Azure Verified Modules - Monthly Update [March]

New To This Series?

For Azure Verified Modules, we will be producing monthly updates in which, we will share with you the latest news and features of Azure Verified Modules, including:

• Module updates
• Common updates to the AVM framework.
• Our community engagement

In you haven't already go check out the Introduction to Azure Verified Modules below!

 

 

AVM Module Summary

The AVM team are excited that our community have been busy building AVM Modules. As of March 31st the AVM Footprint currently looks like:

Language	Published	In development
Bicep	120	27
Terraform	31	58

Bicep Resource Modules Published In March:

Full list of Bicep Resource Modules are available here: AVM Bicep Resource Index 

 

app-configuration/configuration-store	cdn/profile	compute/virtual-machine-scale-set
container-instance/container-group	digital-twins/digital-twins-instance	event-grid/namespace
network/azure-firewall	network/service-endpoint-policy	recovery-services/vault
relay/namespace	signal-r-service/signal-r	signal-r-service/web-pub-sub
web/connection	web/hosting-environment

 

Terraform Resource Modules Published In March:

Full list of Terraform Resource Modules are available here: AVM Terraform Resource Index 

 

network/privatednszone

databricks/workspace

 

Updates and Improvements

We have also made some updates and improvements to the existing Azure Verified Modules, based on your feedback and suggestions. Some of the highlights are:

 

Azure Well-Architected Framework Alignment

Codifying the current resource guidelines and best practices from the Azure Well-Architected Framework has been key to ensuring the modules we produce are aligning to our "verified" specification. Currently our Module Owners and AVM Core Team are working closely together to ensure WAF alignment is achieved by default with the AVM specification. Keeping this in mind you can expect to see the following changes to AVM default test behavior:

 

• For zonal resources we don’t pin to a specific zone by default and make the zones property a mandatory input
• For zone-redundant resources we make them zone-redundant across all 3 zones by default
• A new default test has be introduced to enforce the WAF Reliability Pillar checks across the module default examples

Bicep

• WAF Reliability tests added and enforced in module publishing CI workflow using PSRule
• Pester checks developed and implemented to check and enforce AZ properties for zonal resources have no default value and therefore must be provided by consumer
• Introduced a platform pipeline to run PSRule checks on the entire BRM library, optionally selecting a specific WAF pillar, and providing an overview of all failing rules if any
• WAF reliability module fixes have been initiated by several module owners already
• Updating the automatic responses, if workflows fail, if module list (for creating issues) is not in sync with the actual available modules and if new module issues are created
• Adoption of v2 formatter for most modules, as enforced by default by the latest bicep release 0.26.54
• Improve module workflow triggers: Updates to platform only related scripts are exempted from module workflow triggers, avoiding unnecessary runs
• Improve module workflow publishing step: Updated Git tag handling to be more robust
• Enforce specific auto-formatting for PowerShell scripts

Terraform

• Build of automated testing framework to support WAF alignment using TFlint for Terraform finished.
• Static Analysis - AVM and TFVM teams agree to utilize TFVM's static analysis and linting steps tools set. The development of the tool-set has finished. We have 59+rules to be added to the tflint tool and the implementation is in progress where 3 rules have been added so far.
• Repository Linting/Governance - The implementation for files inside the repo is finished. This is a central workflow that runs on a schedule and ensures your repository contains the most up to date files, e.g., for workflows and other required governance. GREPT tool will handle the repository settings as well and the implementation is in progress.
• Git Hub App in development to support post push events and auto fix the code.

AVM General Updates

Contribution Guides

• New Bicep Owner Contribution Flow page (ref)
• Terraform Owner Contribution Flow page updated and aligned with its Bicep equivalent (ref)

 

Triage improvements

• Triage automation improvements: every time the GitHub Policy Service bot interacts with any GitHub Issues or Pull Requests in any of the AVM-related repositories, the bot now also leaves a comment about why the given action took place and it provides in-context tips.
• BRM triage process updated and aligned with the latest available triage automation rules

AVM Community Call 

Yes that's right! The Azure Verified Modules Core-Team will be running a quarterly community call during May 2024. Showcasing all of the great work the team and out community has done, alongside important updates, Guest speakers and a community Q&A. Keep an eye out on the AVM Site & in GitHub for updates and an official date announcement!

 

More Resources

Our very own Matt White recently showcased AVM for Terraform on the Ned In The Cloud podcast go check it out below!

 

 

For more resources about Azure Verified Modules Resources page containing all the useful content the AVM Team is generating Resources | Azure Verified Modules

 

 

Finally a huge thank you from the Azure Verified Modules Team and the community to all of our contributors and owners and maintainers. Your continued effort to scale out and adopt the AVM Library is what keeps this program going!

That's all for the March Wrap Up! See you next month!