Skip to content

Instantly share code, notes, and snippets.


Martin Ehrnst ehrnst

View GitHub Profile
ehrnst / gist:951053c9b803636863296457ad500093
Created Jan 4, 2021
Mangagement group arm template to deploy policy for subscription diagnostics
View gist:951053c9b803636863296457ad500093
"$schema": "",
"contentVersion": "",
"parameters": {
"assignmentMgmtGroupId": {
"type": "string"
"workspaceId": {
"type": "string"
ehrnst / downloadRunHugo.ps1
Last active Sep 29, 2020
Hugo + powershell + az devops
View downloadRunHugo.ps1
$x = Invoke-restmethod -Uri "" -Headers @{"accept"="application/vnd.github.v3+json"} -UseBasicParsing
$release = $x | where-object { -not $_.draft} | Select-Object id,name,assets -First 1
$windows = $release.assets | Where-Object {$_.Name -like '*Windows*64*' -and $_.browser_download_url -like '*extended*'}
$windowsReleaseDownload = $windows.browser_download_url
$hugoFolder = "${env:TEMP}\hugotask_"
$hugoExe = "${hugoFolder}\hugo.exe"
ehrnst / find-resource-writes.kql
Last active Aug 28, 2020
Azure Monitor Logs subscription activity
View find-resource-writes.kql
| where Authorization_d.action has "write"
| where CategoryValue == "Administrative"
| where ActivityStatusValue == "Success"
| where OperationNameValue !in (
| distinct _ResourceId
ehrnst / start-policyRemediation.ps1
Created Jun 11, 2020
Create Azure policy set remediation task with powershell
View start-policyRemediation.ps1
# in case you have multiple subscriptions...
select-azsubscription -SubscriptionName "SubscriptionName"
# get all non-compliant policies that can be remediated
$nonCompliantPolicies = Get-AzPolicyState | Where-Object { $_.ComplianceState -eq "NonCompliant" -and $_.PolicyDefinitionAction -eq "deployIfNotExists" }
# loop through ans start individual tasks per policy
foreach ($policy in $nonCompliantPolicies) {
$remediationName = "rem." + $policy.PolicyDefinitionName
ehrnst / azuredeploy.json
Created Jun 9, 2020
ARM template for function with key output
View azuredeploy.json
"$schema": "",
"contentVersion": "",
"parameters": {
"appName": {
"type": "string",
"defaultValue": "[concat('fnapp', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of the function app that you wish to create."
ehrnst / context-examples.ps1
Created May 5, 2020
Multiple Azure users/context in PowerShell
View context-examples.ps1
# Connect to Azure specifying a tenant
# If you want to connect to multiple tenants, you can connect multiple times.
Connect-AzAccount -tenantId
# adding a new PowerShell Azure context
# setting a friendly name to allow for easy switching.
Set-AzContext -name "Subscription 1 in tenant 1" -SubscriptionId "31ffbc99-4cbf-43b2-8789-ba8d73171e70" -tenantid
Set-AzContext -name "Subscription 2 in tenant 1" -SubscriptionId "b5c85827-0afd-49a0-8923-8fe35cfa8dd0" -tenantid
ehrnst / azuredeploy.json
Created Mar 4, 2020
Deploy function app at subscription level
View azuredeploy.json
"$schema": "",
"contentVersion": "",
"parameters": {
"resourceGroupName": {
"type": "string",
"metadata": {
"description": "Specify the name of the resource group"
ehrnst / get-all-documents
Created Feb 25, 2020
Azure API management cosmosDB policy
View get-all-documents
- Policy elements can appear only within the <inbound>, <outbound>, <backend> section elements.
- To apply a policy to the incoming request (before it is forwarded to the backend service), place a corresponding policy element within the <inbound> section element.
- To apply a policy to the outgoing response (before it is sent back to the caller), place a corresponding policy element within the <outbound> section element.
- To add a policy, place the cursor at the desired insertion point and select a policy from the sidebar.
- To remove a policy, delete the corresponding policy statement from the policy document.
- Position the <base> element within a section element to inherit all policies from the corresponding section element in the enclosing scope.
- Remove the <base> element to prevent inheriting policies from the corresponding section element in the enclosing scope.
- Policies are applied in the order of their appearance, from the top down.
ehrnst / acknowledge-alerts.ps1
Last active Feb 24, 2020
Retrieving data from Azure Monitor REST api with powershell:
View acknowledge-alerts.ps1
# alert handeling
# updating alert status
# get alerts
$alerts = Invoke-RestMethod -Method Get -Uri "$subscriptionId/providers/Microsoft.AlertsManagement/alerts?api-version=2018-05-05" -Headers $headers
# fore every alert I have. get it's ID and acknowledge it.
# pay attention to the method is now POST (one can debate if this should be a PUT)
foreach ($alert in $alerts.value) {
ehrnst / azure-pipelines.yml
Created Dec 13, 2019
Yaml pipeline with powershell
View azure-pipelines.yml
- master
# Agent VM image name
vmImageName: 'windows-2019'
# service connection (azure)
azureServiceConnection: '{{ azServiceConnection }}'