Building Secure Architecture with Bicep.

Name: Building Secure Architecture with Bicep.
Rating: 4.5 (20 reviews)

Building Secure Architecture with Bicep. Implementing private endpoints in Azure.

Created byArtem Mikulich

Last updated 6/2024

English

What you'll learn

Implement secure connectivity with Private Endpoints (Infrastructure as Code)
Automate Role-Based Access Controls (RBAC) deployment
Calculate and define VNet/Subnet IP ranges
Support IaC in multiple environments

Course content

7 sections • 25 lectures • 1h 2m total length

Introduction1:30
Learn to automate Azure infrastructure with Bicep, implement secure connectivity via private endpoints, automate RBAC, and design scalable VNets, subnets, and naming strategies across environments.
Target Architecture1:07
Set up Prerequisites

Target Architecture – App Service Reads a secret from the Key Vault0:31
Learn to store a SQL password secret in a key vault and grant an application service's system assigned identity read access via an access policy, following the minimal permissions principle.
Demo – Deploy KeyVault2:02
Demo – Read the secret from the KeyVault Reference1:58
Demo – Deploy Access Policies3:54
Demo – KeyVault networking options.1:01

Target Architecture – Storage Account + PE + RBAC0:57
Demo – deploy Storage Account + Private Endpoint.2:19
Demo – review and deploy a program code to the App Service.3:29
Review the code that tests connectivity between a storage account and an app service using a blob service client with the default Azure credential and a system-assigned identity.
Demo – deploy RBAC role (Storage Account Reader). Test blob connectivity with Fi3:54
Assign granular permissions for a storage blob using the built-in blob data contributor role in bicep, linking a storage account to a service principal and validating access with test calls.

Requirements

Basic Azure Cloud knowledge
Basic Azure Bicep experience

Description

Following the infrastructure and code approach is a solid long-term investment, and Bicep is the best instrument for automating Azure infrastructure. However, implementing advanced secure solutions, like private endpoints, is often a bigger deal. The amount of information available on the Internet fades quickly as task complexity increases.

My course will give you recipes and insights on organizing, delivering, and maintaining advanced Azure architectures. It is 100% practice-oriented and contains minimal theory.

We will implement a cloud infrastructure comprising app service, storage account, key vault, private endpoints, RBAC, and application insights. We will deploy a test application and test all connections.

You will learn:

How to implement secure connectivity with Private Endpoints.
How to automate Role-based Access Controls (RBAC).
How to deploy Key Vault Access Policies.
How to calculate VNets and subnets IP ranges.
How to support multiple environments with Bicep.
How to define a resource naming strategy.
And much more.

This course will work best for those familiar with bicep, as I won’t stop at the basics, like syntax. However, I included code samples after every demo so you can follow along, even if you haven’t developed with bicep before. I strongly recommend repeating exercises with your own hands to maximize learning efficiency.

Who this course is for:

DevOps who want to harness complex secure architectures
Developers who want to dive deeper into the Infrastructure as Code approach

Building Secure Architecture with Bicep.

What you'll learn

Explore related topics

Course content

Introduction2 lectures • 3min

Deploy basic components6 lectures • 19min

Deploy Key Vault5 lectures • 9min

Deploy Virtual Network5 lectures • 13min

Deploy an Application Code and RBAC4 lectures • 11min

Deploy To Production2 lectures • 8min

Summary1 lecture • 1min

Requirements

Description

Who this course is for: