Cumulus Savings - Blog

  • FinOps - Budget and Alerts

    Published on 2023-10-30

    In my previous post, I demonstrated how to add budget guardrails to the pull request process and check estimated costs of the environment based on Terraform code (IaC) using the Infracost tool. In this post, we will add a budget and alerts as part of our Terraform code. With Terreform we can configure the budget on the following resources and in our scenario we will configure it on the Resource Group.

  • FinOps - IaC pipeline cost control

    Published on 2023-10-03

    With a wide cloud adoption and cloud-first approach, every company is using cloud resources now. Due to its nature resources are available on demand and IaC (Infrastructure as a Code) can be provisioned whenever it is required. This flexibility comes with a cost and has to be managed to provide a balance between speed/cost of development and cost-efficient architecture. FinOps is a practice of managing costs in the cloud and introducing finance to the DevOps development cycle.

  • Azure Monitor Agent VM extension with Terraform

    Published on 2023-01-16

    Logging requirement is part of good practice and security frameworks like ISO and NIST. It is desirable to implement it from day one into your architecture. Microsoft offers a Log Analytics Workspace where you can store logs and virtual machine extensions to send data from a guest operating system, like performance metrics and system events (Windows or Linux). The Log Analytic Agent we used in the past won’t be supported as of 2024-08-31.

  • DevSecOps - DAST scanning in Azure DevOps

    Published on 2022-11-28

    One of the elements of DevSecOps pipeline is DAST (Dynamic Application Security Testing) scanning. In this post, we will scan a web application with Dastardly recently released by PortSwigger (producer of Burp Suite Enterprise Edition and Burp Suite Professional) as part of the Azure DevOps pipeline. To find out more about the Dastardly tool, please visit the documentation page. Dastardly is coming as a docker image which is very handy for a modular approach and can be run as a simple pipeline task.

  • DevSecOps - inviting security to the DevOps party

    Published on 2022-11-14

    DevSecOps is a concept of injecting security tests and controls into the early stages of the software development life cycle (SDLC) for an application or infrastructure if it is deployed in an automated manner (Infrastructure as a code). This approach allows organisations to detect security defects and address any concerns earlier in the process. It is also called shifting left as it involves security from day one rather than waiting till the last stage just before deployment to production which is very common with the waterfall deployment model.

  • How to scan a container for vulnerabilities and publish results as a part of Azure DevOps CI/CD pipeline

    Published on 2021-09-08

    In my previous post, I have described how to run static code analysis on infrastructure as code (IaC) terraform scripts with the use of tfsec scanner. In this post, we will look into container security. We will build a sample container, scan it for security vulnerabilities with Trivy from AquaSec, publish scan results to Azure DevOps and publish the container to Docker Hub. Pipeline Build pipeline is defined in a YAML script (azure-pipelines-dm12.

  • How to validate terraform script and run security static code analysis as a part of Azure DevOps CI/CD pipeline

    Published on 2021-07-12

    In my previous post, I have described how to create and test SQL Server and required infrastructure in Azure. In this post, we will update the build pipeline to validate terraform syntax and introduce SAST (Static Application Security Testing) to validate infrastructure as code (IaC) scripts before publishing artifacts. There are many static analysis security scanner available for terraform scripts like tfsec, terrascan or Snyk. In our example we will use tfsec as part of our DevSecOps pipeline.

  • How to expose secret variables in Azure DevOps

    Published on 2021-02-01

    Variables are used to parametrise deployment in Azure DevOps pipelines. Occasionally for troubleshooting purposes, we have to check if variables are correct. With plain text variables, it is not a problem however with secret variables it is more complicated. In this post, we will run a pipeline with PowerShell step to expose it. Variable First, we will create two variables as part of our release pipeline. Variable name Variable value plain_text_variable plaintextvariable secret_variable secretvariable When we change a variable to the secret one, it becomes masked in Azure DevOps portal.

  • How to build and test SQL server within Azure DevOps CI/CD pipeline

    Published on 2021-01-18

    In my previous post, I have described how to create a cloud lab environment with SQL Server VM (IaaS) based on Microsoft image from Azure Marketplace. In this post, we will run it as part of CI/CD pipeline and run Pester tests to validate the configuration. All scripts have been updated to Terraform 0.14 and Pester 5, and are available in the Cumulus Savings - blog GitHub repository. Pipelines First, we will create a pipeline with two stages, to build and destroy the entire environment with Domain Controler, Azure build agent and SQL server.

  • How to configure cloud lab with Azure DevOps agent and DC in Terraform

    Published on 2020-11-10

    In my previous post, I have described how to create a cloud lab environment with Azure DevOps Agent and Domain Controller in Azure with use of Terraform. In this post, we will create SQL Server VM (IaaS) based on Microsoft image from Azure Marketplace with use of Terraform. And customise it with PowerShell and SQL scripts. SQL Server on virtual machines is closest to the on-premises installation of SQL server.

  • How to configure cloud lab with Azure DevOps agent and domain controller in Terraform

    Published on 2020-08-10

    In my previous post, I have described how to use Azure VM extensions. In this post, we will install and configure Azure DevOps agent and the domain controller for our cloud lab. We will install our own Azure DevOps agent (aka VSTS agent) on Windows 2019 core. Microsoft is providing a cloud-based build agent which you can use for building your software however it will not meet our requirements in this case.

  • How to configure Azure VM extension in Terraform

    Published on 2020-06-25

    In my previous post, I have described how to use Pester framework for infrastructure testing and how to incorporate it into Azure DevOps pipeline. Now I would like to describe how to use VM extensions in Terraform script. It will allow us to customize our VMs further. One of the extensions require a Domain Controller and we will create it in the first step. All scripts are available in the Cumulus Savings - blog GitHub repository.

  • Test configuration in Azure DevOps CI/CD pipeline with use of Pester framework

    Published on 2020-05-05

    In my previous post, I have described how to create an Azure DevOps pipeline to build and destroy the SQL server. Now I will describe how to add and run tests as part of the deployment pipeline with use of Pester module. All scripts are available in Cumulus Savings - blog, Github repository. Pester PowerShell module is a test framework (home page and GitHub repository) you can use for writing tests in TDD (test-driven development) environment.

  • Azure DevOps pipeline to build and destroy SQL server

    Published on 2020-03-09

    In my previous post, I have described how to build SQL servers in Azure with a single terraform apply command. Now I will describe how to configure release pipeline in DevOps Azure to build, destroy this environment and how to enable approval before destroying step. Before we create a release pipeline we will need few prerequisites: storage account, variables in variable group and artifact with a code to use. All scripts are available in Cumulus Savings - blog, Github repository.

  • Automated SQL Servers Build in Azure With a Single Terraform Command

    Published on 2020-01-27

    In my previous post, I have described how to build a simple SQL server with the use of Terraform. Now I will describe how to parametrise and prepare it for automated deployment with a single command. We will use a manifest file to specify all required variables and service principal for authentication to Azure so we do not have to log in manually. All scripts are available in Cumulus Savings - blog, Github repository.

  • Naming and tagging in Azure

    Published on 2020-01-06

    With a speed of creating destroying and changing objects in agile environments naming and tagging is extremely important. If it is done right you will have all the information you require available straight away if not you will spend hours looking for it over and over again. There are many naming conventions and policies, the one described below is amalgamate of all good things which I have come across in multiple naming policies and adjustments which works better for me.

  • Building SQL Server in Azure with Terraform

    Published on 2019-11-20

    DevOps movement and CI/CD (continuous integration / continuous delivery) are getting more and more traction at the moment and I would like to show you how to build SQL Server in Azure, like infrastructure as a code with the use of Terraform. Terraform is very popular an open-source tool to create and deploy infrastructure as a code. This tool is platform agnostic with a wide range of providers it can be used to implement infrastructure in the cloud platforms from Azure, AWS or Digital Ocean or even on-premises with VMware vSphere or Nutanix.