST (one can debate if this should be a PUT)
foreach ($alert in $alerts.value) {