
Learn to automate Azure infrastructure with Bicep, implement secure connectivity via private endpoints, automate RBAC, and design scalable VNets, subnets, and naming strategies across environments.
Learn to store a SQL password secret in a key vault and grant an application service's system assigned identity read access via an access policy, following the minimal permissions principle.
Secure the key vault by restricting access to the VNet. Use a VNet with default and apps subnets, delegated to the app service, and cidr notation for IP ranges.
Review the code that tests connectivity between a storage account and an app service using a blob service client with the default Azure credential and a system-assigned identity.
Assign granular permissions for a storage blob using the built-in blob data contributor role in bicep, linking a storage account to a service principal and validating access with test calls.
Add a production parameters.json and allowed environment input to enforce dev and prod names, plan VNet CIDRs to avoid IP clashes, and parameterize IPs for key vault and storage.
Following the infrastructure and code approach is a solid long-term investment, and Bicep is the best instrument for automating Azure infrastructure. However, implementing advanced secure solutions, like private endpoints, is often a bigger deal. The amount of information available on the Internet fades quickly as task complexity increases.
My course will give you recipes and insights on organizing, delivering, and maintaining advanced Azure architectures. It is 100% practice-oriented and contains minimal theory.
We will implement a cloud infrastructure comprising app service, storage account, key vault, private endpoints, RBAC, and application insights. We will deploy a test application and test all connections.
You will learn:
How to implement secure connectivity with Private Endpoints.
How to automate Role-based Access Controls (RBAC).
How to deploy Key Vault Access Policies.
How to calculate VNets and subnets IP ranges.
How to support multiple environments with Bicep.
How to define a resource naming strategy.
And much more.
This course will work best for those familiar with bicep, as I won’t stop at the basics, like syntax. However, I included code samples after every demo so you can follow along, even if you haven’t developed with bicep before. I strongly recommend repeating exercises with your own hands to maximize learning efficiency.