├── LICENSE ├── README.md ├── ai-102 └── README.md ├── az-104 ├── insightscape.md ├── netmazeexplorer.md ├── onboarder.md ├── readme.md ├── sharesafely.md └── vmfleetcommander.md ├── az-204 ├── az2024.png ├── az204.png └── readme.md ├── az-305 └── readme.md └── az-400 └── README.md /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Gwyneth Peña-Siguenza 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Certification based projects 2 | 3 | [how to best use certifications and projects to learn](https://www.youtube.com/watch?v=3GPMaizoZe8) 4 | 5 | | Certification | Link | 6 | |---------------|------| 7 | | AZ-104 | [Projects](az-104/readme.md) | 8 | | AZ-204 | [Projects](az-204/readme.md) | 9 | | AZ-305 | [Projects](az-305/readme.md) | 10 | | AZ-400 | [Projects](az-400/README.md) | 11 | | AI-102 | [Projects](ai-102/README.md) | 12 | -------------------------------------------------------------------------------- /ai-102/README.md: -------------------------------------------------------------------------------- 1 | 1\. AzureVision: A Custom Computer Vision Solution 2 | ================================================== 3 | 4 | **Skills covered**: Implement computer vision solutions, Plan and manage an Azure AI solution 5 | 6 | **Project Description**: Build a custom image classification and object detection system using Azure AI Vision. This project will help you create, train, and deploy custom computer vision models for specific business scenarios. 7 | 8 | **Azure Services Used**: 9 | 10 | - Azure AI Vision 11 | - Azure Key Vault 12 | - Azure Monitor 13 | 14 | **Steps**: 15 | 16 | 1. Create Azure AI resources with appropriate authentication 17 | 2. Upload and label a dataset of images for a specific domain 18 | 3. Train custom image classification and object detection models 19 | 4. Evaluate model metrics and fine-tune performance 20 | 5. Deploy models to production endpoints 21 | 6. Build a Python application that consumes the models 22 | 7. Set up monitoring and logging 23 | 8. Implement security best practices for API keys 24 | 25 | 2\. MultiLingual Assistant: A Natural Language Processing Hub 26 | ============================================================= 27 | 28 | **Skills covered**: Implement natural language processing solutions, Create a custom question answering solution 29 | 30 | **Project Description**: Develop a comprehensive NLP system that combines text analysis, speech processing, translation, and question answering capabilities. 31 | 32 | **Azure Services Used**: 33 | 34 | - Azure AI Language 35 | - Azure AI Speech 36 | - Azure AI Translator 37 | - Azure Key Vault 38 | 39 | **Steps**: 40 | 41 | 1. Set up Language service to extract entities and sentiment from text 42 | 2. Implement speech-to-text and text-to-speech functionality 43 | 3. Create a custom question answering solution with multi-turn conversations 44 | 4. Train a language understanding model with intents and entities 45 | 5. Implement translation capabilities for multiple languages 46 | 6. Build a Python client application that integrates all services 47 | 7. Optimize models based on evaluation metrics 48 | 8. Set up proper authentication and security 49 | 50 | 3\. DocumentMiner: An Intelligent Document Processing System 51 | ============================================================ 52 | 53 | **Skills covered**: Implement knowledge mining and document intelligence solutions 54 | 55 | **Project Description**: Create a solution that automatically extracts, indexes, and makes searchable information from various document types. 56 | 57 | **Azure Services Used**: 58 | 59 | - Azure AI Document Intelligence 60 | - Azure AI Search 61 | - Azure Blob Storage 62 | - Azure Functions 63 | 64 | **Steps**: 65 | 66 | 1. Provision Azure AI Document Intelligence and Azure AI Search resources 67 | 2. Use prebuilt models to extract data from common document types 68 | 3. Create a custom document intelligence model for specialized documents 69 | 4. Set up Azure AI Search index with custom skillsets 70 | 5. Implement a document processing pipeline 71 | 6. Build a search interface in Python to query the indexed documents 72 | 7. Create Knowledge Store projections for document insights 73 | 8. Set up monitoring and continuous improvement 74 | 75 | 4\. ContentSafe: A Content Moderation Platform 76 | ============================================== 77 | 78 | **Skills covered**: Implement content moderation solutions, Plan and manage an Azure AI solution 79 | 80 | **Project Description**: Build a system that automatically detects and filters inappropriate content in text and images. 81 | 82 | **Azure Services Used**: 83 | 84 | - Azure AI Content Safety 85 | - Azure Functions 86 | - Azure Blob Storage 87 | - Azure Monitor 88 | 89 | **Steps**: 90 | 91 | 1. Set up Azure AI Content Safety resources 92 | 2. Implement text moderation for detecting offensive language 93 | 3. Implement image moderation for inappropriate visual content 94 | 4. Create serverless functions to process content in real-time 95 | 5. Set up storage for flagged content review 96 | 6. Build a Python dashboard for manual review of borderline cases 97 | 7. Configure monitoring and alerting 98 | 8. Implement responsible AI principles 99 | 100 | 5\. CreativeGenius: A Generative AI Solution 101 | ============================================ 102 | 103 | **Skills covered**: Implement generative AI solutions, Plan and manage an Azure AI solution 104 | 105 | **Project Description**: Create an application that leverages Azure OpenAI Service for generating content, answering questions, and creating images. 106 | 107 | **Azure Services Used**: 108 | 109 | - Azure OpenAI Service 110 | - Azure Key Vault 111 | - Azure Functions 112 | - Azure Blob Storage 113 | 114 | **Steps**: 115 | 116 | 1. Provision an Azure OpenAI Service resource 117 | 2. Deploy appropriate models (text generation, code generation, DALL-E) 118 | 3. Implement prompt engineering techniques to optimize responses 119 | 4. Create a Python application that interfaces with the OpenAI APIs 120 | 5. Implement a system to use custom data with Azure OpenAI models 121 | 6. Build a secure endpoint for generating images with DALL-E 122 | 7. Set up authentication and API key management 123 | 8. Implement monitoring and usage tracking -------------------------------------------------------------------------------- /az-104/insightscape.md: -------------------------------------------------------------------------------- 1 | 2 | # Azure InsightScape (Monitor and back up Azure resources) 3 | 4 | Design a comprehensive monitoring dashboard to gain insights, troubleshoot, and ensure smooth operations for all your previous projects. With this centralized monitoring solution, track the health, performance, and security of all integrated services. 5 | 6 | - **Programming required?**: ❌ (This project relies mostly on configuration and integration, though understanding of Kusto Query Language (KQL) will be essential for custom monitoring queries.) 7 | - **Azure Services Used:** 8 | - Azure Monitor 9 | - Azure Log Analytics 10 | - Azure Security Center 11 | - Azure Alerts 12 | - Azure Application Insights (for the web applications) 13 | - Azure Network Watcher (for networking projects) 14 | 15 | - **Steps**: 16 | 1. **Azure Monitor Integration**: 17 | - Set up Azure Monitor to collect telemetry data from all your Azure resources involved in the previous projects. 18 | - Enable multi-resource monitoring to see health and metrics across projects and services. 19 | 20 | 2. **Log Analytics Workspace**: 21 | - Provision a Log Analytics workspace in Azure Monitor. 22 | - Integrate your services (like VMs, Web Apps, Logic Apps, Blob Storage) from previous projects into this workspace. 23 | - Write KQL queries to fetch specific log data, e.g., failed login attempts, high resource utilization, or abnormal network traffic patterns. 24 | 25 | 3. **Application Insights**: 26 | - For the "ShareSafely - File Share Web App" project, integrate Azure Application Insights to capture telemetry data like user sessions, page views, and exceptions. 27 | - Visualize the performance of your web application and identify any bottlenecks or issues. 28 | 29 | 4. **Network Monitoring**: 30 | - Use Azure Network Watcher to monitor the networking aspects from the "NetMaze Explorer" project. 31 | - Capture network packet data, check for any security threats, and analyze network topology. 32 | 33 | 5. **Security & Compliance**: 34 | - Integrate Azure Security Center to get a unified view of the security posture across all projects. 35 | - Ensure compliance standards are met and get recommendations to improve the security of your resources. 36 | 37 | 6. **Alerts Configuration**: 38 | - Based on the data from Log Analytics and Application Insights, set up Azure Alerts. 39 | - Configure notifications for unusual activities, like resource downtimes, security breaches, or performance degradation. 40 | 41 | 7. **Dashboard Creation**: 42 | - Customize the Azure Monitor dashboard to display critical metrics, logs, and alerts for all projects in one place. 43 | - Share the dashboard with your team to ensure everyone has visibility into the system's health. 44 | 45 | 8. **Backup and Disaster Recovery**: 46 | - Set up periodic backups for critical data across your projects. 47 | - Design a disaster recovery plan, and periodically test the recovery of services to ensure data integrity and availability in case of any failures. 48 | 49 | 9. **Documentation & Best Practices**: 50 | - Document your monitoring strategies, KQL queries, and setup configurations. 51 | - Ensure you follow Azure's best practices for monitoring and alerting, optimizing costs, and resource usage. -------------------------------------------------------------------------------- /az-104/netmazeexplorer.md: -------------------------------------------------------------------------------- 1 | # NetMaze Explorer (Implement and manage virtual networking) 2 | 3 | Design a hybrid networking environment where on-premises networks connect securely to Azure resources using Azure's networking capabilities, ensuring secure data transition and effective resource access controls. 4 | - **Programming required?**: ❌ Minimal to none. This project is largely focused on networking configurations, but understanding scripting for automating certain tasks or deploying resources could be beneficial. 5 | - **Azure Services Used:** 6 | - Azure Virtual Networks 7 | - Azure VPN Gateway 8 | - Network Security Groups (NSGs) 9 | - Azure Bastion 10 | - Azure Private Link 11 | - Azure DNS 12 | - Azure Load Balancer 13 | - **Steps:** 14 | 15 | 1. Azure Virtual Network Setup: 16 | 17 | Provision an Azure Virtual Network (VNet) in your chosen region. 18 | Create multiple subnets within this VNet to segregate resources effectively (e.g., WebApp Subnet, Database Subnet, Admin Subnet). 19 | 20 | 2. On-Premises Network Simulation: 21 | 22 | For the sake of this project, use another VNet to simulate your on-premises environment. This can be in another Azure region or the same region based on preference. 23 | 24 | 3. Secure Connectivity: 25 | 26 | Implement Azure VPN Gateway to create a site-to-site VPN connection between your simulated on-premises environment (VNet) and your main Azure VNet. 27 | Verify the connection and ensure resources from one VNet can communicate with another, effectively simulating a hybrid environment. 28 | 29 | 4. Resource Deployment 30 | 31 | Deploy test resources (like VMs) in each subnet of your main Azure VNet. For instance, deploy a web server VM in the WebApp Subnet, a database in the Database Subnet, etc. 32 | 33 | 5. Network Access Control: 34 | 35 | Use Network Security Groups (NSGs) to define inbound and outbound access rules for each subnet, ensuring that only valid traffic is allowed. For instance, only allow HTTP/HTTPS traffic to the WebApp Subnet. 36 | 37 | 6. Secure Administrative Access: 38 | 39 | Implement Azure Bastion for secure and seamless RDP and SSH access to your virtual machines, ensuring you don't expose your VMs to the public internet. 40 | 41 | 7. Private Access to Azure PaaS Services: 42 | 43 | Use Azure Private Link to access Azure PaaS services (like Azure SQL Database) over a private endpoint within your VNet, ensuring data doesn't traverse over the public internet. 44 | 45 | 8. DNS and Load Balancing: 46 | 47 | Configure Azure DNS to have custom domain names for your resources. 48 | Implement Azure Load Balancer to distribute traffic across your VMs in the WebApp Subnet. 49 | 50 | 9. Performance and Security Testing: 51 | 52 | Simulate various network scenarios to test performance, such as data transition between on-premises and Azure. 53 | Attempt to access resources from outside the permitted paths to validate the security configurations in place. 54 | 55 | 10. Monitoring and Auditing: 56 | 57 | Enable monitoring and diagnostics on your VPN Gateway, NSGs, and other network resources to gain insights into network operations. 58 | Review logs and set up alerts for any suspicious activities. -------------------------------------------------------------------------------- /az-104/onboarder.md: -------------------------------------------------------------------------------- 1 | ## Onboard Automator (Manage Azure identities and governance) 2 | Streamline and automate the process of onboarding a new employee into Azure AD and assigning necessary Azure resources. 3 | 4 | - **Programming required?**: ❌ 5 | - **Azure Services Used:** 6 | - Azure AD 7 | - Azure Logic Apps 8 | - Azure Email Service (part of Logic Apps connector) 9 | - Azure Resource Manager 10 | 11 | - **Steps**: 12 | 1. **Azure AD Setup**: 13 | - Set up a new Azure AD instance (if not already present) using the Azure portal. 14 | 15 | 2. **Logic App Workflow Design**: 16 | - Design a Logic App workflow triggered by an event (like an entry in a SharePoint list or an email to a specific mailbox) indicating a new employee hire. 17 | 18 | 3. **Azure AD User Creation**: 19 | - Use the Azure AD connector in Logic Apps to automatically create a new user in Azure AD based on the trigger event's details. 20 | 21 | 4. **Role and Group Assignment**: 22 | - Assign predefined roles and groups to the new user based on the job position or department indicated in the trigger. 23 | 24 | 5. **Resource Provisioning**: 25 | - Use the Azure Resource Manager connector in Logic Apps to provision any necessary Azure resources for the user (like VMs or specific permissions). 26 | 27 | 6. **Welcome Email**: 28 | - Leverage the Email connector in Logic Apps to send a welcome email to the new hire with instructions and necessary access details. 29 | 30 | 7. **Monitoring and Review**: 31 | - Monitor and review the onboarding process through Logic Apps runs history and Azure AD logs to ensure smooth operations. -------------------------------------------------------------------------------- /az-104/readme.md: -------------------------------------------------------------------------------- 1 | # AZ-104 2 | 3 | [![Video Name](https://img.youtube.com/vi/Qd0YI9ZMHHs/hqdefault.jpg)](https://youtu.be/Qd0YI9ZMHHs) 4 | 5 | [Study guide for Exam AZ-104: Microsoft Azure Administrator](https://learn.microsoft.com/certifications/resources/study-guides/az-104) 6 | 7 | ## Projects 8 | 9 | 1. [Onboard Automator (Manage Azure identities and governance)](./onboarder.md) 10 | 2. [ShareSafely - File Share Web App (Implement and manage storage)](./sharesafely.md) 11 | 3. [VM Fleet Commander (Deploy and manage Azure compute resources)](./vmfleetcommander.md) 12 | 4. [NetMaze Explorer (Implement and manage virtual networking)](./netmazeexplorer.md) 13 | 5. [InsightScape (Monitor and back up Azure resources)](./insightscape.md) 14 | -------------------------------------------------------------------------------- /az-104/sharesafely.md: -------------------------------------------------------------------------------- 1 | # ShareSafely - File Share Web App (Implement and manage storage 2 | 3 | Create a web application where users can securely upload files to Azure Blob Storage. Once uploaded, the application generates a unique, time-limited link for the user to share. This ensures that only authorized users with the link can access the uploaded file for a specified duration. 4 | 5 | - **Programming required?**: ✅ (For creating the web application and generating unique time-limited links.) 6 | 7 | - **Azure Services Used:** 8 | - Azure Blob Storage 9 | - Azure Web Apps 10 | - Azure KeyVault 11 | 12 | 13 | - **Steps**: 14 | 1. **Storage Setup**: 15 | - Set up an Azure Blob Storage account and create a container to store the uploaded files. 16 | - Configure appropriate security settings, ensuring data at rest encryption is enabled. 17 | 18 | 2. **Web Application Deployment**: 19 | - Develop a web application that allows users to upload files. This can be done using preferred frameworks (like ASP.NET Core, Node.js, etc.). 20 | - Deploy the application to Azure Web Apps. 21 | 22 | 3. **File Upload Logic**: 23 | - In the web application, integrate Azure Blob Storage SDKs/APIs to facilitate the file upload process directly to Blob Storage. 24 | 25 | 26 | 4. **Unique Link Generation**: 27 | - When a file is uploaded, use Azure Storage SDK to generate a unique, time-limited link for the user. 28 | 29 | 30 | 5. **Secure Credentials**: 31 | - Store any sensitive credentials or configuration strings (like Blob Storage access keys) securely in Azure Key Vault. 32 | - Integrate Azure Key Vault with the web application to retrieve these credentials when needed. 33 | 34 | 6. **Monitoring and Cleanup**: 35 | - Set up monitoring to track file upload/download activities. 36 | - Use Azure Functions or Logic Apps to periodically clean up expired files from both Azure Blob Storage and the Azure SQL Database. 37 | 38 | --- -------------------------------------------------------------------------------- /az-104/vmfleetcommander.md: -------------------------------------------------------------------------------- 1 | # VM Fleet Commander (Deploy and manage Azure compute resources) 2 | Implement an infrastructure-as-code approach to provision and manage virtual machines in Azure, using ARM templates and Bicep. The aim is to gain hands-on experience in automating the deployment of Azure resources and organizing them efficiently. 3 | 4 | - **Programming required?**: ✅ (Knowledge of JSON for ARM templates and Bicep language syntax is essential.) 5 | - **Azure Services Used:** 6 | - Azure Virtual Machines 7 | - Azure Resource Manager (ARM) 8 | - Bicep 9 | 10 | - **Steps**: 11 | 12 | 1. **Initial Setup**: 13 | - Ensure you have Azure CLI installed with Bicep support. 14 | - Set up a version control system (e.g., Git) to track changes in your Bicep and ARM templates. 15 | 16 | 2. **Bicep Basics**: 17 | - Start with learning the basics of Bicep syntax and structure. 18 | - Convert a basic ARM template (like one that deploys a single VM) to Bicep to understand the differences. 19 | 20 | 3. **Resource Group and Naming Conventions**: 21 | - Define a Bicep file to create an Azure Resource Group for your VMs. 22 | - Implement naming conventions for your resources using Bicep's string functions. 23 | 24 | 4. **Virtual Machine Provisioning**: 25 | - Create a Bicep module for deploying Azure VMs, allowing for parameterized input like VM size, name, and region. 26 | - Use loops in Bicep to deploy multiple VM instances based on a specified count. 27 | 28 | 5. **Network Resources**: 29 | - Design Bicep modules for associated networking resources like Virtual Network, Subnet, and Network Security Groups. 30 | - Ensure your VMs are provisioned within the designated VNet and have the necessary security rules applied. 31 | 32 | 6. **Parameter Files and Validation**: 33 | - Create separate parameter files for your Bicep templates, allowing for different environment deployments (e.g., dev, test, prod). 34 | - Use the Azure CLI to validate your Bicep files before deploying, catching any structural errors. 35 | 36 | 7. **Deployment**: 37 | - Use the Azure CLI to deploy your Bicep templates, creating all designated resources. 38 | - Test the reproducibility by deploying the same infrastructure to a different region or resource group. 39 | 40 | 8. **Maintenance & Updates**: 41 | - Make changes to your Bicep files (e.g., VM size or count) and redeploy. Observe how Azure handles updates and maintains state. 42 | - Regularly pull updates to the Bicep language and Azure CLI to stay updated with new features and improvements. 43 | 44 | 9. **Documentation & Cleanup**: 45 | - Document your Bicep modules, their purpose, and any parameters required. 46 | - After testing, ensure to delete resources or resource groups to avoid incurring unnecessary costs. -------------------------------------------------------------------------------- /az-204/az2024.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/madebygps/cloud-engineering-projects/72c4a56cfdc57aa25c3485996d45307909947e5b/az-204/az2024.png -------------------------------------------------------------------------------- /az-204/az204.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/madebygps/cloud-engineering-projects/72c4a56cfdc57aa25c3485996d45307909947e5b/az-204/az204.png -------------------------------------------------------------------------------- /az-204/readme.md: -------------------------------------------------------------------------------- 1 | # Projects for AZ-204 2 | 3 | [![Video Name](https://img.youtube.com/vi/Ny5SZcV7mbE/hqdefault.jpg)](https://youtu.be/Ny5SZcV7mbE) 4 | 5 | [Study guide for Exam AZ-204: Developing Solutions on Microsoft Azure](https://learn.microsoft.com/certifications/resources/study-guides/az-204) 6 | 7 | ![diagram of 4 projects](az2024.png) 8 | 9 | ### 1\. Develop Azure compute solutions (25--30%) 10 | 11 | - Azure Container Registry 12 | - Azure Container Instance 13 | - Azure Container Apps 14 | - Azure App Service Web Apps 15 | - Azure Functions 16 | 17 | ### 2\. Develop for Azure storage (15--20%) 18 | 19 | - Azure Cosmos DB 20 | - Azure Blob Storage 21 | 22 | ### 3\. Implement Azure security (20--25%) 23 | 24 | - Microsoft Identity platform (for user authentication and authorization) 25 | - Microsoft Azure Active Directory (Azure AD) 26 | - Microsoft Graph (for solutions that interact with it) 27 | - Azure Key Vault (for securing app configuration data) 28 | - Managed Identities for Azure resources 29 | 30 | ### 4\. Monitor, troubleshoot, and optimize Azure solutions (15--20%) 31 | 32 | - Azure Cache for Redis (for caching solutions) 33 | - Azure Content Delivery Network (Azure CDN) 34 | - Application Insights (for troubleshooting solutions) 35 | 36 | ### 5\. Connect to and consume Azure services and third-party services (15--20%) 37 | 38 | - Azure API Management (APIM) 39 | - Azure Event Grid 40 | - Azure Event Hub 41 | - Azure Service Bus 42 | - Azure Queue Storage queues 43 | 44 | # Projects 45 | 46 | ## 1. Weather Tracker (Develop Azure compute solutions) 47 | 48 | A web application that allows users to track weather updates in real-time for their chosen cities. The system also triggers Azure Functions for alerts when a specific weather threshold is met (like if it's going to rain). 49 | 50 | ### Infrastructure 51 | - Azure App Service Web App (Hosting the web application) 52 | - Azure Container Registry (Storing Docker images for the app) 53 | - Azure Container Instance (Running the containers for development/testing) 54 | - Azure Functions (Weather alert system) 55 | - Azure Container Apps (Running the containers in production) 56 | 57 | ### Diagram 58 | 59 | ``` 60 | User 61 | |-> Web Application (Hosted on Azure App Service Web App) 62 | |-> Weather Alerts (Azure Functions) 63 | |-> Docker Images (Azure Container Registry) 64 | |-> Testing Containers (Azure Container Instance) 65 | |-> Running Containers (Azure Container Apps) 66 | ``` 67 | 68 | 69 | ### Implementation Guide 70 | 1. Create an Azure App Service Web App. 71 | 2. Develop a basic web application that uses weather APIs. 72 | 3. Containerize the application. 73 | 4. Publish the container image to Azure Container Registry. 74 | 5. Test the application using Azure Container Instance. 75 | 6. Implement an Azure Function to send alerts when a specified weather threshold is met. 76 | 7. Integrate Azure Function with your web application. 77 | 8. Deploy the web application to Azure Container Apps. 78 | 9. Setup a CI/CD pipeline for your application and Function. 79 | 10. Setup Application insights and Azure monitor 80 | 11. Push to GitHub 81 | 12. Document 82 | 83 | ## 2. Azure Document Vault with Expiry & CDN Integration (Develop for Azure storage) 84 | 85 | A secure platform where users can upload important documents, assign tags for easier organization, and retrieve them. This enhanced system integrates expiration dates on shared links and utilizes Azure CDN to deliver content efficiently to users across various regions. 86 | 87 | ### Infrastructure 88 | 89 | - Azure Blob Storage (For storing documents) 90 | - Azure Cosmos DB (For metadata, tags, and expiring link details) 91 | - Azure Functions (To handle link expiration logic) 92 | - Azure CDN (To efficiently deliver documents) 93 | 94 | ### Diagram 95 | 96 | ``` 97 | [Users] 98 | | 99 | V 100 | [Document Upload, Tagging, and Link Generation Portal] 101 | | / \ | 102 | | / \ | 103 | V V V V 104 | [Azure Blob Storage]--[Azure CDN]--[Azure Cosmos DB]--[Azure Functions] 105 | ``` 106 | 107 | ### Implementation Guide 108 | 109 | 1. Design Document Uploader Interface: 110 | - Create a user-friendly interface for document uploads and tagging. 111 | 2. Azure Blob Storage Setup: 112 | - Set up Azure Blob Storage containers for document storage. 113 | - Implement authentication and authorization. 114 | 3. Azure Cosmos DB Integration: 115 | - Initialize Azure Cosmos DB. 116 | - Store metadata for each document upload, like the upload date, document type, user ID, and tags. 117 | 4. Develop Document Upload and Tagging Portal: 118 | - Build a portal where users can upload and tag documents. 119 | - Use SDKs to communicate with Blob Storage and Cosmos DB. 120 | 5. Develop Expiration Logic with Azure Functions: 121 | - Allow users to generate unique download URLs with set expiration dates. 122 | - The function will store the URL, associated document reference, and expiration in Cosmos DB. 123 | 6. Modify Document Retrieval: 124 | - Check the URL's validity and serve the document either directly from Azure Blob Storage or via Azure CDN. 125 | 7. Setup Azure CDN: 126 | - Create a CDN profile and endpoint. 127 | - Link it to Azure Blob Storage. 128 | 8. Modify Document Serving Logic with CDN: 129 | - Use Azure CDN to cache and deliver documents, enhancing the retrieval speed. 130 | 9. Manage Cache Lifespan: 131 | - Set appropriate TTL (Time to Live) for cached documents on CDN. 132 | 10. Setup a CI/CD pipeline for your application and Function. 133 | 11. Setup Application insights and Azure monitor 134 | 12. Push to GitHub 135 | 13. Document 136 | 137 | 138 | 139 | ## 3. Secret Notes Viewer (Implement Azure security) 140 | 141 | A web application that displays secret notes from Azure Keyvault only when the user logins. 142 | 143 | ### Infrastructure 144 | 145 | - Microsoft Azure Active Directory (User authentication) 146 | - Azure Key Vault (Storing sensitive data) 147 | - Azure App Service (Hosting the portal) 148 | 149 | ### Diagram 150 | 151 | ``` 152 | User 153 | |-> Login Portal (Hosted on Azure App Service) 154 | |-> User Authentication (Microsoft Azure Active Directory) 155 | |-> Configuration Data (Azure Key Vault) 156 | ``` 157 | 158 | ### Implementation Guide 159 | 160 | 1. Set up an Azure AD instance for user authentication. 161 | 2. Create several test users in Azure AD. 162 | 3. Create several secrets in Azure KeyVault. 163 | 4. Assign permissions to users in Azure AD such that each user has access to different secrets. 164 | 5. Develop a web application that integrates with Azure AD for login functionality. 165 | 6. Integrate Azure Key Vault in the application to fetch configuration data. 166 | 7. Display the information in the web app once user logins. 167 | 8. Deploy the application on Azure App Service. 168 | 9. Setup a CI/CD pipeline for your application 169 | 10. Setup Application insights and Azure monitor 170 | 11. Push to GitHub 171 | 12. Document 172 | 173 | 174 | ## 4. Event-Driven Bookstore Notification System (Connect to and consume Azure services and third-party services) 175 | 176 | 177 | An event-driven bookstore application that notifies subscribers when a new book is added to the inventory. This system integrates Azure's event-based and message-based solutions to handle the real-time notifications. 178 | 179 | ### Infrastructure 180 | 181 | - Azure API Management (APIM): To manage and secure the API endpoints. 182 | - Azure Event Grid: To trigger events when new books are added. 183 | - Azure Service Bus: To send out notification messages to subscribers. 184 | - Azure Cosmos DB: To store book inventory and subscriber details. 185 | 186 | ### Diagram 187 | 188 | ``` 189 | [Bookstore Application] 190 | | 191 | V 192 | [Azure API Management (APIM)] 193 | | 194 | V 195 | [Azure Cosmos DB] <--> [Azure Event Grid] 196 | | 197 | V 198 | [Azure Service Bus] 199 | | 200 | V 201 | [Subscriber Devices] 202 | ``` 203 | 204 | ### Implementation Guide 205 | 206 | 1. Initialize Azure API Management (APIM): 207 | 208 | - Set up an APIM instance. 209 | - Create and secure API endpoints to add books and register subscribers. 210 | 2. Design Bookstore Inventory System: 211 | 212 | - Store new book entries in Azure Cosmos DB. 213 | - When a book is added, trigger an event in Azure Event Grid. 214 | 3. Set Up Azure Event Grid: 215 | 216 | - Configure it to watch for new book additions in Azure Cosmos DB. 217 | 4. Notification Mechanism with Azure Service Bus: 218 | 219 | - When an event is triggered by a new book addition, push a notification message into Azure Service Bus. 220 | - Subscribers will pull their notifications from here. 221 | 5. Subscriber Management in Azure Cosmos DB: 222 | 223 | - Store details of subscribers. 224 | - Maintain a list of books they are notified about, to prevent duplicate notifications. 225 | 226 | ### Additional Details: 227 | 228 | Adding Books and Triggering Events: 229 | 230 | - When a new book is added through the API, the data is stored in Azure Cosmos DB. 231 | - This addition triggers an event in Azure Event Grid. 232 | 233 | Notification to Subscribers: 234 | 235 | - Azure Event Grid, upon capturing the event, instructs Azure Service Bus to send out a notification. 236 | - Subscribers retrieve their notifications from Azure Service Bus, ensuring they are in3wsamed of the new book. 237 | -------------------------------------------------------------------------------- /az-305/readme.md: -------------------------------------------------------------------------------- 1 | # Azure AZ-305 2 | 3 | [![Video Name](https://img.youtube.com/vi/SRWMfO-q9dc/hqdefault.jpg)](https://www.youtube.com/watch?v=SRWMfO-q9dc) 4 | 5 | [Study guide for Exam AZ-305: Designing Microsoft Azure Infrastructure Solutions](https://learn.microsoft.com/certifications/resources/study-guides/az-305) 6 | 7 | 8 | The Azure AZ-305 certification is designed to validate your expertise in designing and implementing solutions on Microsoft's Azure cloud platform, focusing on aspects like identity, governance, data storage, business continuity, and infrastructure. 9 | 10 | # Hands-On Projects Projects 11 | 12 | Governify: The Ultimate Identity, Governance, and Monitoring Solution (Design identity, governance, and monitoring solutions) 13 | ----------------------------------------------------------------------------------------------------------------------------- 14 | 15 | This skill measures your ability to design and recommend solutions for logging, monitoring, authentication, and authorization in Azure. It also assesses your understanding of governance structures, including management groups, subscriptions, and resource groups, as well as compliance and identity governance. 16 | 17 | In this project, you'll create a multi-tier web application and implement identity, governance, and monitoring solutions. You'll set up Azure AD for authentication, use Azure Policy and Blueprints for governance, and configure Azure Monitor and Log Analytics for logging and monitoring. 18 | 19 | ### Diagram Description 20 | 21 | The architecture consists of a multi-tier web application deployed on Azure App Service, connected to an Azure SQL Database. Azure AD is used for authentication, Azure Policy and Blueprints enforce governance, and Azure Monitor and Log Analytics are set up for logging and monitoring. 22 | 23 | ### Programming Required? 24 | 25 | ✅ 26 | 27 | ### Azure Services Used 28 | 29 | - Azure App Service 30 | - Azure SQL Database 31 | - Azure AD 32 | - Azure Policy 33 | - Azure Blueprints 34 | - Azure Monitor 35 | - Azure Log Analytics 36 | 37 | ### Steps 38 | 39 | 1. Set Up the Multi-Tier Web Application 40 | 41 | - Create an Azure App Service for the front-end and another for the back-end. 42 | - Deploy a sample web application to the front-end App Service. 43 | - Deploy a sample API to the back-end App Service. 44 | - Create an Azure SQL Database and connect it to the back-end. 45 | 2. Implement Azure AD Authentication 46 | 47 | - Set up Azure AD and create a few test users. 48 | - Integrate Azure AD authentication into the front-end and back-end of your web application. 49 | 3. Set Up Governance with Azure Policy and Blueprints 50 | 51 | - Create Azure Policies that enforce tagging and other governance rules. 52 | - Create an Azure Blueprint and add the policies to it. 53 | - Assign the blueprint to your Azure subscription. 54 | 4. Configure Azure Monitor and Log Analytics 55 | 56 | - Create a Log Analytics workspace. 57 | - Enable Azure Monitor and connect it to the Log Analytics workspace. 58 | - Configure your App Services and SQL Database to send logs and metrics to Azure Monitor. 59 | 5. Implement Logging in the Application 60 | 61 | - Add logging code to your front-end and back-end applications. 62 | - Use Azure SDKs to send these logs to Azure Monitor. 63 | 6. Set Up Alerts and Monitoring 64 | 65 | - Create custom queries in Azure Log Analytics to analyze logs. 66 | - Set up alerts in Azure Monitor based on metrics or log events. 67 | 7. Test the Complete Setup 68 | 69 | - Log in to the application using different Azure AD users. 70 | - Verify that governance policies are being enforced on resources. 71 | - Check Azure Monitor and Log Analytics to ensure logs and metrics are being captured. 72 | - Trigger alerts by simulating error conditions or exceeding thresholds. 73 | 74 | DataFort: A Comprehensive Data Storage and Integration Solution (Design data storage solutions) 75 | ----------------------------------------------------------------------------------------------- 76 | 77 | ### Skill Description 78 | 79 | This skill measures your ability to design data storage solutions for both relational and non-relational data types. You'll need to know how to recommend appropriate Azure data services, storage tiers, and data protection strategies. Additionally, you'll be evaluated on your ability to design data integration and analysis solutions. 80 | 81 | ### Project Description 82 | 83 | In this project, you'll create a comprehensive data storage and integration solution using Azure services. You'll set up an Azure SQL Database for relational data and Azure Blob Storage for semi-structured and unstructured data. You'll also implement data integration using Azure Data Factory and data analysis using Azure Synapse Analytics. 84 | 85 | ### Diagram Description 86 | 87 | The architecture consists of an Azure SQL Database for storing relational data and Azure Blob Storage for semi-structured and unstructured data. Azure Data Factory is used for data integration between these storage solutions, and Azure Synapse Analytics is set up for data analysis. 88 | 89 | ### Programming Required? 90 | 91 | ✅ 92 | 93 | ### Azure Services Used 94 | 95 | - Azure SQL Database 96 | - Azure Blob Storage 97 | - Azure Data Factory 98 | - Azure Synapse Analytics 99 | 100 | ### Steps 101 | 102 | 1. Set Up Azure SQL Database 103 | 104 | - Create an Azure SQL Database. 105 | - Choose an appropriate service tier and compute tier based on your needs. 106 | - Populate the database with some sample relational data. 107 | 2. Set Up Azure Blob Storage 108 | 109 | - Create an Azure Blob Storage account. 110 | - Upload some sample semi-structured (e.g., JSON files) and unstructured (e.g., images, videos) data. 111 | 3. Implement Data Protection 112 | 113 | - Enable Geo-Replication for Azure SQL Database for disaster recovery. 114 | - Set up Azure Blob Storage with cool and hot access tiers, and enable Azure Blob Versioning for data protection. 115 | 4. Design Data Integration with Azure Data Factory 116 | 117 | - Create an Azure Data Factory instance. 118 | - Create a data pipeline to move data from Azure SQL Database to Azure Blob Storage and vice versa. 119 | 5. Implement Data Analysis with Azure Synapse Analytics 120 | 121 | - Create an Azure Synapse Analytics workspace. 122 | - Import data from Azure SQL Database and Azure Blob Storage. 123 | - Run some sample data analysis queries and visualize the results. 124 | 6. Test the Complete Setup 125 | 126 | - Verify that data can be added, updated, and deleted in Azure SQL Database and Azure Blob Storage. 127 | - Run the Azure Data Factory pipeline to ensure data integration is working as expected. 128 | - Perform some data analysis tasks in Azure Synapse Analytics and validate the results. 129 | 130 | ContinuityCraft: Mastering Business Continuity in Azure (Design business continuity solutions) 131 | ---------------------------------------------------------------------------------------------- 132 | 133 | ### Skill Description 134 | 135 | This skill assesses your ability to design backup and disaster recovery solutions for Azure and hybrid workloads, including compute resources, databases, and unstructured data. It also evaluates your expertise in recommending high-availability solutions for various types of data and compute resources. 136 | 137 | ### Project Description 138 | 139 | In this project, you'll set up a multi-tier web application with a relational database and blob storage. You'll implement backup and disaster recovery solutions for each component and ensure high availability for the entire system. 140 | 141 | ### Diagram Description 142 | 143 | The architecture includes a multi-tier web application deployed on Azure App Service, connected to an Azure SQL Database and Azure Blob Storage. Azure Backup and Azure Site Recovery are configured for backup and disaster recovery, while Azure Availability Zones are used for high availability. 144 | 145 | ### Programming Required? 146 | 147 | ✅ 148 | 149 | ### Azure Services Used 150 | 151 | - Azure App Service 152 | - Azure SQL Database 153 | - Azure Blob Storage 154 | - Azure Backup 155 | - Azure Site Recovery 156 | - Azure Availability Zones 157 | 158 | ### Steps 159 | 160 | 1. Set Up the Multi-Tier Web Application 161 | 162 | - Create an Azure App Service for the front-end and another for the back-end. 163 | - Deploy a sample web application to the front-end App Service. 164 | - Deploy a sample API to the back-end App Service. 165 | 2. Set Up Azure SQL Database and Blob Storage 166 | 167 | - Create an Azure SQL Database and populate it with sample data. 168 | - Create an Azure Blob Storage account and upload some sample unstructured data. 169 | 3. Implement Backup and Disaster Recovery 170 | 171 | - Configure Azure Backup to take regular backups of the App Service and Blob Storage. 172 | - Use Azure Site Recovery to set up disaster recovery for the Azure SQL Database and App Service. 173 | 4. Implement High Availability 174 | 175 | - Configure the App Service and SQL Database to use Azure Availability Zones. 176 | - Set up Azure Blob Storage with geo-redundant storage (GRS) for high availability. 177 | 5. Test Backup and Recovery 178 | 179 | - Perform test backups and restores using Azure Backup. 180 | - Execute a disaster recovery drill using Azure Site Recovery. 181 | 6. Test High Availability 182 | 183 | - Simulate failures to ensure that the App Service, SQL Database, and Blob Storage remain available. 184 | - Validate that the system automatically recovers and continues to function as expected. 185 | 186 | InfraGenius: A Comprehensive Azure Infrastructure Solution (Design infrastructure solutions) 187 | -------------------------------------------------------------------------------------------- 188 | 189 | ### Skill Description 190 | 191 | This skill measures your ability to design various types of compute solutions, application architectures, and migration strategies. It also assesses your expertise in designing network solutions that include connectivity, performance optimization, security, and load-balancing. 192 | 193 | ### Project Description 194 | 195 | In this project, you'll design and implement a comprehensive Azure infrastructure solution that includes a virtual machine-based application, containerized microservices, serverless functions, and batch processing tasks. You'll also integrate these components using a messaging architecture and migrate an on-premises database to Azure. Finally, you'll optimize network performance and security. 196 | 197 | ### Diagram Description 198 | 199 | The architecture consists of Azure VMs running a web application, Azure Kubernetes Service (AKS) for containerized microservices, Azure Functions for serverless computing, and Azure Batch for batch processing. Azure Service Bus is used for messaging, and Azure VPN Gateway connects on-premises networks to Azure resources. 200 | 201 | ### Programming Required? 202 | 203 | ✅ 204 | 205 | ### Azure Services Used 206 | 207 | - Azure Virtual Machines 208 | - Azure Kubernetes Service (AKS) 209 | - Azure Functions 210 | - Azure Batch 211 | - Azure Service Bus 212 | - Azure SQL Database 213 | - Azure VPN Gateway 214 | - Azure Network Security Groups 215 | - Azure Load Balancer 216 | 217 | ### Steps 218 | 219 | 1. Set Up Azure Virtual Machines 220 | 221 | - Create Azure VMs and deploy a sample web application. 222 | - Configure networking and security settings for the VMs. 223 | 2. Implement Containerized Microservices with AKS 224 | 225 | - Create an Azure Kubernetes Service cluster. 226 | - Deploy a sample microservices application to the AKS cluster. 227 | 3. Implement Serverless Computing with Azure Functions 228 | 229 | - Create an Azure Functions app. 230 | - Write and deploy a few sample serverless functions. 231 | 4. Implement Batch Processing with Azure Batch 232 | 233 | - Create an Azure Batch account. 234 | - Write and deploy a sample batch processing task. 235 | 5. Set Up Messaging with Azure Service Bus 236 | 237 | - Create an Azure Service Bus namespace. 238 | - Implement messaging between the VM-based application and the AKS microservices. 239 | 6. Migrate On-Premises Database to Azure SQL Database 240 | 241 | - Create an Azure SQL Database. 242 | - Migrate an on-premises database to Azure using Azure Database Migration Service. 243 | 7. Implement Network Optimization and Security 244 | 245 | - Create an Azure VPN Gateway to connect on-premises networks to Azure. 246 | - Optimize network performance using Azure Network Security Groups. 247 | - Implement load balancing using Azure Load Balancer. 248 | 8. Test the Complete Setup 249 | 250 | - Verify that all components (VMs, AKS, Functions, Batch) are working as expected. 251 | - Test the messaging through Azure Service Bus. 252 | - Validate the database migration. 253 | - Test network connectivity, performance, and security. 254 | -------------------------------------------------------------------------------- /az-400/README.md: -------------------------------------------------------------------------------- 1 | # Projects for AZ-400 2 | 3 | [![AZ-400 Projects](https://img.youtube.com/vi/Ej5NqFApUmc/sddefault.jpg)](https://youtu.be/Ej5NqFApUmc) 4 | 5 | [Study guide for Exam AZ-400: Designing and Implementing Microsoft DevOps Solutions](https://learn.microsoft.com/certifications/resources/study-guides/az-400) 6 | 7 | The AZ-400 exam measures an individual's expertise in designing and implementing DevOps practices using Azure DevOps and Microsoft Azure tools. The exam evaluates five core skill sets: configuring processes and communications for traceability and workflow; designing and implementing source control strategies including branching and repository management; building and managing release pipelines with considerations for automation, package management, and testing; developing a security and compliance plan focused on sensitive information management and automated scanning; and implementing an instrumentation strategy for monitoring and metrics analysis. Each skill set ensures that the candidate is proficient in optimizing the entire software development lifecycle for Azure applications. 8 | 9 | # Hands-on Projects 10 | 11 | ## 1. TraceableTribe (Configure Processes and Communications) 12 | 13 | ### Skills Practiced 14 | 15 | - Configure activity traceability and flow of work 16 | - Configure collaboration and communication 17 | 18 | ### Project Description 19 | 20 | In this project, you'll integrate Azure Boards, GitHub Actions, and Azure Pipelines to manage the flow of work items from creation to completion. You'll also implement custom dashboards for actionable insights, document the project with wikis and diagrams, and automate notifications and release documentation. 21 | 22 | ### Diagram description 23 | 24 | A flowchart illustrating the integration of Azure Boards, GitHub Actions, and Azure Pipelines. The chart will show how work items move from 'To Do' to 'Done' and how code changes trigger pipeline actions and update the board. 25 | 26 | ### Programming required?: ✅ 27 | 28 | ### Azure Services Used 29 | 30 | - Azure Boards 31 | - Azure Pipelines 32 | - GitHub Actions 33 | - Azure Monitor 34 | 35 | ### Steps 36 | 37 | 1. Initial Setup: 38 | 39 | - Create a new project in Azure DevOps. 40 | - Initialize a new repository on GitHub. 41 | 2. Azure Boards Configuration: 42 | 43 | - Enable Azure Boards and create a backlog. 44 | - Create different work item types like User Stories, Bugs, and Tasks. 45 | 3. Repository Integration: 46 | 47 | - Integrate the GitHub repository with Azure Boards. 48 | 4. Workflow Automation: 49 | 50 | - Create a GitHub Actions workflow that triggers on pull request events. 51 | - Integrate this workflow to update work item status in Azure Boards. 52 | 5. Azure Pipelines Configuration: 53 | 54 | - Set up a build and release pipeline in Azure Pipelines. 55 | - Connect this pipeline to your GitHub repository. 56 | - Implement traceability by linking pipeline runs to work items. 57 | 6. Metrics and Dashboards: 58 | 59 | - Use Azure Boards to create a custom dashboard. 60 | - Include widgets for cycle time, lead time, and other flow metrics. 61 | 7. Documentation and Diagrams: 62 | 63 | - Create a Wiki in Azure DevOps to document the project. 64 | - Use a tool like draw.io to create process diagrams and embed them in the Wiki. 65 | 8. Release Documentation: 66 | 67 | - Configure the Azure Pipeline to generate release notes and API documentation automatically. 68 | - Integrate this documentation into your project Wiki. 69 | 9. Notification Automation: 70 | 71 | - Set up webhook notifications to inform team members about key events, such as work item updates or pipeline failures. 72 | 10. Review and Test: 73 | 74 | - Review the entire setup for traceability and communication. 75 | - Perform a dry-run to validate that everything is working as expected. 76 | 77 | ## 2. BranchMaster: The Ultimate Source Control Hub (Design and Implement Source Control) 78 | 79 | ### Skills Practiced 80 | 81 | - Design and implement a source control strategy 82 | - Plan and implement branching strategies for the source code 83 | - Configure and manage repositories 84 | 85 | ### Project Description 86 | 87 | In this project, you'll set up a Git-based source control system using Azure Repos or GitHub, then implement advanced strategies for authentication, branching, and data recovery. You'll use Git hooks for workflow automation and will integrate with Azure Pipelines for CI/CD. 88 | 89 | ### Diagram description 90 | 91 | A flow diagram depicting the branching strategy (trunk, feature branches, release branches), the integration with Azure Pipelines, and the workflow hooks triggering various actions. 92 | 93 | ### Programming required?: ✅ 94 | 95 | ### Azure Services Used 96 | 97 | - Azure Repos or GitHub for source control 98 | - Azure Pipelines for CI/CD 99 | - Azure Active Directory for authentication 100 | 101 | ### Steps 102 | 103 | 1. Initial Repository Setup: 104 | 105 | - Create a new Git repository in Azure Repos or GitHub. 106 | 2. Authentication Strategy: 107 | 108 | - Implement SSH key-based authentication for the repository. 109 | - Optionally, integrate with Azure Active Directory. 110 | 3. Large Files Management: 111 | 112 | - Integrate Git LFS (Large File Storage) to handle large files. 113 | 4. Optimization Strategy: 114 | 115 | - Implement Git Scalar to speed up operations in your repository. 116 | 5. Workflow Hooks: 117 | 118 | - Implement pre-commit and post-commit hooks to automate workflows, such as code linting or issue linking. 119 | 6. Branching Strategy: 120 | 121 | - Create a trunk-based development model with separate branches for features and releases. 122 | 7. Pull Request Workflow: 123 | 124 | - Implement branch policies for pull requests to enforce code reviews, build validation, and other checks. 125 | 8. Branch Protections: 126 | 127 | - Implement restrictions on merging to protect important branches like 'main' or 'release'. 128 | 9. Azure Pipelines Integration: 129 | 130 | - Link your Azure Repos or GitHub repository to an Azure Pipeline for continuous integration and deployment. 131 | 10. Repository Management: 132 | 133 | - Configure repository permissions to control access. 134 | - Use tags to mark important milestones or versions. 135 | - Learn Git commands to recover lost commits or data. 136 | - Implement strategies to purge sensitive or unnecessary data from the repository history. 137 | 11. Test the Setup: 138 | 139 | - Simulate a workflow that takes a feature from a feature branch through a pull request, triggers the Azure Pipeline, and merges into the main trunk. 140 | 141 | ## 3. PipelinePalooza: A Comprehensive CI/CD Masterclass (Design and Implement Build and Release Pipelines) 142 | 143 | ### Skills Practiced 144 | 145 | - Designing and implementing pipeline automation 146 | - Package management strategy 147 | - Job execution order, parallelism, and multi-stage 148 | - Deployments with various strategies 149 | - Infrastructure as Code (IaC) 150 | - Maintaining pipelines 151 | 152 | ### Project Description 153 | 154 | In this project, you will design and implement a comprehensive CI/CD pipeline using Azure Pipelines and GitHub Actions. The pipeline will integrate various tools for code quality, package management, and deployments. You will also practice Infrastructure as Code (IaC) and implement monitoring and optimization for the pipeline. 155 | 156 | ### Diagram description 157 | 158 | The diagram will consist of multiple stages representing code building, automated testing, package management, deployment strategies, and monitoring. Each stage will be integrated with different tools and Azure services. 159 | 160 | ### Programming required?: ✅ 161 | 162 | ### Azure Services Used 163 | 164 | - Azure Pipelines 165 | - Azure Repos or GitHub 166 | - Azure Artifacts 167 | - Azure App Configuration Feature Manager 168 | - Azure Resource Manager 169 | - Azure Automation State Configuration 170 | - Azure Traffic Manager 171 | - Azure App Service 172 | 173 | ### Steps 174 | 175 | 1. Initial Setup: 176 | 177 | - Create a new Git repository in Azure Repos or GitHub. 178 | - Setup an Azure Pipeline for the repository. 179 | 2. Pipeline Automation: 180 | 181 | - Integrate code quality tools such as SonarQube. 182 | - Implement automated testing, including unit tests, integration tests, and UI tests. 183 | - Design and implement quality and release gates. 184 | 3. Package Management Strategy: 185 | 186 | - Set up Azure Artifacts and create feeds for NuGet and npm. 187 | - Implement a package versioning strategy. 188 | 4. Pipeline Design: 189 | 190 | - Use YAML to define pipeline stages, jobs, and steps. 191 | - Implement triggers for the pipeline based on your workflow. 192 | 5. Job Execution Order: 193 | 194 | - Design the pipeline for parallel execution where possible. 195 | - Create reusable elements such as task groups and variable groups. 196 | 6. Deployment Strategies: 197 | 198 | - Implement blue/green and canary deployments. 199 | - Use Azure Traffic Manager for load balancing. 200 | - Implement feature flags using Azure App Configuration Feature Manager. 201 | 7. Infrastructure as Code: 202 | 203 | - Implement IaC using Azure Resource Manager templates or Bicep. 204 | - Create a desired state configuration using Azure Automation State Configuration. 205 | 8. Pipeline Maintenance: 206 | 207 | - Monitor pipeline health using Azure Monitor or other tools. 208 | - Implement a retention strategy for pipeline artifacts. 209 | 9. Testing and Verification: 210 | 211 | - Run several builds and deployments to verify the entire pipeline workflow. 212 | 10. Optimization: 213 | 214 | - Analyze the pipeline load and optimize for performance and cost. 215 | 216 | 217 | ### 4. SecureIt: Azure Vault of Secrets (Developing a Security and Compliance Plan) 218 | 219 | ### Skills Practiced 220 | 221 | - Managing sensitive information in automation 222 | - Automating security and compliance scanning 223 | 224 | ### Project Description 225 | 226 | In this project, you will be focusing on creating a secure and compliant CI/CD pipeline for a sample application. You'll manage sensitive information like secrets, keys, and tokens securely, and you'll also integrate automated security and compliance scanning into the pipeline. This project aims to provide a working model of how to implement best practices for securing pipelines and code. 227 | 228 | ### Diagram description 229 | 230 | The diagram will consist of multiple components such as Source Control, Azure Pipelines, Azure Key Vault, GitHub Secrets, and various scanning tools like SonarQube, GitHub Code Scanning, and OWASP ZAP. Each component will interact securely to prevent leakage of sensitive information. 231 | 232 | ### Programming required?: ✅ 233 | 234 | ### Azure Services Used 235 | 236 | - Azure Pipelines 237 | - Azure Key Vault 238 | - Azure Monitor 239 | 240 | ### Steps 241 | 242 | 1. Initial Setup: 243 | 244 | - Create a new repository for your sample application. 245 | - Set up an Azure Pipeline for this repository. 246 | 2. Managing Sensitive Information: 247 | 248 | - Integrate Azure Key Vault to manage secrets and keys. 249 | - Use GitHub secrets for repository-specific sensitive information. 250 | - Implement and manage service connections and personal access tokens securely. 251 | 3. Pipeline Configuration for Sensitive Files: 252 | 253 | - Design your pipeline to handle sensitive files securely during the build and release phases. 254 | - Implement strategies to prevent the leakage of sensitive information. 255 | 4. Automate Code Scanning: 256 | 257 | - Integrate GitHub Code Scanning and SonarQube into the pipeline for static code analysis. 258 | 5. Automate Security Scanning: 259 | 260 | - Implement container scanning and OWASP ZAP for dynamic security scanning. 261 | 6. Automate Compliance Scanning: 262 | 263 | - Use tools like Mend Bolt and GitHub Dependency Scanning to automatically analyze licensing, vulnerabilities, and versioning of open-source components. 264 | 7. Monitoring and Logging: 265 | 266 | - Use Azure Monitor to keep track of all activities, especially the access and use of secrets and tokens. 267 | 8. Pipeline Testing: 268 | 269 | - Run several builds and releases to ensure all security and compliance checks are functioning as expected. 270 | 9. Documentation: 271 | 272 | - Document all configurations, scanning results, and any manual steps necessary for maintaining security and compliance. 273 | 10. Review and Optimization: 274 | 275 | - Conduct a review of the configurations to make sure they align with security best practices. 276 | - Optimize where necessary. 277 | 278 | 279 | ## 5. EyeOnIt: Azure Metrics Maestro (Implementing an Instrumentation Strategy) 280 | 281 | ### Skills Practiced 282 | 283 | - Configuring monitoring for a DevOps environment 284 | - Analyzing metrics and interpreting logs 285 | 286 | ### Project Description 287 | 288 | In this project, you will set up monitoring and analytics for a DevOps environment using Azure Monitor and Azure Application Insights. You will define key application and infrastructure performance indicators, set up alerts for pipeline events, and analyze metrics using Kusto Query Language (KQL). 289 | 290 | ### Diagram description 291 | 292 | The diagram should include the application, Azure Pipelines, Azure Monitor, and Azure Application Insights. It should show data flow from the application to Azure Monitor and Azure Application Insights. User interactions triggering Application Insights should also be indicated. 293 | 294 | ### Programming required?: ✅ 295 | 296 | ### Azure Services Used 297 | 298 | - Azure Monitor 299 | - Azure Application Insights 300 | - Azure Pipelines 301 | 302 | ### Steps 303 | 304 | 1. Initial Setup: 305 | 306 | - Create a new repository for a sample application (e.g., a simple web application). 307 | - Create an Azure Pipeline for CI/CD for the sample application. 308 | 2. Configuring Monitoring Tools: 309 | 310 | - Set up Azure Monitor and Azure Application Insights for the sample application. 311 | - Integrate these services with Azure Pipelines. 312 | 3. Access Control: 313 | 314 | - Configure who has access to Azure Monitor and Application Insights. 315 | 4. Setting Up Alerts: 316 | 317 | - Configure alerts in Azure Monitor for various pipeline events (build failure, deployment failure, etc.). 318 | 5. Setting Up Key Performance Indicators (KPIs): 319 | 320 | - Identify and set up application KPIs in Application Insights (e.g., page load time). 321 | - Identify and set up infrastructure KPIs in Azure Monitor (e.g., CPU usage, disk usage). 322 | 6. Analyze Metrics: 323 | 324 | - Inspect application performance using Application Insights. 325 | - Inspect infrastructure performance using Azure Monitor. 326 | 7. Business Metrics: 327 | 328 | - Set up and monitor metrics that are aligned with business value, like user engagement. 329 | 8. Kusto Query Language (KQL): 330 | 331 | - Use basic KQL queries to interrogate logs for deeper insights. 332 | 9. Testing: 333 | 334 | - Use the application to generate metrics and ensure that all KPIs and alerts are working as expected. 335 | 10. Documentation: 336 | 337 | - Document the monitoring setup, key metrics, and any custom KQL queries you've created. --------------------------------------------------------------------------------