Cloud engineering
notes from production.
Real-world Azure infrastructure patterns. Documented after deployment, not before. Focus on automation, security, and the things that actually break at scale.
Azure
Terraform
PowerShell
Security
Automation
The Archive
Latest writing
Least Privilege Studio: An Azure RBAC Tool
Read article →: Least Privilege Studio: An Azure RBAC ToolIf you’ve ever set up a service principal in Azure and thought “I’ll just use Contributor for now” — this is for you. It’s not carelessness, it’s that…
Hardening Entra ID with Terraform
A practical implementation guide covering identity baseline, privileged access, conditional access, and monitoring – fully managed as infrastructure as code. Entra ID is the…
Azure Cloud Adoption: Landing Zones, WAF, and the Big Picture
This post is different from my usual project or solution based posts — no code, no architecture diagrams. Just the mental model I wish…
Private Azure Monitoring at Scale — Terraform, Zero Public Traffic
Modern enterprise cloud architectures demand more than just functional monitoring — they demand secure monitoring. By default, the Azure Monitor Agent ships logs and…
Automated Azure VM Power Management with a Tag-Driven Runbook
In a previous post, I introduced a lightweight, tag-driven VM power management solution in Azure that combined an Automation Runbook with a custom PowerShell…
Entra ID Login with Azure Bastion (Public Preview)
Managing credentials for virtual machines has always been a balancing act between security, usability, and operational overhead. With the new native Microsoft Entra ID…
Deploying Agents to Azure VMs Using Azure Policy and VM Applications
The Problem: Organizations need to deploy agents, monitoring tools or security agents across all Azure VMs consistently. Traditional approaches often fall short: The Solution:…
Built with
The stack I write about
Microsoft Azure
// Cloud platform
Terraform
// HCL & modules
Bicep
// Native Azure IaC
PowerShell
// Scripts & tooling
Identity
// Entra ID & RBAC
Security
// Hardening & policy
Automation
// CI/CD & runbooks
Networking
// VNets & firewalls
Things I build
Tools & projects
One free tool I run, plus a steady stream of smaller automations and scripts I’ve open-sourced along the way.
Live
Least Privilege Studio
A free tool that helps you find exactly the Azure RBAC permissions you need — nothing more. Browse, search, and combine roles based on real Azure data.
leastprivilegestudio.com
About
Cloud engineer based in Zürich, Switzerland.
I work on enterprise-scale Azure infrastructure with a focus on automation, security, and Infrastructure as Code. Most of what I write here comes from problems I had to solve at work — where the documentation ran out and I had to figure things out the hard way.
If something here saved you a few hours, that’s the whole point.
Years on Azure
6+
Articles published
24
Primary stack
Azure · Terraform
Location
Zürich, CH
Status
● Open to chat