Simplifying Azure Built-in Roles for Junior System Admins

Ratings
(1)

Azure Roles also known as Azure RBAC is an authorization system tied to Azure Resource Management for more flexible access and management of Azure resources.

There are over 100 built-in roles. But I will just focus on the following five fundamental Azure roles. Here is a brief description of the roles that can serve as a quick decision guide to determine what role is needed:

 

  1. Owner: able to build, operate and control access.

  2. Contributor: able to build and operate but does not control access

  3. Reader: able to see but leave everything as it is

  4. Role Based Access Control Administrator: able to manage role assignments without privilege of fiddling with policy. 

  5. User Access Administrator: able to control access, assign roles, policies and create customised roles.

 

The Owner, Contributor and Reader roles apply to all resource types while the rest of the roles are resource specific.

 

  • Hits: 154

Related Articles

Automating 3 Tier Web Application Deployment with Ansible

Written by Bobby ABUCHI on .

Here's a step-by-step guide to implementing the playbook:

First Things First

  • You will need a Control Node (Ansible Server): this can be set up with a Linux machine (e.g., Ubuntu, CentOS) with Ansible installed. You can install Ansible using package managers like apt or yum.
  • Then your Target Hosts: these are servers ready for the deployment. The web, app, and db servers set up with a compatible Linux distro with SSH access.
  • Generate SSH keys on the control node and copy the public key to the target hosts for authentication.

Configure the Control Node

  • Install Ansible: sudo apt install ansible (on Ubuntu-based systems) or sudo yum install ansible (on RHEL-based systems).
  • Create a new directory for your project: mkdir my_web_app && cd my_web_app

Create the Inventory File

  • Create a file named hosts.ini in the project directory with the following content:

[web_servers]
web1 ansible_host=<web1_ip>
web2 ansible_host=<web2_ip>

[app_servers]
app1 ansible_host=<app1_ip>
app2 ansible_host=<app2_ip>

[db_servers]
db1 ansible_host=<db1_ip>

Replace <web1_ip>, <app1_ip>, and <db1_ip> with the actual IP addresses of your hosts.

Create the Playbook

Create Templates

  • Create a templates directory in the project directory: mkdir templates
  • Create template files for Nginx, Tomcat, and MySQL configurations (e.g., nginx.conf.j2, tomcat.conf.j2, mysql.conf.j2) in the templates directory.

Run the Playbook

  • Navigate to the project directory: cd my_web_app
  • Run the playbook: ansible-playbook -i hosts.ini deploy_web_app.yml

Verify the Deployment

  • Access the web application by visiting the IP address or domain name of your web server.

Some other things you may need to do include; configuring DNS records to point to your web server's IP address, setting up load balancing and high availability for your web and app servers, firewall rules and security groups to restrict access to your servers. and monitoring your servers' performance and logs to ensure smooth operation.

DevOps and Cloud Engineering

Written by Bobby ABUCHI on .

Core Skills: Azure, Docker, Kubernetes, Jenkins, GitLab Cl, Circle Cl, Ansible, Terraform, Python, Bash, PowerShell

Choosing Tools and Technology for Business Solutions

Written by Bobby ABUCHI on .

As a solutions architect, when deciding on tools and technology to solve a business problem, I consider several factors:

 Ireland | Bobby Abuchi