name

The service URL returned after creating our Principal Service

password

The password returned after creating our Principal Service

tenant

The tenant ID returned after creating our Principal Service

organization

project

webUrl

Discover how to design complex event-driven architectures in Azure, with insights into resource management, monitoring, and integrating VMs and databases for enterprise solutions.

Building Event Driven and Microservices Architecture in Azure.png

azure_microservices.tar.gz

run pwsh

run code

run code-cli

run code-cli-copy

Building a cloud infrastructure can be a challenging task. There are a lot of dependencies in your software and services like database, storage, and connections to log analytics that make it difficult.

In this course, you will learn how to easily design and build complex solutions based on the Event-Driven Architecture in the Azure Cloud. You will cover how to design, manage and monitor infrastructure. You will also learn how to select and combine resources like virtual machines and run books, databases, and application servers.

By the time you finish this course, you will be able to design and build complex architectures for enterprise-ready solutions based on Azure Cloud.

For the course, basic knowledge of Azure cloud or another cloud provider is needed.

Building Event Driven and Microservices Architecture in Azure

# Managed Services Identities (MSI)
Managed Services Identities (MSI) is a service that allows your applications or functions to get access to other Azure resources. MSI is based on Principal Accounts and OAuth2. In our case, we need access to the storage queue from the Function app.

When MSI is enabled for your resource, Azure will create a Service Principal in the Active Directory associated with this resource. However, this principal account will not have its permission set, so we will need to assign the permission explicitly. This will be the last step of the pipeline.

When the Principal is created and the required permission is assigned, MSI will work based on the OAuth2 token-based algorithm. Before accessing the storage queue, the Function app service principal sends its credentials to receive a JWT token from the #key# AAD: Azure Active Directory #key#. The function then sends this token to the storage queue. The storage queue sends this token to the ADD for validation before providing access to the function. The whole process can be visualized as such:

Get an overview of Managed Services Identities (MSI) and learn how to set them up.

Introduction

Architecture

Building CI/CD

Conclusion

Setting up Managed Identity

Managed Services Identities (MSI)