Skip to content

Instantly share code, notes, and snippets.

View rcabr's full-sized avatar
🏛️
Solving problems

rcabr rcabr

🏛️
Solving problems
View GitHub Profile
@rcabr
rcabr / Get-StorageAccountKeyRotationTimes.ps1
Created June 6, 2023 17:46
Queries each Azure Storage account in the tenant and returns a list of storage accounts and the most recent date/time that the storage account key was rotated.
# queries each Azure Storage account in the tenant,
# and returns a list of storage accounts and the most
# recent date/time that the storage account key was rotated.
# Connect to your Azure account
Connect-AzAccount
# Get Now
$now = Get-Date
@rcabr
rcabr / Get-AzContainerTotalSize.ps1
Created May 18, 2023 14:23
Get total size of all blobs in Azure Storage (with HNS enabled)
# For an Azure Storage account with Hierarchical Namespace enabled,
# this script totals up all the blobs in a container and outputs the total size in GB
# Set these variables to the storage account and container you want to get the size of
$ENV:AZURE_STORAGE_ACCOUNT = "[STORAGE ACCOUNT NAME]"
$containerName = "[CONTAINER NAME]"
# housekeeping
$ENV:AZURE_STORAGE_AUTH_MODE = "login"
$nextMarker = $null
@rcabr
rcabr / Audit-AzureDataLakeAcls.ps1
Last active February 3, 2021 15:12
Create CSV file reporting all ACLs on data lake folders
[CmdletBinding()]
param (
[Parameter()]
[string]
$SubscriptionName,
[Parameter()]
[string]
$StorageAcctName,
@rcabr
rcabr / Ames-Iowa-category-ordering.py
Created September 24, 2019 14:41
Setting ordered categories for the Ames-Iowa housing data set
quality_levels_ordered = ['Ex', 'Gd', 'TA', 'Fa', 'Po']
train_df.LotShape.cat.set_categories(['Reg', 'IR1', 'IR2', 'IR3'], ordered=True, inplace=True)
train_df.LandContour.cat.set_categories(['Lvl', 'Bnk', 'HLS', 'Low'], ordered=True, inplace=True)
train_df.Utilities.cat.set_categories(['AllPub', 'NoSewr', 'NoSeWa', 'ELO'], ordered=True, inplace=True)
train_df.LandSlope.cat.set_categories(['Gtl', 'Mod', 'Sev'], ordered=True, inplace=True)
train_df.Condition1.cat.set_categories(['PosA', 'PosN', 'Norm', 'Feedr', 'Artery', 'RRNn', 'RRNe', 'RRAn', 'RRAe'], ordered=True, inplace=True)
train_df.Condition2.cat.set_categories(['PosA', 'PosN', 'Norm', 'Feedr', 'Artery', 'RRNn', 'RRNe', 'RRAn', 'RRAe'], ordered=True, inplace=True)
train_df.BldgType.cat.set_categories(['1Fam', 'Duplx', 'TwnhsE', 'TwnhsI', '2FmCon'], ordered=True, inplace=True)
train_df.HouseStyle.cat.set_categories(['1Story', '1.5Unf', '1.5Fin', 'SFoyer', 'SLvl', '2Story', '2.5Unf', '2.5Fin'], ordered=True, inplace=True)
@rcabr
rcabr / Set-CreatorTag.ps1
Last active September 10, 2019 17:34
Tag resource group creator: Automation script
<#
.Synopsis
Searches for resource groups that don't have the 'creator' tag,
searches their Activity Log history for a 'Created' event substatus,
and tags the resource group with a creator tag using the event's Caller as the tag value.
.Description
For resources created more than 90 days ago, no user information will be available.
*The Automation Connection's Service Principal needs to have read/write permissions on Resource Group resources.*
*The Automation Connection's Service Principal needs to be a 'Directory reader' in Azure AD.*
@rcabr
rcabr / Audit-AzureSql-UnauthorizedFirewallRules-AzAutomation.ps1
Created August 22, 2019 15:17
Scans for Azure SQL servers using unauthorized IP addresses in their firewalls. Report. Optionally, remove.
<#
.Synopsis
Scans for Azure SQL servers using unauthorized IP addresses in their firewalls,
groups them by user (by looking for a managedBy tag where the value is an e-mail address),
and sends an e-mail to each user.
.NOTES
AUTHOR: Reuben Cabrera
LASTEDIT: 2019-08-22
#>
@rcabr
rcabr / WebApp-default-IP-restrictions-deploy.json
Created August 12, 2019 17:59
Azure Policy that applies default IP Security Restrictions to a Web App
{
"properties": {
"displayName": "Web App default IP restrictions",
"mode": "indexed",
"description": "Configures Web App IP restriction to allow access from specified public IP addresses",
"metadata": {
"category": "Security v5"
},
"parameters": {},
"policyRule": {
@rcabr
rcabr / arm-deploy-webapp-iprestrictions.json
Created August 9, 2019 19:21
Deploy IP restrictions to a Web App with name 'name'
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
}
},
"resources": [
{
@rcabr
rcabr / Audit-AzureSqlFirewallRules-AzAutomation.ps1
Last active June 4, 2019 18:15
Azure Automation script that scans for Azure SQL servers missing our IP addresses in their firewalls and sends an e-mail with the full list.
<#
.Synopsis
Scans for Azure SQL servers missing our IP addresses in their firewalls and sends a report by e-mail.
.Description
Intended for use from an Azure Automation account.
.NOTES
AUTHOR: rcabr
LASTEDIT: 2019-06-04
@rcabr
rcabr / Get-SubscriptionHierarchyDiagram.ps1
Last active February 22, 2019 19:35
Create Azure mg/subscription hierarchy Mermaid diagram
<#
.SYNOPSIS
Create a Mermaid diagram (https://mermaidjs.github.io/)
that reflects the Azure management group and subscription hierarchy.
.DESCRIPTION
This script assumes prerequisites:
1) The Az module is installed (https://docs.microsoft.com/en-us/powershell/azure/new-azureps-module-az)
2) Azure sign-in is completed (Connect-AzAccount)
3) The signed-in user has the required permissions to enumerate the management groups and subscriptions