The main advantage of using a managed identity is that you don’t need to specify any credentials in your code. You don’t have to look for ways to store your credentials securely. Unfortunately there’s one problem. Managed identities can only be used with the HTTP connector. Use the HTTP connector with a managed identity to access Azure Key Vault. Use a service principal to access Azure Event Grid.
It’s tempting to import the Swagger file of a backend service into API Management and make it easy for yourself. It’s better to define the contract first and then ask the service providers to conform to this definition as much as possible.
The traditional approach to parameterize logic apps and/or API Management services is to use parameter files. As an alternative to parameter files, you can use variable groups in your DevOps release definition. Variable groups can be maintained by operators who have access to your DevOps team project.
When you use the DevOps release pipeline, it can sometimes be hard to understand the failure messages. In that case, you can go to the resource group in the Azure Portal and select menu option Deployments. You will find extra details the same error, which can be very helpful.
When creating an ARM template via the APIManagementTemplateCreator, you will have to add a versionset resource for versioned APIM services. This post provides guidance on adding a versionset.
SendGrid must be explicitly allowed to send mails from a specific domain. We can use the Sender Policy Framework (SPF). SPF is an open standard aimed at preventing sender address forgery. It compares the email sender’s actual IP address to a list of IP addresses authorized to send mail from that domain.
A common scenario is where you have a vast number of external customers that need access to a set of company services. To add security to the backend service, you can create an application in Azure AD and next add an inbound policy to login to AAD using Graph.
When you add a Resource Deployment step in a release pipeline, you will have to select an Azure Resource Manager service connection (or service principal) instead of the subscription itself. Add the Azure Resource Manager service connection via the DevOps Team project settings. Don’t forget to add your account to DevOps Release Administrators and Project Administrators.
Suppose you want to move on-premise file storage to Azure File Storage. If you need to stick to file storage (not blob storage), consider using HubStor, Storage Migration Service and Azure File Sync. Keep the file storage footprint small and move to cheaper blob storage tiers.
Suppose you want to select rows in a table using optional parameters. That’s a quite common requirement. In the where clause ou can ycheck whether the attribute is empty or if there is an attribute match.