Skip to content

AzSanityCheck

A PowerShell module designed to validate Azure infrastructure configurations against defined availability, security, and operational best practices.

Overview

AzSanityCheck is a collection of opinionated rules that detect commonly overlooked issues with deployed Azure infrastructure. It aims to codify specific "sanity checks" for Azure resources—verifying that deployments adhere to internal preferences and operational standards.

The project is currently in an active migration phase, evolving from ad-hoc analysis scripts (specifically targeting Azure Web Settings) into a structured, reusable PowerShell module.

Features

Current Capabilities

  • Azure Web App Audits (In Migration):
  • Logic from the reference script (TestData/Get-CmgWebAppSettings.ps1) is being ported to native cmdlets.
  • Checks include:
    • Security: HTTPS Only, TLS 1.2 enforcement, Managed Identity presence.
    • Networking: VNet integration status, Access Restrictions.
    • Configuration: AlwaysOn, HTTP Logging, Container/Runtime settings.

Planned Roadmap

  • Migrate Get-CmgWebAppSettings logic into discrete cmdlets.
  • Implement a standardized reporting format (Object-based output with severity levels).
  • Expand coverage to other resources (SQL, Storage, KeyVault).

Project Structure

  • Source/: Contains the module source code (Public/Private functions, Manifest).
  • TestData/: Holds reference scripts and data used for prototyping logic (e.g., Get-CmgWebAppSettings.ps1).
  • Output/: Generated build artifacts (created after running the build script).
  • build.ps1: The primary build orchestration script.

Getting Started

Prerequisites

  • PowerShell 7.0 or higher
  • ModuleBuilder module (for building from source) 
    Install-Module -Name ModuleBuilder -Scope CurrentUser

Building the Module

To compile the module from the Source directory into a usable artifact in the Output directory, run the build script:

./build.ps1

This will:

  1. Validate the module structure.
  2. Increment the version number (Patch by default; use -minor or -major to bump higher).
  3. Update the manifest (.psd1).
  4. Generate the compiled module in Output/AzSanityCheck.

Importing for Development

You can import the built module directly from the output directory using the provided helper:

./ImportModule.ps1

Contributing

  1. Branch: Create a feature branch for your changes.
  2. Develop: specific functions in Source/Public (exported) or Source/Private (internal helpers).
  3. Build & Test: Run ./build.ps1 to verify the module compiles correctly.

Note: This project is currently a Work In Progress. APIs and command names are subject to change.