search

Azure / PSRule.Rules.Azure

Rules to validate Azure resources and infrastructure as code (IaC) using PSRule.
https://azure.github.io/PSRule.Rules.Azure/
MIT License
391 stars 84 forks source link

[RULE] AppService - Deploy zone-redundant App Service Plan #2964

Closed ReneHezser closed 2 months ago

ReneHezser commented 3 months ago

Existing rule

No response

Suggested rule

An App Service Plan should be configured for multiple Availability Zones, as of Azure Reliability guidance.

Pillar

Reliability

Additional context

ASP-1 - Deploy zone-redundant App Service plans

BenjaminEngeset commented 3 months ago

Since this is not available for all service plans, should we take that into consideration and run the rule body only against supported plans @BernieWhite?

Or should we have all to run the rule body, but fail if the plan does not support it, like we have done for some rules lately. With this option at least customers will be informed that their environments failed because of the plan they used.

ReneHezser commented 3 months ago

My expectation would be to only execute on supported plans. Another rule can/should check and propose another plan for reliability, but that is up to the caller.

BernieWhite commented 2 months ago

Since this is not available for all service plans, should we take that into consideration and run the rule body only against supported plans @BernieWhite?

Or should we have all to run the rule body, but fail if the plan does not support it, like we have done for some rules lately. With this option at least customers will be informed that their environments failed because of the plan they used.

Good call out @BenjaminEngeset. The feedback historically has been that AZ + SKU check should be consolidated into a single rule.

i.e. If the region supports availability zones then they should either pass or fail based on if they are enabled or not.

Previously there has been confusion around "why is a rule not failing" for rule tests that choose a lower SKU.

Happy to take further feedback on it @ReneHezser if that is a hard preference.

BenjaminEngeset commented 2 months ago

@BernieWhite @ReneHezser

Another question that comes to mind is whether we should ensure that the instance count is at least 3 to comply with zone redundancy requirements. To qualify for zone redundancy, maintaining a minimum of 3 instances is necessary.

It is possible to overwrite this instance configuration on a single app level by enabling perSiteScaling on the app service plan, but thats not related to this rule.

BernieWhite commented 2 months ago

@BernieWhite @ReneHezser

Another question that comes to mind is whether we should ensure that the instance count is at least 3 to comply with zone redundancy requirements. To qualify for zone redundancy, maintaining a minimum of 3 instances is necessary.

It is possible to overwrite this instance configuration on a single app level by enabling perSiteScaling on the app service plan, but thats not related to this rule.

Thanks for the call out @BenjaminEngeset. It's a great question.

I think maintaining 3 instances (or at least 2) as a minimum is a separate rule. We already have Azure.AppService.PlanInstanceCount so I think this is covered, but I will log an issue for a documentation update on that rule so that context about AZ can be added.