Azure Policy support (Experimental)

[BernieWhite]

Updated 2023-08-08

We've started work on a new feature, Azure Policy support for PSRule for Azure - policy as rules.

Azure Policy support will allow you to use your existing Azure Policies to generate custom rules you can use to test your infrastructure as code before deployment to Azure.

This feature is still early in it's lifecycle and we have still a lot more to do. However we wanted to share an early version and where we are up to:

• Added support for JSON rules to PSRule.
• Added cmdlet to export data policy assignment data from Azure.
• Added cmdlet to generate rules for policy assignments.

Some key points:

• In this early stage of the lifecycle we absolutely expect to make breaking changes along the way. Please do not use these features in a production environment.
• Only simple policies currently work.
• Export of policies and generating rules is a manual process using PowerShell cmdlets.
• Minimal documentation currently exists. See cmdlet help for details:
  • Policy as rules
  • Export-AzPolicyAssignmentData
  • Export-AzPolicyAssignmentRuleData

How to get started

Export assignment data

Run Export-AzPolicyAssignmentData to export assignments from Azure to an *.assignment.json file.

Key points:

• Before running this command, connect to an Azure subscription by installing the Az PowerShell module and using Connect-AzAccount.
• This command has no required parameters, and by default will export all assignments from you current Azure subscription. You can change the current Azure subscription by using Set-AzContext.

Convert assignments to rules

Run Export-AzPolicyAssignmentRuleData to convert assignments to rules. To run this command an -AssignmentFile parameter with the path to the assignment JSON file generated in the previous step.

After the command completes a new file *.Rule.jsonc should be generated containing generated rules.

---

If you try this feature we'd love to hear your feedback and issues.