30 posts tagged with "IaC"

Hello Friends,

Welcome back to Part 2. In Part 1 we covered why Premium SSD creates the oversizing problem, how Premium SSD v2 changes the pricing model, the constraints that shape migration planning, and a PowerShell script to identify candidate disks across a subscription. If you have not read that yet, start there because the zone requirement in particular will come up again here.

In this part we go through the actual migration. The good news is that the process is more direct than most people expect: you deallocate the VM, update the disk SKU in place, and restart. There is no new disk to create, no data to copy, and no disk swap. The existing disk is converted to Premium SSD v2 with the same name and resource ID it always had.

Hello Friends,

One of the projects I was recently involved in brought something to my mind that I have been wanting to write about for a while. The team had a solid Azure footprint, a mature DevOps practice, and a FinOps initiative that was starting to ask the right questions about where the money was actually going. When we pulled the disk inventory, the answer was staring back at us: disk after disk on Premium SSD, sized at 2,048 GiB to reach 7,500 IOPS, running workloads that were using 300 GiB of actual storage. The performance need was driving the disk size, not the other way around, and the team had no idea because that is just how Premium SSD works.

This is exactly the kind of spend that FinOps conversations surface once you get past the shiny dashboards and start looking at the actual resource configuration. You are not paying for something wasteful, you are paying for the model. The billing is working exactly as designed. The problem is the design itself, and Premium SSD v2 changes it entirely. Storage, IOPS, and throughput become three independent dimensions you configure and pay for separately. If you only need 300 GiB and 4,000 IOPS, that is precisely what you provision and precisely what you pay for.

In this three-part series I want to walk through the full picture: why the old model creates this pattern, how to identify which disks in your environment are worth migrating, how the migration itself works, and what to do after migration to keep the economics working in your favour. In Part 2 we go through the direct in-place conversion with PowerShell and Bicep. In Part 3 we cover right-sizing, monitoring, and cost governance after migration.

I had a fantastic time speaking at Global Azure 2025 in Istanbul (May 8–10). The session was recorded and I published the video on YouTube. I am sharing the recording of my talk, "Automating Azure PIM Role Assignments with Terraform". Whether you attended live or couldn’t make it, you can now watch the full session at your convenience.

I'm excited to announce that, continuing my journey since 2017, I will be speaking at the Azure Global Bootcamp 2025 on May 8- 10. This year, I’m eager to share more insights and learnings with the Azure community. Join me as we dive into the latest Azure advancements and tackle current tech challenges together.

Bicep parameter files allow you to define values in an individual file that are then passed to your main Bicep Templates file. The parameter file exposes values that may change from a given subscription, environment, and/or region. Leveraging a parameter file drives consistency in your IaC deployments while providing flexibility. For example, an organization can use these files to right-size nonproduction environments to save costs while maintaining the same core infrastructure across all deployments.

In addition, these parameter files streamline the CI/CD deployment process. Since each parameter file is under source control and passed into the appropriate automated deployment steps, they ensure a consistent and repeatable deployment experience. In this article, we will explore how to create, read, and use a Bicep parameters file via PowerShell.

Hello Folks,

Today, I'll go through a topic that I believe is a real time-saver—one that keeps automation running smoothly and ensures it's effectively integrated into bicep templates. In this article, I'll share my experience with the Bicep deployer() function. I’ll explain how it streamlines the process of provisioning resources like Azure Key Vaults while automating RBAC-based access.

What Is the deployer Function?​

The deployer() function in Bicep returns details about the identity executing the deployment. Essentially, it tells you which service principal or managed identity is running your deployment. I find this incredibly useful because it allows me to reference the deployer’s identity directly in my templates—ensuring that the correct permissions are automatically applied without hardcoding any object IDs for the deployments.

Example output of the deployer() function looks like this:

{
  "objectId": "12345678-1234-1234-1234-123456789abc",
  "tenantId": "87654321-4321-4321-4321-cba987654321"
}

Following an amazing session at Global Azure 2024 - Istanbul, I’m happy to share the recording of my talk, "Deployment stack with Bicep – Insights and Experiences". Whether you attended live or couldn’t make it, you can now watch the full session at your convenience.

🎥 Watch the Recording Here:

I'm excited to announce that, continuing my journey since 2017, I will be speaking at the Azure Global Bootcamp 2024 on April 18-20. This year, I’m eager to share more insights and learnings with the Azure community. Join me as we dive into the latest Azure advancements and tackle current tech challenges together.

I really like the idea of GitHub Codespaces. It is a cloud-based development environment that you can access from anywhere. This approach allows you to develop applications without the need for installing or configuring dependent services or tools locally, providing developers with a uniform method for working on applications and scripts.

Given my passion for Infrastructure as Code (IaC), I wanted to show how I could use GitHub Codespaces to work with Terraform. Before we start, let's take a look at the prerequisites:

• A GitHub account
• You can start with a free account with 60 hours of usage per month for GitHub Codespaces

🧑‍💻Create a new repository​

First, create a new repository in your GitHub account. You can name it whatever you want. I named mine terraform-codespaces.

After creating your repository, look for the Code button and click on it, then choose Codespaces. Next, you'll notice an ellipsis; clicking on this opens the Codespace repository configuration page. Here, you'll find a Configure dev container button—go ahead and click on it.

💥Configure dev container​

In the Configure dev container page, you will see devcontainer.json file is opened and on the right and side you will see marketplace. Search for Terraform and select the Terraform extension.

After adding the Terraform features in the devcontainer.json file, you can save and commit the changes.

{
  "image": "mcr.microsoft.com/devcontainers/universal:2",
  "features": {
    "ghcr.io/devcontainers/features/terraform:1": {}
  }
}

Now, return to the Codespaces section and click on the New codespace button to proceed.

While your Codespace is being created, you see the progress. Once the setup is complete, you'll find yourself in Visual Studio Code with the Terraform CLI installed.

✨Wrapping up​

To confirm the Terraform installation, run the terraform --version command in the terminal, which will display the version of Terraform installed in your Codespace. With this, we've successfully equipped a GitHub Codespace with Terraform, enabling on your Terraform projects without installing Terraform locally. That's it for this post. GitHub Codespaces is a fantastic tool for developers.

Welcome the third part of the blog series SFTP Users for Storage Accounts. In the previous blog post SFTP Users for Storage Accounts - Part 2, we have created containers and local users for the SFTP access. In this blog post, we will use the Azure API to generate the sftp credentials for the local users.