AZ-104 Notes
Azure VNET
Creating VNET's
When creating VNET's, you need:
Subscription ID
Resource Group
Virtual Newtork name
Prefix Address
When creating Virtual Subnets, you need:
Subscription ID
Resource Group
Virtual Network name
Subnet name
Prefix Addresses
If creating your subnet in the same sequence as your vnet:
subscription id
resource group
name (of your vnet)
address-prefix (for your vnet)
subnet-name
subnet-prefix
location of your vnet
VNet Peering
Discover IP's for items in a resource group:
Name PrivateIP PublicIP
AppServer 10.0.0.4 13.72.84.165 DataServer 10.0.1.4 13.68.240.211
Control access to Azure Storage with shared access signatures
Authorization options for Azure Storage
Public access
Azure Blobs / Containers
There are two separate settings that affect public access:
The Storage Account. Configure the storage account to allow public access by setting the AllowBlobPublicAccess property. When set to true, Blob data is available for public access only if the container's public access setting is also set.
The Container. You can enable anonymous access only if anonymous access has been allowed for the storage account. A container has two possible settings public access: Public read access for blobs, or public read access for a container and its blobs. Anonymous access is controlled at the container level, not for individual blobs. This means that if you want to secure some of the files, you need to put them in a separate container that does not permit public read access.
Azure Active Directory
Use the Azure AD option to securely access Azure Storage without storing any credentials in your code. AD authorization takes a two-step approach. First, you authenticate a security principal that returns an OAuth 2.0 token if successful. This token is then passed to Azure Storage to enable authorization to the requested resource.
Use this form of authentication if you're running an app with managed identities or using security principals.
Configure Azure App Service
Secure an App Service
Logging and tracing If you enable application logging, you will see authentication and authorization traces directly in your log files. If you see an authentication error that you didn’t expect, you can conveniently find all the details by looking in your existing application logs. If you enable failed request tracing, you can see exactly what role the authentication and authorization module may have played in a failed request. In the trace logs, look for references to a module named EasyAuthModule_32/64.
Configure Azure Container Instances
Implement Container Groups
Common scenarios
Multi-container groups are useful in cases where you want to divide a single functional task into a small number of container images. These images can then be delivered by different teams and have separate resource requirements. Example usage could include:
A container serving a web application and a container pulling the latest content from source control.
An application container and a logging container. The logging container collects the logs and metrics output by the main application and writes them to long-term storage.
An application container and a monitoring container. The monitoring container periodically makes a request to the application to ensure that it's running and responding correctly, and raises an alert if it's not.
A front-end container and a back-end container. The front end might serve a web application, with the back end running a service to retrieve data.
Review the Docker Platform
Useful Docker terminology
You should be familiar with the following key terms before using Docker and Container Instances to create, build, and test containers:
Container. Container is an instance of a Docker image. It represents the execution of a single application, process, or service. It consists of the contents of a Docker image, an execution environment, and a standard set of instructions. When scaling a service, you create multiple instances of a container from the same image. Or a batch job can create multiple containers from the same image, passing different parameters to each instance.
Container image. Container image refers to a package with all the dependencies and information required to create a container. The dependencies include frameworks and the deployment and execution configuration that a container runtime uses. Usually, an image derives from multiple base images that are layers stacked on top of each other to form the container's file system. An image is immutable once it has been created.
Build. Build refers to the action of building a container image based on the information and context provided by the Dockerfile. The build also includes any other files that are needed. You build images by using the Docker docker build command.
Pull. Pull refers to the process of downloading a container image from a container registry.
Push. Push refers to the process of uploading a container image to a container registry.
Dockerfile. Dockerfile refers to a text file that contains instructions on how to build a Docker image. The Dockerfile is like a batch script. The first line identifies the base image. The rest of the file includes the build actions.
Manage Virtual Machines with the Azure CLI
Creating VM's
Resource Group
Name
Location
vnet-name
subnet
image
admin username
admin password