DEV Community

Antonio Di Motta
Antonio Di Motta

Posted on

4

The powershell way to validate Azure infrastructure

One of the most important challenge in the cloud era is to use the flexibility provided in the most productive way possible for our projects. To help about this Microsoft provides a set of guiding tenets called Azure Well-Architected Framework, that can be used to improve the quality of a workload.

The framework consists of five pillars of architectural excellence:

Image description

The set of rules are available directly on Microsoft documentation.

To validate an infrastructure about the following of rules, we can use Azure Advisor which is able to make an assessment review of the resources provisioned by generating a set of recommendations.

As devops I prefer an alternative way based on Powershell called PSRule for Azure which provides a suite of rules to validate resources and infrastructure as code (IaC) using PSRule. It provides two methods for analyzing Azure resources:

  • Pre-flight - Before resources are deployed from Azure Resource Manager templates.
  • In-flight - After resources are deployed to an Azure subscription.

Below an example of In-flight use:

# STEP 1: Install PSRule.Rules.Azure from the PowerShell Gallery
Install-Module -Name 'PSRule.Rules.Azure' -Scope CurrentUser;

# STEP 2: Authenticate to Azure, only required if not currently connected
Connect-AzAccount;

# Confirm the current subscription context
Get-AzContext;

# STEP 3: Exports a resource graph stored as JSON for analysis
Export-AzRuleData -OutputPath 'out/templates/';

# STEP 4: Run analysis against exported data
Invoke-PSRule -InputPath 'out/templates/' -Module 'PSRule.Rules.Azure' -As Summary;

RuleName                            Pass  Fail  Outcome
--------                            ----  ----  -------
Azure.ACR.MinSku                    0     1     Fail
Azure.AppService.PlanInstanceCount  0     1     Fail
Azure.AppService.UseHTTPS           0     2     Fail
Azure.Resource.UseTags              73    36    Fail
Azure.SQL.ThreatDetection           0     1     Fail
Azure.SQL.Auditing                  0     1     Fail
Azure.Storage.UseReplication        1     7     Fail
Azure.Storage.SecureTransferRequ... 2     6     Fail
Azure.Storage.SoftDelete            0     8     Fail
Enter fullscreen mode Exit fullscreen mode

Some examples of PSRule for Azure module usage are:

AWS Security LIVE!

Join us for AWS Security LIVE!

Discover the future of cloud security. Tune in live for trends, tips, and solutions from AWS and AWS Partners.

Learn More

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more