About Me

My photo
I am MCSE in Data Management and Analytics with specialization in MS SQL Server and MCP in Azure. I have over 13+ years of experience in IT industry with expertise in data management, Azure Cloud, Data-Canter Migration, Infrastructure Architecture planning and Virtualization and automation. Contact me if you are looking for any sort of guidance in getting your Infrastructure provisioning automated through Terraform. I sometime write for a place to store my own experiences for future search and read by own blog but can hopefully help others along the way. Thanks.

Create shared access signature (SAS) named SAS1 for Storage as exhibit below.

 You have an Azure subscription named Subscription1.

In Subscription1, you create an Azure file share named MyFileShare.

You create a shared access signature (SAS) named SAS1 as shown in the following exhibit.

Write a AZ CLI Code and print the SAS1 value 


Scripts
========
$MyResourceGroup="RG102"
$location="North Europe"
$storageaccountname= "storage16854"

#A virtual network named Paris-VNet that will contain two sub#nets named Subnet1 and Subnet2

# Create a resource group.
az group create --location $location --name $myResourceGroup

az storage account create -n $storageaccountname  -g $MyResourceGroup  --kind StorageV2 --https-only --access-tier Hot --sku Standard_LRS 


az storage share create --account-name $storageaccountname --name myfileshare02

$pkey = az storage account keys list -g $myResourceGroup  -n $storageaccountname   --query [0].value -o tsv


$sastoken = az storage account generate-sas --start '2018-09-01' --expiry '2018-09-14' --permissions rwl --resource-types sco --services f --https-only --account-name storage16852   --account-key $pkey --ip 193.77.134.10-193.77.134.50

$sastoken


AZ CLI Create a Storage account based on below Exhibit

 


Scripts

==========

$MyResourceGroup="RG101"

$location="North Europe"

# Create a resource group.

az group create --location $location --name $myResourceGroup


az storage account create -n storage16852  -g $MyResourceGroup  --kind StorageV2 --https-only --access-tier Hot --sku Standard_LRS 

az network vnet create -g $MyResourceGroup -n storagevnet --address-prefix 10.3.0.0/16 --subnet-name 'subnet3' --subnet-prefix 10.3.1.0/24

az network vnet subnet update --name subnet3 --resource-group $MyResourceGroup --vnet-name storagevnet --disable-private-endpoint-network-policies true

$storage_id=$(az storage account show -g $MyResourceGroup -n storage16852 --query "id"  -o tsv)

$storage_id

az network private-endpoint create --name myPrivateEndpoint --resource-group $MyResourceGroup  --vnet-name storagevnet --subnet subnet3 --private-connection-resource-id $storage_id --group-id blob --connection-name myConnection



AZ CLI - Create multiple VNETS,SUBNETS,Network Peering and DNS Zone.

You plan to create the following networking resources in a resource group named HumongousRG.

Default Azure system routes that will be the only routes used to route traffic

A virtual network named Paris-VNet that will contain two subnets named Subnet1 and Subnet2

A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet

A virtual network named AllOffices-VNet that will contain two subnets named Submit3 and Subnet4


You plan to enable peering between Paris-VNet and AllOffices-VNet. You will enable the Use remote gateways setting for the Paris-VNet peerings. 

You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network.

$MyResourceGroup="HumongousRG"

$location="eastus"

#A virtual network named Paris-VNet that will contain two sub#nets named Subnet1 and Subnet2

# Create a resource group.

az group create --location $location --name $myResourceGroup

az network vnet create -g $MyResourceGroup -n Paris-VNet --address-prefix 10.0.0.0/16 --subnet-name Subnet1 --subnet-prefix 10.0.1.0/24

az network vnet subnet create -g $MyResourceGroup --vnet-name Paris-VNet -n MySubnet --address-prefixes 10.0.2.0/24 

#A virtual network named ClientResources-VNet that will contain one subnet named ClientSubnet

az network vnet create -g $MyResourceGroup -n ClientResources-VNet --address-prefix 10.1.0.0/16 --subnet-name ClientSubnet --subnet-prefix 10.1.1.0/24

#A virtual network named AllOffices-VNet that will contain two subnets named Subnet3 and Subnet4

az network vnet create -g $MyResourceGroup -n AllOffices-VNet --address-prefix 10.2.0.0/16 --subnet-name 'subnet3' --subnet-prefix 10.2.1.0/24

az network vnet subnet create -g $MyResourceGroup --vnet-name 'AllOffices-VNet' -n Subnet4 --address-prefixes 10.2.2.0/24 

az network vnet peering create -g $MyResourceGroup -n Paris-VNetToAllOffices-VNet --vnet-name Paris-VNet --remote-vnet AllOffices-VNet  --allow-vnet-access --allow-forwarded-traffic

az network vnet peering create -g $MyResourceGroup -n AllOffices-VNetToParis-VNet --vnet-name AllOffices-VNet --remote-vnet Paris-VNet  --allow-vnet-access --allow-forwarded-traffic

You plan to create a private DNS zone named humongousinsurance.local and set the registration network to the ClientResources-VNet virtual network

===========================================================================


az network private-dns zone create -g $MyResourceGroup -n humongousinsurance.local

az network private-dns link vnet create --resource-group $MyResourceGroup --zone-name  "humongousinsurance.local" --name MyDNSLink --virtual-network ClientResources-VNet --registration-enabled true

Manage storage account keys with Key Vault and the Azure CLI

$myResourceGroup="rg-fhpl-use-qa"

$location="eastus"

$storagename = "stousefhplqa"

$container = "mybackupcontainer"

$ADE_KV_NAME = "keyvault-common-fhpl-qa"

$nameofsecret = "secnamefhplqa"

$upnname = "XXXXX.onmicrosoft.com" # put your valid upn name here

$subsid = "9239f519-XXXX-4e92-XXXX-c84d53XX3714"

# Create a resource group.

az group create --location $location --name $myResourceGroup

# Create a Storage Account

az storage account create --name $storagename --resource-group $myResourceGroup --location $location --sku Standard_LRS --kind=StorageV2

# Create a storage container

az storage container create --account-name $storagename --name $container

az keyvault create --name $ADE_KV_NAME --resource-group $myResourceGroup --location $location --sku premium 

echo "- Key vault: $ADE_KV_NAME"

#

az role assignment create --role "Storage Account Key Operator Service Role" --assignee 'https://vault.azure.net' --scope "/subscriptions/$subsid/resourceGroups/$myResourceGroup/providers/Microsoft.Storage/storageAccounts/$storagename"

az keyvault set-policy --name $ADE_KV_NAME  --upn $upnname  --storage-permissions get list delete set update regeneratekey getsas listsas deletesas setsas recover backup restore purge

# Give your user principal access to all storage account permissions, on your Key Vault instance

az keyvault storage add --vault-name $ADE_KV_NAME -n $storagename  --active-key-name key1 --auto-regenerate-key --regeneration-period P1D --resource-id "/subscriptions/$subsid/resourceGroups/$myResourceGroup/providers/Microsoft.Storage/storageAccounts/$storagename" 

$pkey = az storage account keys list -g $myResourceGroup  -n $storagename   --query [0].value -o tsv

$sastoken = az storage account generate-sas --expiry '2022-12-31' --permissions cdlruwap  --resource-types sco --services bfqt --https-only --account-name $storagename   --account-key (az storage account keys list -g $myResourceGroup  -n $storagename   --query [0].value -o tsv)

$sastoken

az keyvault storage sas-definition create --vault-name $ADE_KV_NAME  --account-name $storagename -n $nameofsecret --validity-period P1D --sas-type account --template-uri $sastoken

az keyvault storage sas-definition show --id "https://$ADE_KV_NAME.vault.azure.net/storage/$storagename/sas/$nameofsecret" 

az keyvault secret show --id "https://$ADE_KV_NAME.vault.azure.net/secrets/$storagename-$nameofsecret"