DEV Community

Antonio Di Motta
Antonio Di Motta

Posted on

The powershell way to validate Azure infrastructure

One of the most important challenge in the cloud era is to use the flexibility provided in the most productive way possible for our projects. To help about this Microsoft provides a set of guiding tenets called Azure Well-Architected Framework, that can be used to improve the quality of a workload.

The framework consists of five pillars of architectural excellence:

Image description

The set of rules are available directly on Microsoft documentation.

To validate an infrastructure about the following of rules, we can use Azure Advisor which is able to make an assessment review of the resources provisioned by generating a set of recommendations.

As devops I prefer an alternative way based on Powershell called PSRule for Azure which provides a suite of rules to validate resources and infrastructure as code (IaC) using PSRule. It provides two methods for analyzing Azure resources:

  • Pre-flight - Before resources are deployed from Azure Resource Manager templates.
  • In-flight - After resources are deployed to an Azure subscription.

Below an example of In-flight use:

# STEP 1: Install PSRule.Rules.Azure from the PowerShell Gallery
Install-Module -Name 'PSRule.Rules.Azure' -Scope CurrentUser;

# STEP 2: Authenticate to Azure, only required if not currently connected
Connect-AzAccount;

# Confirm the current subscription context
Get-AzContext;

# STEP 3: Exports a resource graph stored as JSON for analysis
Export-AzRuleData -OutputPath 'out/templates/';

# STEP 4: Run analysis against exported data
Invoke-PSRule -InputPath 'out/templates/' -Module 'PSRule.Rules.Azure' -As Summary;

RuleName                            Pass  Fail  Outcome
--------                            ----  ----  -------
Azure.ACR.MinSku                    0     1     Fail
Azure.AppService.PlanInstanceCount  0     1     Fail
Azure.AppService.UseHTTPS           0     2     Fail
Azure.Resource.UseTags              73    36    Fail
Azure.SQL.ThreatDetection           0     1     Fail
Azure.SQL.Auditing                  0     1     Fail
Azure.Storage.UseReplication        1     7     Fail
Azure.Storage.SecureTransferRequ... 2     6     Fail
Azure.Storage.SoftDelete            0     8     Fail
Enter fullscreen mode Exit fullscreen mode

Some examples of PSRule for Azure module usage are:

Top comments (0)