One of the most important challenge in the cloud era is to use the flexibility provided in the most productive way possible for our projects. To help about this Microsoft provides a set of guiding tenets called Azure Well-Architected Framework, that can be used to improve the quality of a workload.
The framework consists of five pillars of architectural excellence:
The set of rules are available directly on Microsoft documentation.
To validate an infrastructure about the following of rules, we can use Azure Advisor which is able to make an assessment review of the resources provisioned by generating a set of recommendations.
As devops I prefer an alternative way based on Powershell called PSRule for Azure which provides a suite of rules to validate resources and infrastructure as code (IaC) using PSRule. It provides two methods for analyzing Azure resources:
- Pre-flight - Before resources are deployed from Azure Resource Manager templates.
- In-flight - After resources are deployed to an Azure subscription.
Below an example of In-flight use:
# STEP 1: Install PSRule.Rules.Azure from the PowerShell Gallery
Install-Module -Name 'PSRule.Rules.Azure' -Scope CurrentUser;
# STEP 2: Authenticate to Azure, only required if not currently connected
Connect-AzAccount;
# Confirm the current subscription context
Get-AzContext;
# STEP 3: Exports a resource graph stored as JSON for analysis
Export-AzRuleData -OutputPath 'out/templates/';
# STEP 4: Run analysis against exported data
Invoke-PSRule -InputPath 'out/templates/' -Module 'PSRule.Rules.Azure' -As Summary;
RuleName Pass Fail Outcome
-------- ---- ---- -------
Azure.ACR.MinSku 0 1 Fail
Azure.AppService.PlanInstanceCount 0 1 Fail
Azure.AppService.UseHTTPS 0 2 Fail
Azure.Resource.UseTags 73 36 Fail
Azure.SQL.ThreatDetection 0 1 Fail
Azure.SQL.Auditing 0 1 Fail
Azure.Storage.UseReplication 1 7 Fail
Azure.Storage.SecureTransferRequ... 2 6 Fail
Azure.Storage.SoftDelete 0 8 Fail
Some examples of PSRule for Azure module usage are:
Top comments (0)