PSRule: One of the best ways to validate templates in the cloud

In recent endeavors, I have undertaken an in-depth exploration of PSRule, a rules engine specifically designed for testing Infrastructure as Code (IaC). PSRule operates by subjecting IaC artifacts such as templates, manifests, pipelines, and workflows to static analysis through rules either authored or imported.

The rules engine serves as a validation mechanism for Bicep and ARM templates, allowing scrutiny against a predefined set of rules and conditions established by the user or derived from corporate standards. Notably, a newly introduced module named PSRule for Azure aligns with Well-Architected Framework best practices. These tests allow you to check your Infrastructure as Code (IaC) before or after deployment to Azure.

Concurrently, community contributors are actively engaged in developing supplementary modules for PSRule, concentrating on its applicability within DevOps and GitHub Actions. I am actively investigating the formulation of rules conforming to established standards such as HIPAA, NIS, and other compliance mandates, with detailed insights anticipated in subsequent communications.

PSRule supports running within continuous integration (CI) systems or locally. It is shipped as a PowerShell module which makes it easy to install and distribute updates.  Rules can be written in Powershell, JSON or YAML.  It also supports expressions and assertions. In most cases expressions and assertion method names match. Check to documentation for more details. Documentation and setup guidelines are available on the PSRule Microsoft site.

Based on my work with PSRule, it seems straightforward so far. You have to be pretty well versed in templates, JSON, and PowerShell, but the documentation on it is really well written. It will take some time to get it setup if you are a beginner and don’t quite understand the technology stack. Overall, I really like it.