Do you ever find yourself face this kind the situation: You are told to provision new resources with ARM templates to an existing resource group that already has VMs and vNets built and running. How can you add new subnets and VMs to the resource group without breaking those ones already there?
Unlike AWS Cloud Formation Templates, Microsoft ARM Templates do not provide “Update” option for past deployments. In order to modify the existing environment, the usual option is to make the change through CLI, PowerShell or Azure portal.
Office 365 has high SLAs (the latest English version) backed by Microsoft’s excellent Azure Cloud. However, like every other cloud services, there is always the chance for something unexpected to happen.
This year April Office 365 had a major hiccup to its service. Its Asia Pacific backend Azure AD authentication went haywire. As a result, users lost access all O365 services. To make it worse, the usual Office 365 monitoring channel: Office 365 dashboard was not accessible due to this fault.
I had a long holiday in China recently. It had been a fun and eyes opening trip. Feels like the whole nation is in the middle of a “technology revolution”. Among all, Internet has become one of the core driving force. But while Wifi beomces a life essential here, the infamous Great Firewall (GFW) is also getting more effective. After tried numbers of paid and free VPN providers, I just could not find a reliable VPN service to simply let me post a picture on Facebook.
In my last article, I discussed the steps to setup AWS SSO through Azure AD. By using Azure AD app roles, we are able to use our Azure AD accounts to access AWS Console. But with this measure, you will find there is no option in AWS IAM to generate Access Key and Secrete for CLI and API access.
Fortunately, we are not the only ones out there have this problem.
As organization acquires more AWS accounts, it becomes quite a challenge for IT to manage the access to all those accounts. Instead of dealing with individual IAM accounts across multiple accounts. We need an identity solution to simplify the user access provision and removal process.
AWS itself offers a service called AWS SSO, which allows integrate AWS access with on premise AD through SAML. However, the service does incur charges and will require provision of an AD Connect appliance in AWS, if you don’t already have ADFS in place(Yes, it has the same name as Azure AD Connect).
Tom Tech Blog