// Infrastructure as Code

Recorded on a Monday morning after a sunny weekend, vlog #24 delivers the week's Azure, Azure DevOps, and GitHub news — covering Azure Virtual Desktop's rebrand, enterprise-scale landing zones for AKS, Azure Migrate private endpoint support, and GitHub supply chain security updates. Chris also recaps recent Cloud with Chris sessions on GitHub Actions, Azure Arc for apps, hybrid cloud, and the Geode pattern, then previews the upcoming Azure VMware Solution session with Shannon Keane and John Lund's cloud journey.

On the first AZ Community Roundtable show, James Cook introduces himself for the first time as the host. After guest speakers Chris and Martin introduce themselves, James discusses Microsoft Build news on App Services adopting Cloud Native approach using Kubernetes so it can be used on other platforms. Martin talks about how infrastructure as Code is being adopted and it's place currently in organisations. Chris brings up what individuals are looking for in DevOps tools, the features we enjoy and a quick talk on the Azure DevOps vs GitHub hot topic on social media.

Chris is joined by Matt Bradley, who helped establish the Public Cloud division at UKFast, to discuss four years of hands-on Azure experience. From migration and consultancy through DevOps automation, container orchestration, and hybrid cloud management with Azure Arc, Matt shares practical lessons, infrastructure as code trade-offs, compliance benefits, and why you must always design for failure in cloud workloads.

Once you have a working GitHub Actions workflow, the next challenge is safely deploying across dev, staging, and production with the right secrets in the right places. This episode deep-dives into GitHub Actions Environments: how to scope secrets per environment to enforce the principle of least privilege, configure required reviewers and wait timers as production gates, and assign service principals with minimal Azure RBAC permissions. A live demo deploys the cloudwithchris.com Hugo site to Azure Storage, making every concept concrete.

Weekly Vlog #16 covers significant IoT Edge updates — including nested device hierarchies now GA and zero-touch provisioning blueprints — plus the GA of Azure API Management support for availability zones and a new open-source API portal. GitHub highlights include a detailed guide to implementing least-privilege secrets in GitHub Actions using environments and branch protection rules, and the GitHub CLI's new support for managing Actions workflows from the terminal. Chris recaps two Global Azure talks on Hugo static sites and GitHub Actions, shares a SecurityHeaders.com deep-dive using Azure CDN rules, and previews Azure RBAC data-plane content and an upcoming Azure Spring Cloud session.

Weekly Vlog #13 covers an action-packed Azure week: enterprise landing zones with modular designs, zonal disaster recovery via Azure Site Recovery, Security Center compliance enhancements, and Mark Russinovich's standout Ignite session on Azure innovation. The GitHub roundup highlights the GitHub Actions capture-the-flag security writeup and a multi-stage exploit chain from the GitHub Security Lab — essential reading for any DevSecOps practitioner. Cloud with Chris updates include the channel's most-viewed video to date on Git internals, a Fuse.js-powered site search, series navigation, and a packed April talk schedule featuring the Northern Azure User Group (alongside Scott Hanselman) and Global Azure Bootcamp.

Three months and 350+ subscribers in, with content shipping every day of the past week: a GitHub Codespaces Cloud Drop, the final GPG commit-signing instalment covering YubiKey hardware key storage, a Welsh Azure User Group lightning talk on GitHub Actions, and a Terraform Cloud deep-dive on Azure state management. Azure news centres on Microsoft's commitment to bring Availability Zones to every region by end of 2021, new forecasted cost alerts for Azure Budgets, and the Start Small & Expand landing zone guidance from Sarah Lean and Thomas Maurer. GitHub updates include Dependabot gaining private registry support, CodeQL scanning for Solarigate traces, and a detailed post-mortem on the recent GitHub.com security incident.

You may have heard of Terraform, but are you aware of Terraform Cloud or Terraform Enterprise? In this session, Chris walks through how he uses Terraform Cloud to deploy infrastructure onto Azure — covering HCL, the Azure RM provider, remote state management, Terraform modules, and a VCS-driven CI/CD pipeline via GitHub integration. Learn how Terraform Cloud's managed state compares to a self-hosted Azure Storage Account backend, and how terraform plan and terraform apply fit into an automated deployment workflow.

Vlog #11 debuts a refreshed brand and on-screen layout, then covers a busy week: the third instalment of Chris's GPG commit-signing series (linking keys to Git and GitHub), the Cache Aside cloud design pattern episode, and a preview of the upcoming YubiKey-focused Part 4. Azure news centres on the preview of Trusted Launch VMs (defending against bootkits and rootkits), Azure Defender for Storage's new malware-upload detection, and Naraya — the ML system Microsoft uses to predict and proactively mitigate infrastructure failures at scale. On the security operations side, GitHub and Azure DevOps announce automated token revocation for leaked PATs found on public GitHub repositories.

What exactly is an Azure Landing Zone, and why does every cloud architect keep talking about it? In this episode, Chris Reddington is joined by Karim Fahmy — an Azure Solutions Architect with over 12 years of IT experience — to demystify Azure Landing Zones and their place within the Cloud Adoption Framework. Learn how landing zones provide the structured foundation covering networking topology, identity, governance, subscriptions, and security that your workloads need to succeed in the cloud. The episode also covers Azure Blueprints, Terraform automation, and real-world strategies for incrementally building and evolving your cloud foundation over time.