Giter VIP home page Giter VIP logo

psrule.rules.azure's Introduction

PSRule for Azure

A suite of rules to validate Azure resources using PSRule.

ci-badge

Features of PSRule for Azure include:

  • Ready to go - Leverage over 100 pre-built rules to validate Azure resources.
  • DevOps - Validate resources pre or post-deployment.
  • Cross-platform - Run on MacOS, Linux and Windows.

Disclaimer

This project is open source and not a supported product.

If you are experiencing problems, have a feature request, or a question, please check for an issue on GitHub. If you do not see your problem captured, please file a new issue, and follow the provided template.

If you have any problems with the PSRule engine, please check the project GitHub issues page instead.

Getting the modules

This project requires the PSRule and Az PowerShell modules. For details on each see install.

You can download and install these modules from the PowerShell Gallery.

Module Description Downloads / instructions
PSRule.Rules.Azure Validate Azure resources latest / instructions

Getting started

PSRule for Azure provides two methods for analyzing Azure resources:

  • Pre-flight - Before resources are deployed from Azure Resource Manager templates.
  • In-flight - After resource are deployed to an Azure subscription.

The following example shows basic In-flight usage. For specific use cases see scenarios.

For additional details see the FAQ.

Export resource data

To validate Azure resources running in a subscription, export the resource data with the Export-AzRuleData cmdlet. The Export-AzRuleData cmdlet exports a resource graph for one or more subscriptions that can be used for analysis with the rules in this module.

By default, resources for the current subscription context are exported. See below for more options.

Before running this command you should connect to Azure by using the Connect-AzAccount cmdlet.

For example:

# Authenticate to Azure, only required if not currently connected
Connect-AzAccount;

# Export resource data
Export-AzRuleData;

Validate resources

To validate Azure resources use the extracted data with the Invoke-PSRule cmdlet.

For example:

Invoke-PSRule -InputPath .\*.json -Module 'PSRule.Rules.Azure';

Additional options

By default, resource data for the current subscription context will be exported to the current working directory as JSON.

To export resource data for specific subscriptions use:

  • -Subscription - to specify subscriptions by id or name.
  • -Tenant - to specify subscriptions within an Azure Active Directory Tenant by id.

For example:

# Export data from two specific subscriptions
Export-AzRuleData -Subscription 'Contoso Production', 'Contoso Non-production'

To export specific resource data use:

  • -ResourceGroupName - to filter resources by Resource Group.
  • -Tag - to filter resources based on tag.

For example:

# Export information from two resource groups within the current subscription context
Export-AzRuleData -ResourceGroupName 'rg-app1-web', 'rg-app1-db'

To export resource data for all subscription contexts use:

  • -All - to export resource data for all subscription contexts.

For example:

# Export data from all subscription contexts
Export-AzRuleData -All;

To filter results to only failed rules, use Invoke-PSRule -Outcome Fail. Passed, failed and error results are shown by default.

For example:

# Only show failed results
Invoke-PSRule -InputPath .\*.json -Module 'PSRule.Rules.Azure' -Outcome Fail;

The output of this example is:

   TargetName: storage

RuleName                            Outcome    Recommendation
--------                            -------    --------------
Azure.Storage.UseReplication        Fail       Storage accounts not using GRS may be at risk
Azure.Storage.SecureTransferRequ... Fail       Storage accounts should only accept secure traffic
Azure.Storage.SoftDelete            Fail       Enable soft delete on Storage Accounts

A summary of results can be displayed by using Invoke-PSRule -As Summary.

For example:

# Display as summary results
Invoke-PSRule -InputPath .\*.json -Module 'PSRule.Rules.Azure' -As Summary;

The output of this example is:

RuleName                            Pass  Fail  Outcome
--------                            ----  ----  -------
Azure.ACR.MinSku                    0     1     Fail
Azure.AppService.PlanInstanceCount  0     1     Fail
Azure.AppService.UseHTTPS           0     2     Fail
Azure.Resource.UseTags              73    36    Fail
Azure.SQL.ThreatDetection           0     1     Fail
Azure.SQL.Auditing                  0     1     Fail
Azure.Storage.UseReplication        1     7     Fail
Azure.Storage.SecureTransferRequ... 2     6     Fail
Azure.Storage.SoftDelete            0     8     Fail

Scenarios

For walk through examples of PSRule.Rules.Azure module usage see:

Rule reference

For a list of rules included in the PSRule.Rules.Azure module see:

Baseline reference

The following baselines are included within PSRule.Rules.Azure.

Language reference

PSRule for Azure extends PowerShell with the following cmdlets.

Commands

The following commands exist in the PSRule.Rules.Azure module:

Concepts

The following conceptual topics exist in the PSRule.Rules.Azure module:

Changes and versioning

Modules in this repository will use the semantic versioning model to declare breaking changes from v1.0.0. Prior to v1.0.0, breaking changes may be introduced in minor (0.x.0) version increments. For a list of module changes please see the change log.

Pre-release module versions are created on major commits and can be installed from the PowerShell Gallery. Pre-release versions should be considered experimental. Modules and change log details for pre-releases will be removed as standard releases are made available.

Contributing

This project welcomes contributions and suggestions. If you are ready to contribute, please visit the contribution guide.

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Maintainers

License

This project is licensed under the MIT License.

psrule.rules.azure's People

Contributors

anwather avatar berniewhite avatar dependabot[bot] avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.