What could happen after deploying an infrastructure in Azure ?

Hello, you are satisfied because you wrote the whole ARM Templates that describe your Azure infrastructure, you have a gleeful smile because you run your deployment pipeline and it is green ! Great you can finally see your infrastructure on a development environment in Azure !

Unfortunately, two days after, a developer comes to tell you that he could not find the Storage Account that you’ve provided to him. What a surprise !

You may think to add some post-deployment tests to confirm that you’ve deployed exactly what you’ve expected. Once is done, you are satisfied once again, your post-deployment tests are green, your infrastructure is up, your developper is satisfied too.

Two days after again, the developer notifies that the storage account does not work anymore ! Did you change something since yesterday ?

A Cloud “Oups” engineer has changed a parameter which causes problems. that’s why you should periodically check your infrastructure to be informed about configuration drifts.

• Post-Deployment tests :

When you deploy your infrastructure, you have to be sure that you deployed exactly the same infrastructure that you’ve expected (I am talking about the resources not their configuration).

When you create your ARM Templates and deploy your infrastructure using a deployment server such as Octopus Deploy or Azure Devops, think to add a new step in your pipeline to test the resources that you’ve deployed

If you decide to write your ARM Templates and build your deployment pipeline is that you already know what you are expecting. The idea is to describe your infrastructure using a JSON File. If I ever want an infrastructure that contains two Storage Accounts. I may define it using a JSON file :

Then using a PowerShell script, you may test if all the described infrastructure is deployed :

You can customize this script to adapt it to your deployment pipeline. The output will be the list of the services which were not deployed.

• Change history :

Once your infrastructure is deployed, you may periodically scan it to watch if there is any configuration drift. Can we do this in Azure ? Of course !

Before, you had to track resource changes by yourself using Activity Logs and you don’t get details about what changed exactly. Now Azure provides “Change History” which is in the public preview and allows us to detect the configuration drift.

Since it’s so important, we may setup a nightly to scan Azure Resources and create a configuration drift report.

Using the Rest API, you can get the last 14 days of property changes. At the time of writing, there is two APIs available : resourceChanges and resourceChangeDetails.

Using the script below, you will get all the change events for a resource (I only use resourceChanges). You may customize it to get the details about what changed using the resourceChangeDetails.

Bella ciao,