Jul 24 2022 12:20 AM
Hello Folks !!
Today I have taken a something offbeat topic into my techspace discussion. I will explain a azure architecture , which I have used in my own scenario . I have taken this architecture from azure architecture weblog, which helped me a lot in my current scenario.
This architecture is about DevSecops concept and I will explain each service , which I have used here.
So lets go -----
This architecture is about GitHub security.
Components Explanation -
1) GitHub -
It is a place where developers or code designers will use to push or pull the code. It is a distributed version control system . The code can be pushed via visual studio code or through locally , here we have used Visual Studio code as GitHub code spaces.
Along with GitHub we have put some security features associated with it like Microsoft Azure AD and GitHub security.
2) Azure Active Directory and Multifactor Auth -
Is a multi-tenant, cloud-based identity service that controls access to Azure and GitHub. Azure AD can be configured as the identity provider for GitHub, and multi-factor authentication can be enabled for extra security.
3) GitHub Security -
works to eliminate threats in many ways. Agents and services identify vulnerabilities in repositories and in dependent packages. They also upgrade dependencies to up-to-date, secure versions. It can be used for version maintaining.
4) GitHub Actions -
It is used for deploying the ARM templates , that is used for deploying the code as well as structure provisioning in Azure. It can be used for deploying the PAAS platforms like web apps
5) Azure Resource Manager -
It uses JSON templates to describe the resources involved in deployment. Teams can also manage these template documents by using DevOps tools, like version control, code collaboration, and CI/CD workflows.
6) Azure App Service -
Provides a platform for building and deploying scaling web apps . This platform is often used for patching and scaling of the application in web apps.
7) Azure policy -
Generally helps the IT team , for policy definitions that you make through . For example if you want to deploy web app of particular configuration and during the deployment the policy of making doesn't matches , then the alert which is configured for this get triggered and stops you for making deployment.
8) Microsoft Defender for Cloud -
Provides unified security management for hybrid cloud deployment.
9) Azure Monitor -
Used providing a UI representation for logs and metrics . When this service of azure identifies any irregular conditions , it alerts all the apps and personnel that you have created.
Working of this Architecture
User pushes the code to GitHub repository and whether the user is authentic or not it gets identified by Azure AD where you get the MFA and identity of the user . Then GitHub actions get triggered with a check in GitHub security . GitHub security does the code scanning by the following ways -
Secret Scanning -
It inspects repositories or commits for any tokens, keys, or secrets that appear in code. Other users can be notified that secrets have leaked into public view, and service providers can be notified that one of their secrets leaked. Service providers can optionally revoke or renew the secrets.
Code Scanning -
It inspects code for known vulnerabilities and coding errors. As an example, if a developer leaves a database connection string exposed in code, this feature discovers the secret. GitHub starts the process of obtaining an uncompromised string after verifying its validity with the database.
The GitHub actions start deploying the ARM templates to Azure in which we have written a json code for deploying the web app as infrastructure and the code is the deployed through GitHub actions .
The most important concern how mush costlier this architecture will be...
Cost optimization is always about looking at ways to reduce unnecessary expenses and improve operational efficiencies. It has been always a concern for the IT industries , the client needs a best security architecture with lowest expenses , so here we go -
Thanks and any updates are welcomed...
Jul 27 2022 11:03 AM - edited Jul 27 2022 11:03 AM
Hello! You've posted in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your post to the Azure Architecture space - please post Azure Architecture questions and content here in the future.