Taswar Bhatti
The synonyms of software simplicity
Azure Weekly Digest by Taswar Bhatti

Five Highlights Thursday – 14th April 2023 Edition

Taswar Bhatti April 14, 2023 No Comments

This is my first newsletter on LinkedIn and I wanted to keep this newsletter short and sweet. Thus I only wanted to share 5 Highlights from Microsoft Azure, that I find interesting and insgihtful. Five Highlights Thursday – 14th April 2023 Edition

1. TeknoSA Customer Story

Learn how a retailer in Turkiye – Teknosa detects attacks 18 times faster by using Microsoft Security Solutions.

2. MEA – 30 Days of Open AI

Want a summary of Week 1 of 30 Days to learn Open AI, then this video is a must watch.

3. Microsoft Security Copilot

Want to learn about how to empower defenders at the speed of AI, then you have to read and watch this post on Microsoft Security Copilot.


4. Connected Learning Experience

Want to boost your data and AI skills, why not try Microsoft Azure CLX.


5. Microsoft Build May 23-25 2023

The session catalog is ready for Microsoft Build, there is still time to register for Microsoft Build. It will be a hybrid event.


You can complement this edition of 5 Highlights Thursday with our MEA Developer Channel on YouTube where we have weekly interviews and learning material on Microsoft Azure, and much more.
And, as always, please give me feedback on LinkedIn. Which bullet above is your favorite? What do you want more or less of? Other suggestions? Please let me know.

Last by not least, know someone who might be interested in this newsletter? Share it with them.
Subscribe on LinkedIn
Have a wonderful Thursday :).

Azure, Newsletter
, ,
Microsoft Azure

What is IaaS, PaaS and SaaS in Microsoft Azure?

Taswar Bhatti January 9, 2023 No Comments
Fundamentals are the building blocks of fun.Mikhail Baryshnikov

Continuing on towards our learning cloud computing and Microsoft Azure, lets go over what is IaaS, PaaS and SaaS in Microsoft Azure?.

Definitions

IaaS

IaaS

IaaS (Infrastructure as a Service) : refers to the delivery of computing resources, such as servers, storage and networking, over the internet. This allows companies to rent, rather than own, the infrastructure that they need to run their applications and services. Examples of IaaS Cloud providers include Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform, etc.

Restaurant Analogy
If we use a restaurant analogy then IaaS can be compared to a restaurant that rents out its kitchen space to different chefs. The chefs can come in, use the kitchen’s equipment (such as ovens, stoves, and utensils) to cook their own dishes, and serve them to their customers. The restaurant provides the infrastructure (kitchen space and equipment) and the chef provides the recipe and cooks the dishes.

IaaS Advantages:

  • Agility. Applications can be made accessible quickly, removed and decommisioned whenever needed.
  • No CapEx. There is no up-front costs.
  • Consumption-based model. Organizations pay only for what they use and operate under an Operational Expenditure (OpEx) model.
  • Flexibility. IaaS is the most flexible cloud service because you have control to configure and manage the hardware running your application.
  • Management. The shared responsibility model applies; the user manages and maintains the services they have provisioned, and the cloud provider manages and maintains the cloud infrastructure.
  • Skills. No deep technical skills are required to deploy, use, and gain the benefits of a public cloud. Organizations can use the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available.
  • Cloud benefits. Organizations can use the skills and expertise of the cloud provider to ensure workloads are made secure and highly available.
PaaS

PaaS

PaaS (Platform as a Service): builds on top of IaaS by providing a platform for developers to create and run their applications, without having to manage the underlying infrastructure. PaaS providers typically offer a range of tools and services for building, testing, deploying and scaling applications. Examples in Microsoft Azure includes, Azure Active Directory, Azure SQL Server, Azure HDInsight, etc. Other similar platform of PaaS includes Heroku, Salesforce Lightning Platform and Google App Engine.

Restaurant Analogy
Again with a restaurant analogy PaaS (Platform as a Service) can be compared to a restaurant that not only rents out its kitchen space, but also provides the chefs with a pre-made menu and a team of sous chefs to assist them. The chefs can still create and serve their own dishes, but they don’t have to worry about managing the kitchen or creating the menu. The restaurant provides the platform (kitchen space, equipment, menu, and assistance) and the chef provides the recipe and cooks the dishes.

PaaS Advantages:

  • Agility. PaaS is more agile than IaaS, and users don’t need to configure servers for running applications.
  • No CapEx. Users have no up-front costs.
  • Consumption-based model. Users pay only for what they use, and operate under an OpEx model.
  • Skills. No deep technical skills are required to deploy, use, and gain the benefits of PaaS. Most servies are easily configurable through the internet/web interface or SDK.
  • Cloud benefits. Users can take advantage of the skills and expertise of the cloud provider to ensure that their workloads are made secure and highly available. In addition, users can gain access to more cutting-edge development tools. They can then apply these tools across an application’s lifecycle.
  • Productivity. Users can focus on application development only, because the cloud provider handles all platform management. Working with distributed teams as services is easier because the platform is accessed over the internet. You can make the platform available globally more easily.

PaaS Disadvantage

Platform limitations. There can be some limitations to a cloud platform that might affect how an application runs. When you’re evaluating which PaaS platform is best suited for a workload, be sure to consider any limitations in this area. Example: Certain modules/plugins for the services may not be provided out of the box. Plus customers usually cannot load/plug their custom modules or plugins into the service. E.g a database plugin that you may rely on is not supported in the PaaS service.

SaaS

SaaS


SaaS (Software as a Service) is the most common and widely used cloud computing service model. It refers to the delivery of software applications over the internet, typically on a subscription basis. SaaS applications are typically accessed through a web browser, and the provider is responsible for managing the infrastructure and ensuring that the software is always up-to-date. Examples of SaaS include Microsoft Office 365, Salesforce, and Zoom.

Restaurant Analogy
Continue with a restaurant analogy SaaS (Software as a Service) can be compared to a restaurant that not only rents out its kitchen space, provides the chefs with a pre-made menu and assistance but also provides the dishes to the customers. The customers can come in and order from a set menu, and the restaurant takes care of everything from cooking the dishes to serving them. The restaurant provides the software (dishes) and the customer just orders and consumes them.

SaaS Advantages:

  • Agility. Users can provide staff with access to the latest software quickly and easily.
  • No CapEx. Users have no up-front costs.
  • Pay-as-you-go pricing model. Users pay for the software they use on a subscription model, typically monthly or yearly, regardless of how much they use the software.
  • Skills. No deep technical skills are required to deploy, use, and gain the benefits of SaaS.
  • Flexibility. Users can access the same application data from anywhere.

SaaS Disadvantage

Software limitations. There can be some limitations to a software application that might affect how users work. Because you’re using as-is software, you don’t have direct control of features. When you’re evaluating which SaaS platform is best suited for a workload, be sure to consider any business needs and software limitations.

Additionaly if we look a diagram of a pizza restaurant it would look something like below:

pizza-as-a-service

pizza-as-a-service

Conclusion

In this section we learned about IaaS, PaaS and SaaS and what they stand for in Microsoft Azure. In the upcoming sections we will go deeper into Azure subscriptions, managemnt groups, resources and region. Stay tuned.

Additional Resources
Here is a list of resources that may be helpful as you continue to explore Microsoft Azure.

Excercise

Question 1
Cloud computing is the delivery of computing services using a pay-as-you-go pricing model.Which of the following statements are true of the pay-as-you-go pricing model?

Select all options that apply.

A. You can immediately stop paying for resources that are no longer needed.
B. You rent compute power and storage from someone else’s datacenter.
C. You must pay a fixed fee in advance for all Cloud services.
D. You rent physical hardware such as compute power and storage and maintain them within your own datacenter.

Question 2
Cloud Computing provides several benefits over a physical environment. Which of the following are benefits of cloud computing?

Select all options that apply.

A. Full control
B. Agility
C. Elasticity
D. High availability

Question 3
Which of the following options is not defined as a type of cloud deployment model?

A. Distributed cloud
B. Public cloud
C. Hybrid cloud
D. Private cloud

Question 4
Cloud computing provides computing services over the internet using a pay-as-you-go pricing model. With this model you typically only pay for the cloud services you use. Which of the following are benefits of the pay-as-you-go pricing model?

Select all that apply.

A. Lower operating costs.
B. You can run your infrastructure more efficiently.
C. You can scale as your business needs to change.

Question 5
True or False?
The Azure Portal updates continuously and requires no downtime for maintenance activities.

A. True
B. False

Azure
,
Microsoft Azure

What is Microsoft Azure cloud computing?

Taswar Bhatti January 2, 2023 No Comments
Our industry does not respect tradition – it only respects innovation Satya Nadella

I wanted to start writing about Cloud Computing and I thought it would be best to start with Microsoft Azure which I have been using for many years now. The series can be used by Digital Native or Startup on how to use Cloud Computing, we will go through Microsoft Azure and what it offers to us as a Startup or Digital Native company. But to start with lets ask ourselves a silly question? What is Cloud Computing?

Digital Native Definition
If you are wondering what is Digital Native, its basically a company that got started/born in the cloud, there was no on-prem for it. Think for example Uber, Allbrids, AirBnB, etc

What is Cloud Computing?

Cloud computing is a model for delivering computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (the cloud). It allows users to access these services remotely, rather than having to maintain their own infrastructure or purchase and install software on their own computers.

With cloud computing, you can access and use shared computing resources such as servers, storage, and applications through the Internet. The resources are owned and maintained by a cloud provider (some examples Microsoft Azure, Amazon AWS, Google Cloud, etc), which makes them available to you on demand, and you only pay for what you use. Think of it like electricity if you leave your light on, the electric company will charge you, but if you turn it off there is no charge for it.

There are several benefits Cloud computing provides, including:

  • Cost savings: Users only pay for the resources they use, and can scale up or down as needed, rather than having to invest in and maintain expensive infrastructure.
  • Flexibility: Cloud computing allows users to access a wide range of services and easily scale up or down as their needs change, rather than being limited by the capabilities of their own infrastructure.
  • Collaboration: Cloud computing makes it easy for users to collaborate on projects, as they can access the same tools and resources from anywhere with an Internet connection.
  • Reliability: Cloud providers generally have robust infrastructure and offer service level agreements (SLAs) to ensure uptime.
  • Security: Cloud providers often have advanced security measures in place to protect users’ data, such as firewalls, intrusion detection systems, and encryption.

What types of cloud computing are there?

There are four main types of cloud computing: public, private, multicloud and hybrid.

  • Public cloud – This type of cloud is owned and operated by a third-party cloud provider, which makes the resources available to the public over the Internet. Customers pay for what they use no CapEx cost only OpEx, and the provider is responsible for managing the infrastructure and ensuring that it is always available and performing optimally.
  • Private cloud – This type of cloud is owned and operated by a single organization, and the resources are not shared with any other organizations. A private cloud can be physically located on-premises or off-premises, and it can be managed by the organization itself or by a third-party provider.
  • Hybrid cloud – This type of cloud combines elements of both public and private clouds, allowing an organization to use the resources that are most suitable for each workload. For example, an organization might use a public cloud for development and testing, and a private cloud for production workloads that require a higher level of security and compliance.
  • Multi cloud – This type of cloud combines elements of multiple cloud providers, allowing an organization to use the resources that may expand mutliple cloud providers or even running different workload on different providers. For example, a company may have its SAS offering that a customr can choose which cloud provider they wish to use. An example would be ElasticSearch as a service, where one can choose which cloud provider you wish to launch their solution. Another example could be an organization may run majority of their service in one provider but also have a pilot light or warm standby environment ready to lauch in another cloud provider for fail safe issues. Yet another one can be an organization running their main database in one provider but their other workloads in another cloud provider, could be due to data residency or just pricing. The variations of things all depends on the business need.
Pilot Light Definition
The term pilot light is often used to describe a Disaster Recovery scenario in which a minimal version of an environment is always running in the cloud.

Pros and Cons

Each type of cloud has its own benefits and trade-offs, and organizations can choose the type that best fits their needs. How do we know which one to choose, below you can see the benefits and trade-offs of the three types of cloud computing as follows:

Public cloud:

  • Benefits: Low cost, no upfront investment, pay-as-you-go pricing, scalability, and reliability
  • Trade-offs: Reduced control and security, potential compliance issues

Private cloud:

  • Benefits: Greater control and security, tailored infrastructure, potential cost savings for large organizations
  • Trade-offs: Higher upfront investment, more complex to set up and manage, may require specialized skills and resources

Hybrid cloud:

  • Benefits: Flexibility, ability to use the best resources for each workload, potential cost savings
  • Trade-offs: More complex to set up and manage, may require specialized skills and resources, potential security and compliance issues

    • Multi cloud:

    • Benefits: You are not locked into just one vendor, if any issue happens at on vendor downtime your system can still be up since another vendor would mostly likley not be affected.
    • Trade-offs: The most complex of all, and not to mention the pricing it will be the most expensive due to the fact most of the time you will not be able to take advantage of the services most cloud provider provides, e.g Functions as a service, etc. You will also need to have IT people who are well versed in multiple cloud providers and those people are hard to come by.

I also wanted to mention that there are three main types of cloud computing: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). We will go over this more in details later but let's first go over a fundamental thing about cloud computing called Shared Responsbility Model.

What is Shared Responsbility Model?

In cloud computing, the concept of shared responsibility refers to the way that responsibilities are divided between the cloud provider and the customer for the operation and maintenance of the cloud environment.

The cloud provider is responsible for the infrastructure and hardware, as well as for the availability, performance, and security of the underlying cloud services. The customer, on the other hand, is responsible for managing and securing their applications, data, and operating system, as well as for complying with any relevant laws and regulations.

This model of shared responsibility is designed to allow customers to take advantage of the benefits of cloud computing while still maintaining control over their own applications and data. It is important for customers to understand their responsibilities and to ensure that they are properly fulfilling them in order to effectively use and secure their cloud environment.

The specifics of the shared responsibility model can vary depending on the type of cloud service being used and the specific terms of the service agreement. It is important for customers to carefully review the service agreement and to understand the specific responsibilities that are being shared in their particular cloud environment.

Additional resources on Microsoft Shared Responsbility are below:

Microsoft Learn Shared Responsibility and additional resources at Microsoft Learn Shared Responsibility Whitepaper

Conclusion

What we learned today was what really defines cloud computing, what are the types of cloud computing, their pros and cons and also shared responsbilit. I will go more into details of IaaS, PaaS and SaaS the models that Cloud Computing offers.

Excercise

Question 1
Which cloud approach is used by organizations to take full advantage of on-premises technology investments and allows data and applications to be shared between two environments?

A. Public cloud
B. Private cloud
C. Hybrid cloud
D. On-premises datacenter

Question 2
Your company has hundreds of servers hosted in their on-premises environment. The company plan to migrate some of the servers to an Azure pay-as-you-go-subscription. Which of the given expenditure model would you suggest in this case?

A. Public cloud
B. Azure Reservations
C. Operating expenditure
D. Capital expenditure

Question 3
You have an on-premises network that contains 100 servers. You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs.

What should you include in the recommendation?

A. a complete migration to the public cloud
B. an additional data center
C. a private cloud
D. a hybrid cloud

Question 4
You plan to migrate several servers from an on-premises network to Azure. What is an advantage of using a public cloud service for the servers over an on-premises network?

A. The public cloud is owned by the public, NOT a private corporation
B. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud
C. All public cloud resources can be freely accessed by every member of the public
D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

Question 5
In which type of cloud model are all the hardware resources owned by a third-party and shared between multiple tenants?

A. private
B. hybrid
C. public

Azure
,
LearningRustVSCode

Numerical Types in Rust with VSCode

Taswar Bhatti September 28, 2021 No Comments

I wanted to talk about basic types in Rust. Lets begin with Numerical Types in Rust, since Rust is a statically typed language, which means that it must know the types of all variables at compile time. I will talk about number types that are built into the language.

Numerical Types

Numerical values are divided into Integer Types and Floating-point type. A simple numerical type can be signed integer types or unsigned integer types.

Signed integer types start with i instead of u

Integer Data types are listed below:

  • i8 : The 8-bit signed integer type.
  • i16 : The 16-bit signed integer type.
  • i32 : The 32-bit signed integer type.
  • i64 : The 64-bit signed integer type.
  • u8 : The 8-bit unsigned integer type.
  • u16 : The 16-bit unsigned integer type.
  • u32 : The 32-bit unsigned integer type.
  • u64 : The 64-bit unsigned integer type.
  • isize : The pointer-sized signed integer type.
  • usize : The pointer-sized unsigned integer type.
Type MAX MIN
i8 127 -128
i16 32767 -32768
i32 2147483647 -2147483648
i64 9223372036854775807 -9223372036854775808
i128 170141183460469231731687303715884105727 -170141183460469231731687303715884105728
u8 0 255
u16 0 65535
u32 0 4294967295
u64 0 18446744073709551615
u128 0 340282366920938463463374607431768211455

Floating Point data types are simplier, there is only 2 types.

  • f32 : The 32-bit floating point type.
  • 64 : The 64-bit floating point type.

Summary

This was a short intro to the numerical values and the limits of each value in Rust.

Rust, VSCode
, ,
LearningRustVSCode

Functions in Rust with VSCode

Taswar Bhatti September 21, 2021 No Comments

Continuting on from where we left off, in this post I will refactor my code to use a function such that I can reuse my code later on. I will showcase how to write Functions in Rust with VSCode.

Intro

If we look at our previous post we have a very simple main function and it is just getting user input and then it outputs it with the println method. Its not one of the most elegant code but we we taking baby steps here. As a preview of our code code, it looks like below.

Now we would like to extract the read_line into its own function, the way we will do it is like below, I will explain in details after the code sample.

What I have done is create a function with the fn keyword and named it get_name, afterwards you see a -> character which tells the function that it will be returning a String.

You do not need a return statement in Rust the last value in the function acts as a return value

I have also called the trim function, the only issue is it returns a str rather than a String so I have to call to_string() in order to convert it back to String.

pub fn trim(&self) -> &str
Returns a string slice with leading and trailing whitespace removed.

If we run the program we will see this kind of output.

Now I dont know if you are like me, but I don’t like the output of this code, the input readline is right after the print statement. I would like to have the input right at the first line where it states “Pleaes enter your name:”. Let’s try to modify our code so that we can get the input in the same line.

What you see is I have first imported std::io::{self, Write};. So what this does is it imports std::io; and also use std::io::Write;. Therefore we can use the call for io::stdout().flush().unwrap();, since we imported std::io also.

Now if we run the program, we will get the code formatted in the way we want to.

Summary

So we have seen how to refactor our code into a function and in our next section lets build on this concept but change it to a game as simple as Rock, Paper, Scissors.

Rust, VSCode
, ,
LearningRustVSCode

Capturing User Input in Rust with VSCode

Taswar Bhatti September 15, 2021 No Comments

In this post we are going to take our baby steps in learning Rust and the simple example of a hello world would not just cut it. We will now introduce how to Capturing User Input in Rust.

Intro

To get started we will use our trusty cargo package manager again to create a new project for us. If you have not used cargo yet, please look back at my previous post on how to setup cargo.

This will create a file system looking like below.

We will open the main.rs file and modify it. We will add a variable to hold the value of the username. One thing to remember is Rust variables default to being immutable. Once an immutable variable is assigned, you cannot change the value stored in the variable. There is also a way to explicity to make a variable as mutable and you will need to use the mut keyword for that. So lets try to add a varible named “name” like the code below.

As you can see above we have defined a variable using the let keyword and we have also defined it as mut so that is is mutable i.e change its value after creation.

You may have also noticed something as in String::new, this is how you defined a String which is a growable, heap-allocated data structure. There is also a type in Rust called str which is an immutable fixed-length UTF-8 bytes of dynamic length string somewhere in memory. If you come from a C++ or C programming lang you can think of String like std::string and str as char*, if that helps.

Getting input from terminal

Now onto how to capture input, inorder to get input one has to use the stdin library of Rust. Rust provides terminal input functions in std::io::stdin. There is a read_line function in stdin, and we need to use the use keyword to import the functionality into our program. Below is how our Rust program will look like.

So what we have done here is we are using the stdin() whcih returns an object granting access to the Standard Input. Afterwards we have called the read_line method passing in a Borrow variable with the & sign which allows changes to be made to the variable by the function. In this case we have passed in name as a Borrow variable, which creates a reference to the variable. (I will cover Borrow in later topics).

Afterwards we also have an expect function which if the program crashes Rust returns a Result object, basically you are checking that the function worked by calling expect. Lastly we are using placeholders to print the value of name. Now lets try to run the program.

As you can see above I have enter my name “Taswar” and it outputs “Hello Taswar” with a newline aftewards. We can use the trim function in String to remove it but for that I will cover in the next section of how to write a function around the input.

Summary

In this post we learned how to read user input in a terminal in Rust, in the next section we will refactor and cover how to write functions in Rust.

Rust, VSCode
, ,
LearningRustVSCode

Writing and Running Intergration Tests with Rust in VSCode

Taswar Bhatti September 8, 2021 No Comments

In this post I will go over how to write Unit test for your Rust application. We will continue with where we left off with the hello world program and see what Rust has to offer us in unit testing. Note: I will be Writing and Running Intergration Tests with Rust in VSCode.

Creating Rust test directory

Our directory would look something like below.

In our hellow_tests.rs file we will add the code like below, if you are coming from a C# or Java background, Rust also uses Attribute for test so it will look quite familiar, using # tag followed by [test] brackets. We are using assert! just to pass this test.

To run the test we can run the cargo test command like below.

If you remember we had our program output a simple println statement with Hello, world!, so our test needs to check the output of our program. In order to do so we will introduce a new cargo package into your system.

Lets modify our project dependency and use crate assert_cmd to find the program in our crate directory.

Adding development dependency to Cargo.toml

Open the file Cargo.toml and add the dev dependency like below.

Now we will need to modify our hellow_tests.rs file we will add the usage of the assert_cmd package.

Above you will see that I am using assert_cmd and have changed some of the code to use the Command library. In the above code you will also see I am using a strange variable naming “let mut”. You may wonder what that is?

let mut what is that?

So variables in Rust are immutable by default, and require the mut keyword to be made mutable here. I am also using cargo_bin so that it can automatically find the output of the hello world program.

Unwrap what is that?

You also see I am calling a function called unwrap, so unwrap() is used here to handle the errors quickly in our test. It can be used on any function that returns Result or Option (Option is also an enum). If the function returns an Ok(value), you will get the value. If the function returns an Err(error), the program/test will panic. In our case if it does not find the hello program it will be in panic mode.

Next I have used assert with success to find out the command was successful and trying to match the Hello, world! output. If we run this test we will see that it will fail.

One may wonder what is wrong with it, so basically what we are missing is the newline character in our test \n in our stdout, so lets modify our test code and add the newline character.

Now the output of our test should be passing.

Summary

I understand the fact that this is a very brittle test checking the output of our program to match a certain string. The idea of this is for you to learn how to write simple unit test in Rust and how the ecosystem works. I hope this helps in your journey, we will continue on our learning Rust journey to write simple unix/linux command line tools and built upon that.

Rust, VSCode
,
LearningRustVSCode

Learning Rust with VSCode

Taswar Bhatti September 1, 2021 No Comments

I recently started to look into Rust and found it quite interesting and fun to work with, reminded me of working a bit like go and C lang. Thus I though it would be good to go through a blog series on of learning Rust with VSCode.

I will be using WSL Ubuntu 20.04.3 LTS for my development. If you are not using WSL yet, it allows you to have a linux terminal right inside of your windows desktop. Windows Subsystem for Linux 2) allows users to run a Linux VM inside windows and gives a near native Linux experience.

Installing Rust

Lets install Rust in your Ubuntu environment.

The output of the command would look like below.

To verify your install try this command

Before we jump into VSCode, lets just try to create a simple hello world first in the most basic way without cargo (rust build manager, like npm).

Simple Hello World

Open a file and call it hello.rs and paste the code into it. You can use nano or vi or vim.

We can then compile with rustc and it will create an executable that your computer can execute/

Creating and Running a Project with Cargo

Lets create a new project with cargo. You may wonder what is cargo. Cargo is the Rust package manager. Cargo downloads your Rust package’s dependencies, compiles your packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry. We will execute on your shell prompt like below and look inside the directory.

What is this Cargo.toml

Cargo.toml is a configuration file for the project. The extension .toml stands for Tom’s Obvious, Minimal Language. Lets take a look at the file

We also have the main.rs file, let’s take a look inside that file also, we will see that it looks similar to our hello world from before. Cargo has created a hello world sample for us.

This time rather than using rustc to compile the program, we will use cargo run to compile the source code and run it in one command:

The first three lines are information about what Cargo is doing. We can also use cargo run -q to make the output to be quiet.

What about VSCode?

So we can just type code . in your terminal it will launch vscode for us and we can then go into the extension section and install rust and rust-analyzer.

Install Rust Extension

rust-extension-vscode

rust-extension-vscode

Run Rust in VSCode

If you install rust analyzer then you will see the Run and Debug command ontop of your code where you can click on the run command to run Rust like below.

Run_Rust_In_VSCode

Run_Rust_In_VSCode

Here is the output that will show on your terminal.

Output_Rust_Terminal

Output_Rust_Terminal

Summary

So here is a quick summary of how to get Rust to run with vscode, in the next sections I will go through more learning of Rust and how to have fun with it.

Rust, VSCode
, ,
aws-cdk-csharp

Using AWS CDK to create IAM roles with C#

Taswar Bhatti April 20, 2021 No Comments

In this section we will talk about Identity and Access Management – IAM in short. I will show you an example of using AWS CDK to create IAM roles with C# and extending our current solution so that an IAM Role is ready with the correct permission to use. We will mainly focus on IAM Role and Policy. But first….

What is IAM?

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM can help securely control individual and group access to your AWS resources. You can create and manage user identities, or IAM users, roles, policies and grant permissions for them to access the resources you wish to give permission to.

Additional things IAM Allows

  • Manage IAM users and their access – You can create users in IAM, assign them individual security credentials (in other words, access keys, passwords, and multi-factor authentication devices), or request temporary security credentials to provide users access to AWS services and resources. You can manage permissions in order to control which operations a user can perform.
  • Manage IAM roles and their permissions – You can create roles in IAM and manage permissions to control which operations can be performed by the entity, or AWS service, that assumes the role. You can also define which entity is allowed to assume the role. In addition, you can use service-linked roles to delegate permissions to AWS services that create and manage AWS resources on your behalf.
  • Manage federated users and their permissions – You can enable identity federation to allow existing identities (users, groups, and roles) in your enterprise to access the AWS Management Console, call AWS APIs, and access resources, without the need to create an IAM user for each identity. Use any identity management solution that supports SAML 2.0, or use one of our federation samples (AWS Console SSO or API federation).
(Additional information at: https://aws.amazon.com/iam/)

IAM Roles

In our case we wish to grant our applications that will run on an Amazon EC2 instances access to AWS resources. This is where IAM roles comes into play and allow you to delegate access to users or services, IAM Roles are intended to be assumable by anyone who needs it including IAM users, AWS services including machines and applications in our case. One can assume a role to obtain temporary security credentials that can be used to make AWS API calls. Note that IAM roles are not associated with a specific user or group, instead a trusted entities assume the roles, such as IAM users, applications, or AWS services. The best part of IAM Role is that you don’t have to share long-term credentials or define permissions for each entity that requires access to a resource. Isn’t that cool?

IAM Policy

Now that we understand an IAM Role, but how do we write rules etc for that role? This is where IAM Policy comes in, a policy is an object with identity or resource, defining their permissions one can also associate with 1-N Roles of a policy. Best practices is to use multiple policy since they are free. AWS IAM evaluates the policies when an IAM principal (a user, role, or group) makes a request. Permissions in the policies attached to the entity determine whether the request is allowed or denied. Policies are writting in json format, and one tip is when you are reading a policy always use the EPRAC format to evaluate it.

  • E is for Effect of the policy
  • P is for Principle of the policy (a user, role, or group)
  • R is for Resources of the policy (a service etc)
  • A is for Action of the policy (Allow or deny)
  • C is for Conditions of the policy, matching some condition ip address or require MFA etc
(For more info read: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)

Two types of policies

There are two types of policies one is managed policy and also an inline policy.

  • Managed Policy – has a name and can be attach to multiple users, group or roles. Think shareable policy, AWS has predefined policy in the system already that one can use.
  • Inline Policy – a policy that is embedded in an IAM identity (a user, role, or group) only, you cannot share it.

Show me some code now please

Sorry to bore you with all the details but those roles and policy are important and when things don’t work they could be culprits of them. But in any case we will be adding IAM to our solution now, check out the diagram below. You will notice that IAM is outside our VPC, since IAM is a global service it will be out side and we will attach the role inside to the EC2 machine in our later post.

AWSCDKIAMRole

AWS CDK IAM Role

Now our stack we will look like this now

Build and Deploy

We will again use our good old trusty cdk to deploy the solution.

If we check our console we can go to IAM and look at Roles and search for Instance in the search box. You will see something like this depending on your stack name etc.

CdkInstanceRole

Cdk Instance Role Generated

If we go into the role you look at the permission we will see an inline policy also attached to the role.

CdkInstanceRolePolicy

Cdk Instance Role Policy Genearted

Challenges

  • How do we add/create a managed policy using the CDK?
  • How do we add a principle to our policy using the CDK?
  • How do we add a condition to our policy using the CDK?

Summary

I know its a bit boring and dry for IAM but trust me its an important building block of AWS, we went through knowing more about Roles and Policy and how to use AWS CDK to create IAM roles with C#. In our next section I will cover how to create auto scaling groups for our EC2 machines.

Source code: https://github.com/taswar/AWSCDKSamples/tree/main/CdkIAMSample

.NET, AWS, CDK
, , ,
aws-cdk-csharp

Using AWS CDK Parameter Store with C#

Taswar Bhatti April 15, 2021 No Comments

In this section we will talk about Parameter Store what it is and why we would want to use it? I will show you an example of using AWS CDK Parameter Store with C# and extending our current solution.

What is Parameter Store

AWS Parameter Store is actually a capability of AWS Systems Manager. The AWS Parameter store provides secure, hierarchical storage for configuration data management and secrets management. One can store data such as database connection strings, passwords, Amazon Machine Image (AMI) IDs, or even license codes as parameter values. There is also one additional advantage in parameter store where you can store values as plain text or encrypted data since it is also integrated with Secret Manager.
For more info on Parameter Store you can view the AWS Documentation (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html)

Why would I want to use it?

From our previous deployment using CDK we saw that the db secret was stored in secret manager but it was a random string that was created something along the line of DBSecretB45K907. When we have multiple environment let’s say staging, testing and prod it will be hard to tell which one is which, since the dbsecrets will all have some random characters in their name, this is where Parameter comes and help. We can store the values in a path like format. e.g /myvpcsampledev/dbsecretsname. Now whenever we need to get the value of the dbsecret in our dev environment we can just refer to parameter store which will in turn use the Secret Manager. Make sense?

There are also additional advantages of Parameter Store

  • Store configuration data and encrypted strings in hierarchies and track versions.
  • Use a secure, scalable, hosted secrets management service with no servers to manage.
  • Improve your security posture by separating your data from your code.
  • Control and audit access at granular levels.
  • Store parameters reliably because Parameter Store is hosted in multiple Availability Zones in an AWS Region.

Now I hope you are sold on the idea 🙂 Let’s see how we use it in our CDK code to use Parameter store, later on we will use the same store to get the values.

Side note

Tier: Parameter Store provides two parameter tiers – standard and advanced. While standard tier lets you store up to 10,000 parameters and 4 KB per parameter in value size, advanced tier lets you store up to 100,000 parameters, 8 KB per parameter in value size and allows you to add policies to parameters.

Show me the code

Before showing the nitty gritty details of the code. Let’s see a diagram of what we are building and what we have added.

CDK ParameterStore

CDK ParameterStore

As you may wonder the parameter store and secret manager are not in your VPC. The reason is Parameter Store and Secret Manager are global services where they are hosted in multiple regions so think of it as a service you are consuming just like S3 etc rather than having everything inside your VPC. Now let’s look at the code and see what we will add to our Stack.

Note: ParameterName always starts with a / in front of it.

As you can see above we have just added a string parameter and we have used the db.Secret.SecretName as a StringValue inside of Parameter Store. What is left is for us to build and deploy the solution just like our previous solution with dotnet and cdk.

Once deployed lets look at the console to see how it would look like. Navigate to your CloudFormation screen on AWS Console, click on resources tab and from there find the Parameter store created link. Click on the link and you should be redirected to parameter store and you should see something like below.

ParameterStoreDbSecret

ParameterStoreDbSecret

Challenges

  • What happens when you change the parameter type to an encrypted (secure) string. Can you use SecretString?
  • What about SimpleValue, what are the differences?
  • What about StringListValue, what are the differences?
  • Can we use pattern matching for the ParameterName? (Hint: look at AllowedPattern)
  • What other attributes can we store in the parameter store for our db object we created

Summary

In the above example we saw how to use Parameter store with our CDK code, in the next section we will cover IAM roles and how we will use them to attach roles to our EC2 machine and database, think of it as a glue to allow security and access permission.

Source code (https://github.com/taswar/AWSCDKSamples/tree/main/CdkRDSParameterSample)

.NET, AWS, C#, CDK
,
Older Posts
UA-4524639-2