At last, welcome Cloud Guru. As you've no doubt guessed, I am Wayne Hoggett, Azure training architect at A Cloud Guru. It's an honor to meet you. I imagine right now you're feeling a little bit like Alice, fumbling around the Azure portal. I can see it in your eyes. You have the look of someone who accepts what they deploy because they're expecting to wake up. Ironically, this is not far from the truth.

Do you believe in fate, guru? Do you worry that you're not in control of your deployments? I know exactly what you mean. Let me tell you why you are here. You're here because you know something, you can't explain it. You can feel it. You've felt it your entire career. There is something wrong with the way you currently deploy to Azure. You don't know what it is, but it's there like a splinter in your mind, driving you mad. And it is this feeling that has brought you to me.

Do you know what it is? It's all around you. It's there when you deploy your storage account or update your network security groups. You can see it when you look at your subscriptions. You can feel it when you open Azure Advisor and when you pay your Azure bills, it is the world that has been pulled over your eyes to blind you from the truth. This is your last chance. After this, there is no turning back. You take the blue pill, the story ends.

You wake up and believe whatever you want to believe. You take the red pill and you stay in Wonderland and Bernie White and I show you how far you can go with Azure Infrastructure as Code. Now we spend a lot of time working with the Azure portal, which is great for us to understand how Azure works. But in the real world, you'll use a variety of tools to ensure you deploy to Azure in a responsible way and get those deployments ready for the real world. Today we'll take a look at one of those tools that you can use, and it's my pleasure to introduce to you all, Bernie White from Microsoft.

He's going to tell you how you can level up your Azure deployments. Bernie, it's great to have you on this episode of Azure this week ever since I met you at our local Azure user group here in Brisbane, Australia. I've been keen to get you on the show. So why don't you start by telling us a little bit about yourself and your role at Microsoft. Yeah, thanks Wayne. Yeah, my name's Bernie White,

and I'm a cloud solution architect, so I am based out of Brisbane in Australia. Uh, so it's good to be joining you here, uh, today. And yeah, so I've been at Microsoft for, uh, almost six years, uh, and really just focusing in on the Azure space, spending a lot of time on, um, Azure deployments, um, automation infrastructures, code DevOps, and a lot of governance as well. Yeah. Awesome. And why don't you tell us your, um, pet project, what you've been working on? Yeah, so I guess one of the things that I wanted to share with you today is, uh, called PSRule for Azure. Uh, PSRule for Azure is a, uh,

infrastructure as code project that helps you deploy your infrastructures ascode using well architected framework, uh, recommendations from Microsoft. And yeah, it really just helps out with the static analysis of your code really to make sure that then when you deploy to Azure, you get a good experience in terms of that you get deployments that then are more successful the first time, uh, because they align to the recommendations. Uh, but also it'll also helps you build and tune your infrastructure as code so that then you can again, uh, you know, deploy things that are more secure, performant, cost optimized, those types of things. Yeah. Awesome. And so what made you create PSRule for Azure? Cause it's quite like, it combines a few of the things that I really love, including PowerShell, infrastructure as code and Azure.

So what made you decide I need, I need, I need to create a tool like this? Yeah, it's, it's a long story. I'll give you the brief, uh, version, but, uh, originally when I sort of first started, um, I sort of needed a tool to start doing, uh, like assessments and sort of understand where compliance was at, uh, for different customers that I was working with. Uh, but then shortly after that I realized that there was a greater need, uh, for then doing things, particularly from an infrastructure's code perspective. Uh, and at the time there wasn't really anything that was playing in that space. And specifically with things like Azure deployments, uh, with things like Arm templates or bicep code, then really there's quite a few things and quite a few moving parts that then you sort of need to take care of before you can actually really test it.

So what I'm talking about here is, uh, when you've got a bicep, uh, module, uh, you need to deploy it, typically you've got multiple files, so you might have the module plus then a deployment file that then references it. And, uh, it's not just as simple as looking at the file and then, uh, determining, you know, is this a pass or a fail because the text by itself doesn't tell the full story. Um, really, uh, you know, when you're deploying a module, you could be pulling in multiple files, um, there are some Azure defaults as well that then you sort of need to understand, and some of those defaults and or the configuration that people choose or the parameters that they pass in may not align with the well-architected framework. So really what we need to do is we need to sort of bring that all together and then, uh, get a picture of what would actually be deployed to Azure, um, the final resources after composing the various different files together and then make an assessment. Uh, does this meet the recommendations or does this meet the rules or not? Uh, and so if you've ever tried to do this, uh, with, uh, like by, by hand or by yourself, then what I sort of saw was a lot of customers try to do with, with things like pester. And again, it really doesn't,

it provides you like the single file analysis and looking at files simplistically, but it doesn't really tell you the full context. So, uh, that's where really PSRuke, um, uh, for Azure really tries to help out and helps you try to answer that question of what would be deployed to Azure. And then here's a bunch of rules that then, uh, you can apply to your code to then, uh, determine does it meet those recommendations. And so there's about 340 rules now of the latest release. Uh, but you can also write your own custom rules as well. So again,

this makes it easier from an infrastructure as code perspective and from a unit testing perspective to do that as early as possible in the development process as opposed to waiting until it hits Azure, um, or through the deployment process and then having a problem. All right, awesome. And so you mentioned it's important to do it as early as possible. So what are some of the ways that people can, how, like how does PSRule for Azure work? What are some of the ways that people can use PSRule for Azure? Yeah, so I guess simplistically, um, a lot of organizations want to enforce, uh, code, uh, quality or these recommendations from a CI/CD pipeline. So within something like Azure DevOps or, uh, GitHub actions or Jenkins, those types of tools. Uh, so those, the, from an enforcement perspective,

that's typically where it appears. But really what we wanna do is to bring that, um, much early into the life cycle so that then really as you, um, build your infrastructures code, you can also learn about it and learn about what the recommendations are, um, as well. So you can also run PSPro for Azure, uh, straight within Visual Studio Code. Um, so that's really how it's designed to be run. But the enforcement, obviously from a backend perspective, it's built on top of PowerShell, uh, partial core or partial seven. So, uh, it allows you to deploy it on Mac,

windows, Linux. So any sort of tool chain is supported. We have customers that run in dock containers, uh, those types of things. But generally, uh, GitHub actions and, um, Azure DevOps is the first party support. Yeah, that's cool. I didn't know at first that you could run inside Visual Studio Code and like write bicep and then have PSRule, run an analysis and tell you straight away whether you've written well architected infrastructure as code or not. So when I first saw that, I'm like,

that is awesome. So what, um, what are some of the ways that people can get started, uh, using PSRule for Azure? Yeah, so, uh, you can actually get started with PSRule in a couple of different ways. So probably the easiest way is actually to get started with, um, PSRule by using Microsoft Defender for DevOps. So Microsoft Defender for DevOps. Uh, if you sort of seen the announcements at Ignite this year, we sort of mentioned that then, uh, defender for DevOps is a, is a new, uh, preview public preview offering. So, uh, PSRule for Azure is actually included within that. So if you sort of go through,

uh, setting that up, um, then you are, you are using PSRule under the covers for Azure bicep code, um, and ARM templates. Uh, but also if you wanna deploy, uh, PSRule for Azure, um, by itself, uh, standalone, uh, then you can also do that by, uh, going to, uh, GitHub, going to, uh, Azure slash PSRule for Azure. The documentation sort of gives you a example pipeline. Um, so pretty well sort of allows you to set it up and it also gives you some instructions on how to install it within Visual Studio code. Yeah. Awesome. Now, what are some of the ways that people can learn more?

You've mentioned a couple of links already. Um, what else do you have, uh, that can help people learn more about PSRule for Azure? Yeah, so, uh, primarily the documentation is where we're sort of focusing, so aka.ms/ps rule. Uh, also, uh, I have sort of started some YouTube videos recently to sort of help answer some of the questions that are a little bit harder to answer and a little bit more complex. Uh, so, uh, you can also check out PSRule for Azure, uh, on YouTube and, um, you know, have a bit of a go there. Uh, but yeah, those are probably the primary links, um, to sort of check out to learn out more.

Yeah. Awesome. Well, thanks so much for being with us today. It's, um, great to know that you can test your infrastructure as code early in the development process, even as you're writing the code, uh, so that you can fix those architectural issues before they become complex and hard to fix. I've integrated PS Royal into, into some of my GitHub repositories using your YouTube videos to help me, uh, guide me along the way, and I encourage everyone to check it out. Uh, any final thoughts, Bernie? Any? Yeah, just go ahead and attach infrastructure as code. Everybody should do it.