Use a chaos experiment template to induce an outage on an Azure Active Directory instance
You can use a chaos experiment to verify that your application is resilient to failures by causing those failures in a controlled environment. In this article, you induce an outage on an Azure Active Directory resource using a pre-populated experiment template and Azure Chaos Studio.
Prerequisites
- An Azure subscription. If you don't have an Azure subscription, create an Azure free account before you begin.
- A network security group.
Enable Chaos Studio on your network security group
Azure Chaos Studio can't inject faults against a resource until that resource is added to Chaos Studio. To add a resource to Chaos Studio, create a target and capabilities on the resource. Network security groups have only one target type (service-direct) and one capability (set rules). Other resources might have up to two target types. One target type is for service-direct faults. Another target type is for agent-based faults. Other resources might have many other capabilities.
Open the Azure portal.
Search for Chaos Studio in the search bar.
Select Targets and find your network security group resource.
Select the network security group resource and select Enable targets > Enable service-direct targets.
Select Review + Enable > Enable.
You've now successfully added your network security group to Chaos Studio.
Create an experiment from a template
Now you can create your experiment from a pre-filled experiment template. A chaos experiment defines the actions you want to take against target resources. The actions are organized and run in sequential steps. The chaos experiment also defines the actions you want to take against branches, which run in parallel.
In Chaos Studio, go to Experiments > Create > New from template.
Select AAD Outage.
Add a name for your experiment that complies with resource naming guidelines. Select Next: Permissions.
For your chaos experiment to run successfully, it must have sufficient permissions on target resources. Select a system-assigned managed identity or a user-assigned managed identity for your experiment. You can choose to enable custom role assignment if you would like Chaos Studio to add the necessary permissions to run (in the form of a custom role) to your experiment's identity. Select Next: Experiment designer.
Within the NSG Security Rule (version 1.1) fault, select Edit.
Review fault parameters and select Next: Target resources.
Select the network security group resource that you want to use in the experiment. Select Save.
Select Review + create > Create to save the experiment.
Run your experiment
You're now ready to run your experiment.
- In the Experiments view, select your experiment. Select Start > OK.
- When Status changes to Running, select Details for the latest run under History to see details for the running experiment.
Next steps
Now that you've run an AAD outage template experiment, you're ready to:
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for