Added additional rule docs (#7)
This commit is contained in:
Родитель
08a7970aa5
Коммит
68947c452c
|
@ -21,6 +21,7 @@
|
|||
"**/.azure-pipelines/*.yaml": "azure-pipelines"
|
||||
},
|
||||
"cSpell.words": [
|
||||
"NSGs",
|
||||
"Subnet",
|
||||
"VNET",
|
||||
"hashtable",
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Connection.md
|
||||
---
|
||||
|
||||
# Use standard connection names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Virtual network gateway connection names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For virtual network gateway connections, the Cloud Adoption Framework recommends using the `cn-` prefix.
|
||||
|
||||
Requirements for virtual network gateway connection names:
|
||||
|
||||
- At least 1 character, but no more than 80.
|
||||
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||
- Connection names must be unique within a resource group.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating virtual network gateway connections with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if virtual network gateway connection names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_GatewayConnectionPrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.LoadBalancer.md
|
||||
---
|
||||
|
||||
# Use standard load balancer names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Load balancer names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For load balancers, the Cloud Adoption Framework recommends using the `lb-` prefix.
|
||||
|
||||
Requirements for load balancers names:
|
||||
|
||||
- At least 1 character, but no more than 80.
|
||||
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||
- Load balancer names must be unique within a resource group.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating load balancers with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if load balancer names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_LoadBalancerPrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.NSG.md
|
||||
---
|
||||
|
||||
# Use standard NSG names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Network security group (NSG) names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For NSGs, the Cloud Adoption Framework recommends using the `nsg-` prefix.
|
||||
|
||||
Requirements for NSG names:
|
||||
|
||||
- At least 1 character, but no more than 80.
|
||||
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||
- NSG names must be unique within a resource group.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating NSGs with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if NSG names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_NetworkSecurityGroupPrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.PublicIP.md
|
||||
---
|
||||
|
||||
# Use standard public IP names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Public IP address names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For public IPs, the Cloud Adoption Framework recommends using the `pip-` prefix.
|
||||
|
||||
Requirements for public IP names:
|
||||
|
||||
- At least 1 character, but no more than 80.
|
||||
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||
- Public IP names must be unique within a resource group.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating public IPs with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if public IP names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_PublicIPPrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Route.md
|
||||
---
|
||||
|
||||
# Use standard route table names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Route table names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For route tables, the Cloud Adoption Framework recommends using the `route-` prefix.
|
||||
|
||||
Requirements for route table names:
|
||||
|
||||
- At least 1 character, but no more than 80.
|
||||
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||
- Route table names must be unique within a resource group.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating route tables with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if route table names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_RouteTablePrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.Storage.md
|
||||
---
|
||||
|
||||
# Use standard storage account names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Storage account names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For storage accounts, the Cloud Adoption Framework recommends using the `stor`, `stvm` and `dls` prefix.
|
||||
Use of different prefixes depends on the intended usage of the storage account.
|
||||
|
||||
Requirements for storage account names:
|
||||
|
||||
- At least 3 characters, but no more than 24.
|
||||
- Can include alphanumeric characters only.
|
||||
- Storage account names must be global unique, because they directly relate to a DNS host name.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating storage accounts with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if storage account names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_StoragePrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.VM.md
|
||||
---
|
||||
|
||||
# Use standard VM names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Virtual machine names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For VMs, the Cloud Adoption Framework recommends using the `vm-` prefix.
|
||||
|
||||
Requirements for VM names:
|
||||
|
||||
- For Windows, at least 1 character, but no more than 15.
|
||||
- For Linux, at least 1 character, but no more than 64.
|
||||
- Can include alphanumeric and hyphen characters.
|
||||
- Can only start with a letter or number, and end with a letter or number.
|
||||
- VM names must be unique within a resource group.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating VMs with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if VM names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_VirtualMachinePrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
category: Naming
|
||||
online version: https://github.com/microsoft/PSRule.Rules.CAF/blob/master/docs/rules/en/CAF.Name.VNG.md
|
||||
---
|
||||
|
||||
# Use standard virtual network gateway names
|
||||
|
||||
## SYNOPSIS
|
||||
|
||||
Virtual network gateway names should use a standard prefix and meet naming requirements.
|
||||
|
||||
## DESCRIPTION
|
||||
|
||||
An effective naming convention allows operators to quickly identify resource type, associated workload,
|
||||
deployment environment and Azure region.
|
||||
|
||||
For virtual network gateways, the Cloud Adoption Framework recommends using the `vnet-gw-` prefix.
|
||||
|
||||
Requirements for virtual network gateway names:
|
||||
|
||||
- At least 1 character, but no more than 80.
|
||||
- Can include alphanumeric, underscore, hyphen, period characters.
|
||||
- Can only start with a letter or number, and end with a letter, number or underscore.
|
||||
- Virtual network gateway names must be unique within a resource group.
|
||||
|
||||
## RECOMMENDATION
|
||||
|
||||
Consider creating virtual network gateways with a standard name.
|
||||
Additionally consider using Azure Policy to only permit creation using a standard naming convention.
|
||||
|
||||
## NOTES
|
||||
|
||||
This rule does not check if virtual network gateway names are unique.
|
||||
|
||||
To configure this rule:
|
||||
|
||||
- Override the `CAF_VirtualNetworkGatewayPrefix` configuration value with an array of allowed prefixes.
|
||||
|
||||
## LINKS
|
||||
|
||||
- [Recommended naming and tagging conventions](https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging)
|
|
@ -61,11 +61,21 @@ Rule 'CAF.Name.Subnet' -Type 'Microsoft.Network/virtualNetworks', 'Microsoft.Net
|
|||
# Synopsis: Use standard virtual network gateway names
|
||||
Rule 'CAF.Name.VNG' -Type 'Microsoft.Network/virtualNetworkGateways' {
|
||||
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_VirtualNetworkGatewayPrefix)
|
||||
|
||||
# Name requirements
|
||||
$Assert.GreaterOrEqual($TargetObject, 'Name', 1)
|
||||
$Assert.LessOrEqual($TargetObject, 'Name', 80)
|
||||
Match 'Name' '^[\w][-\w_\.]*[\w_]$'
|
||||
}
|
||||
|
||||
# Synopsis: Use standard virtual networks gateway connection names
|
||||
Rule 'CAF.Name.Connection' -Type 'Microsoft.Network/connections' {
|
||||
$Assert.StartsWith($TargetObject, 'Name', $Configuration.CAF_GatewayConnectionPrefix)
|
||||
|
||||
# Name requirements
|
||||
$Assert.GreaterOrEqual($TargetObject, 'Name', 1)
|
||||
$Assert.LessOrEqual($TargetObject, 'Name', 80)
|
||||
Match 'Name' '^[\w][-\w_\.]*[\w_]$'
|
||||
}
|
||||
|
||||
# Synopsis: Use standard network security group names
|
||||
|
|
Загрузка…
Ссылка в новой задаче