AAD Azure Azure AD Application Proxy Azure Security Center Functions NodeJS

Developer experience on steroids with Azure AD App Proxy and Azure Functions Host

julkaissut Joosua Santasalo
Comments 0

I’ve been using Azure AD App Proxy a lot in my time and I continue finding it useful in new scenarios all the time. This time I wanted to expose part of Azure Functions Host without opening the function host from Network Security Groups for inbound access of Logic Apps HTTP action.

I did find the configuration fairly simple, and straightforward, so I created this short blog to document some configuration notes.

Use case

The use case I had was to replicate Azure Functions Consumption plan scenario, but running Azure Functions Host (Func Host Start) in my remote development VScode Server.

  • Click for larger image

Related to PoC part 0 – Integrating Azure Security Center Alerts with MS Teams!

  • Logic App that gets inbound data from Azure Security Center
  • Azure Function that parses the data and posts to Teams Webhook an Azure Alert

Configuration notes

VSCode remote host

  • This host can be run in a ”throwaway mode”, as it takes only few mins to provision new one in Azure including the tools used. All data is contained in Github repository.
  • The remote host runs as VScode server
https://code.visualstudio.com/docs/remote/ssh
  • The server is Ubuntu with Node, NPM, NVM, and azure-functions-core-tools installed
https://github.com/Azure/azure-functions-core-tools

Azure AD App Proxy configuration

  • Windows Server Core VM / or normal VM (I prefer the lightweight ”headless” version here) //
    • App Proxy Agent (Silent install)
    • Would love to see Azure AD Application Proxy Agent as Linux container. Somebody with .NET provess could probably say if its in .NET Core?
  • Private network connectivity to Linux VM running Azure Functions
  • App Proxy Enterprise Application in Azure
    • I am using passthrough mode here, but if this was a serious need, you can easily add authorization headers to your test client or the Logic Apps you are using

Thats all it takes

  • I am thinking about automating the App Proxy connectivity from inside the NodeJS app. Using ”Publish this app for remote development” type functionality. All the API’s etc are there, but currently even manually this process takes only few minutes to setup new connector existing environment. Perhaps I want to bring it down to 1 minute :)?
  • Don’t hesitate to ping in the comments If you’d like to have additional screenshots or information of the setup

Br Joosua!

0 comments on “Developer experience on steroids with Azure AD App Proxy and Azure Functions Host

Vastaa

Täytä tietosi alle tai klikkaa kuvaketta kirjautuaksesi sisään:

Gravatar
WordPress.com-logo

Olet kommentoimassa WordPress.com -tilin nimissä. Log Out /  Muuta )

Facebook-kuva

Olet kommentoimassa Facebook -tilin nimissä. Log Out /  Muuta )

Peruuta

Muodostetaan yhteyttä palveluun %s

%d bloggaajaa tykkää tästä: