GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”
•
0 j'aime•25 vues
24 листопада відбувся вебінар від .NET Community – “Azure RBAC and Managed Identity”. Спікер: Євген Павленко – Senior Software Engineer, GlobalLogic. Розповіли, що таке Azure RBAC (Role Base Access Control) і як він працює, для чого нам Azure Managed Identity та як звільнитись від використання паролів-секретів при використанні Azure. Деталі заходу: https://bit.ly/3GSBvRx Відкриті .NET-позиції у GlobalLogic: https://bit.ly/3ilJYCq Долучитись до .NET Community у Facebook: https://www.facebook.com/groups/communitydotnet
Recommandé
Recommandé
Contenu connexe
Similaire à GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”
Similaire à GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity” (20)
Plus de GlobalLogic Ukraine
Plus de GlobalLogic Ukraine (20)
Dernier
Dernier (20)
GlobalLogic .NET Webinar #2 “Azure RBAC and Managed Identity”
- 1. 1 Azure RBAC and Managed Identity Ievgen Pavlenko Senior Software Engineer
- 2. 2 2 Azure role-based access control
- 3. 3 Authentication is the process of proving that you are who you say you are. Authentication Authorization is the act of granting an authenticated party permission to do something. Authorization
- 4. 4 What is Azure Active Directory? • Azure Active Directory (Azure AD) is a cloud-based identity and access-management solution. It helps you secure internal, external, and customer identities.
- 5. 5 What is Azure RBAC? • Azure role-based access control (Azure RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure. With Azure RBAC, you can grant the exact access that users need to do their jobs.
- 6. 6 How Azure RBAC works?
- 8. 8 8 Demo
- 9. 9 9 Managed Identities for Azure resources
- 10. 10 How to connect to Azure Resource - Azure SQL • Connection String with Credential Server=tcp:abc.database.windows.net,1433;Initial Catalog=demo;Persist Security Info=False;User ID={your_username}; Password={your_password}; - Azure storage • Connection String with AccountKey DefaultEndpointsProtocol=https;AccountName=sa;AccountKey={AccountKey}; EndpointSuffix=core.windows.net - Service bus • Connection String with SharedAccessKey Endpoint=sb://abc.servicebus.windows.net/;SharedAccessKeyName=RootMan ageSharedAccessKey;SharedAccessKey={SharedAccessKey}
- 11. 11 Secrets … • Secrets can be - Leaked/stolen - Accidently checked into source control - Expire • Secret has complicated lifecycle management Account Keys Username / Password SAS Keys Application secret Secrets are like a “bomb”
- 12. 12 Managing workloads that authenticating to cloud services Create principal Grand permissions Store credentials on resource Rotate secrets Remove principal Create Azure resource Delete resource A better way: Managed identities for Azure resources Create Azure resource with managed identity Grand permissions Delete resource
- 13. 13 I can use managed identities when Target Azure Key Vault Azure Data Lake Azure SQL Azure App Configuration Azure Event Hubs Azure IoT Hub Azure Service Bus Azure Storage blobs Azure Analysis Services … Source Azure VMs Azure VMSS Azure App Service Azure Functions Azure Logic Apps Azure Data Factory V2 Azure Container Instances Azure Kubernetes Azure Service Fabric … that accesses
- 14. 14 Identity to resource assignment Identity Authentication & Authorization Azure Storage Account, Service Bus, etc. Azure Service Managed identities types Built-in garage door remote Hand-help garage door remote Azure resource App Service, Function, Logic App, etc. Built-in garage door remote: System-assigned managed identity Hand-help garage door remote: User-assigned managed identity
- 15. 15 Managed identities types • Azure creates an identity in Azure AD • Created as part of an Azure resource • Credentials are provisioned on the instance • Life-cycle is directly tied to the Azure Service Instance System-assigned managed identity • Azure creates an identity in Azure AD • Created as a stand-alone Azure resource • Identity can be assigned to one or more instances • Life-cycle is managed separately from life-cycle of the Azure Service User-assigned managed identity
- 16. 16 How does the managed identities for Azure resources work?
- 17. 17 17 Demo
- 18. 18 Resources RBAC • https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles • https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provid er-operations Managed Identities • https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/managed-identities-status • https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure- resources/services-azure-active-directory-support • https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?v iew=azure-dotnet
- 19. 19 19 Thank you!