setup your local k8 environment with kubectl auto completion

 # set alias and make permanent

echo 'alias k=kubectl' >> ~/.bashrc

# add bash completion for kubectl
apt update && apt install -y bash-completion
echo 'source <(kubectl completion bash)' >> ~/.bashrc

# source the bash completion script 
echo 'source /usr/share/bash-completion/bash_completion' >> ~/.bashrc

# setup completion for kubectl
echo 'complete -o default -F __start_kubectl k' >> ~/.bashrc

# source our bashrc to use within the bash shell
source ~/.bashrc

Reference:

https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#enable-kubectl-autocompletion

Get Ports in use on windows

 To get a list of bound ports in use, try this PowerShell command line:

Get-NetTCPConnection -State Bound | ForEach-Object {$p = (Get-Process -Id $_.OwningProcess);New-Object -TypeName psobject -Property @{ "LocalPort" = $_.LocalPort; "PID" = $p.Id; "ProcessName" = $p.Name; }} | Format-Table -AutoSize -Property PID, ProcessName, LocalPort

or you can also use

The command "netstat -anob" shows all in-use ports 

Cloud Security Lifecycle

 

By integrating these six components into their security practices, organizations can establish a robust and holistic Azure Cloud Security Lifecycle. This approach helps safeguard cloud assets, respond effectively to security incidents, and continuously improve the overall security posture within the dynamic and evolving Azure cloud environment.

Identify:

In the identification phase, organizations establish a comprehensive understanding of their cloud environment, including assets, users, and potential risks. This involves defining roles, responsibilities, and mapping out the cloud infrastructure. Azure provides tools for identity and access management, such as Azure Active Directory (AD), to centralize and manage user identities securely. Utilizing features like Azure Resource Graph and Azure Policy assists in gaining visibility into resources and enforcing compliance.

 

Protection:

Protection is centered around implementing safeguards and security measures to minimize vulnerabilities and potential threats. Azure offers a range of security controls, including Network Security Groups (NSGs), Azure Firewall, and Azure DDoS Protection, to safeguard against unauthorized access and network-based attacks. Utilizing Azure Security Center helps organizations implement and manage security policies, monitor the security state, and respond to potential security threats

Detect:

Detection involves continuous monitoring to identify and respond promptly to security incidents.      Azure Security Center, Azure Monitor, and Azure Sentinel are instrumental in providing real-time insights into the security posture of the cloud environment. These tools enable the detection of unusual activities, potential threats, and security vulnerabilities. Employing Azure Security Center's threat detection capabilities and leveraging Azure Monitor for logging and analytics contribute to a proactive detection strategy

Respond:

When a security incident is detected, the response phase involves taking immediate and effective actions to mitigate the impact. Azure Security Center's automated responses, such as playbooks and alerts, facilitate a swift response to security incidents. Azure Sentinel, a cloud-native SIEM (Security Information and Event Management) solution, aids in orchestrating and automating responses to security events, enhancing the efficiency of incident response teams

Recover:

The recovery phase focuses on restoring normal operations after a security incident. Azure Backup and Azure Site Recovery offer solutions for data backup, disaster recovery, and business continuity. By regularly backing up data and creating recovery plans, organizations can ensure minimal downtime and rapid restoration of services in the event of a security incident. Azure's recovery services contribute to a robust recovery strategy

Govern:

Governance involves establishing policies, procedures, and controls to ensure ongoing compliance and adherence to security best practices. Azure Policy allows organizations to define, enforce, and audit compliance with policies across their Azure environment. Azure Blueprints enables the creation of repeatable, standardized environments that comply with organizational standards. Azure Governance and Management Groups assist in implementing consistent governance across subscriptions 

‘D:\home\site\wwwroot\host.json’ is denied.

 Function App will not start or deployment will thrown an error as below:

'D:\home\site\wwwroot\host.json' is denied.

If you receive a System.UnauthorizedAccessException with a message Access to the path ‘D:\home\site\wwwroot\host.json’ is denied, 

then mostly likely access from functionapp to the Azure Storage Account is being blocked where Azure Function is hosted.  

1) Check if your functionapp is restricted to a specific VNET  as shown below:

If it is not configured to a specific VNET then make sure the storage account where the function app is hosted has selected "ALL Networks" as shown below

If the function app is configured to a specific VNET then make sure the storage account where the function app is hosted has selected "Specific Networks" and the VNET is selected from the listed as shown below

How to import a resource in terraform if not is not being managed already

 If a cloud resource is not being managed by your terraform scripts then in the below post I will show you how you can make terraform mange it.

I have a resource already created by ARM templates but now I want it managed by terraform.

Ex:-

azurerm_subnet.app-subnet: Creating...

azurerm_subnet.app-subnet: Creating...

 Error: A resource with the ID "/subscriptions/12XXXXXXX058f0/resourceGroups/XXXcare-rg/providers/Microsoft.Network/virtualNetworks/datacare-vnet/subnets/xxxcare-appsubnet" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet" for more information.

  on main.tf line 29, in resource "azurerm_subnet" "app-subnet":

   29: resource "azurerm_subnet" "app-subnet" {

Now if we want terraform to manage this resource we need to add (import) this resource into the state file. 

First get the resource id of this resource from properties blade.

Then use the below command to import the resource into the state file.

terraform import azurerm_subnet.app-subnet /subscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet

Ex:-

samshaik@shaikprod:~/terraform/azure/confluence$ terraform import azurerm_subnet.app-subnet /subscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet

azurerm_subnet.app-subnet: Importing from ID "/subscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet"...

azurerm_subnet.app-subnet: Import prepared!

  Prepared azurerm_subnet for import

azurerm_subnet.app-subnet: Refreshing state... [id=/ssubscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet]

Import successful!

The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.

Now create the plan again:

samshaik@shaikprod:~/terraform/azure/confluence$ terraform plan -out confluencedev.plan

Plan: 3 to add, 0 to change, 1 to destroy.

Saved the plan to: confluencedev.plan

To perform exactly these actions, run the following command to apply:

    terraform apply "confluencedev.plan"

Now apply the plan to create the resources:

Plan: 3 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

  Terraform will perform the actions described above.

  Only 'yes' will be accepted to approve.

  Enter a value: yes