{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 淡お忘 的问题《How can I create an Azure policy that validates Re》','https://www.manongdao.com/q-845153.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to create an Azure policy which I can assign at the subscription level, and control the naming of the resource groups in the subscription.
Policies need to target a resource type or otherwise limit their application, else they apply globally to all resources.
What resource type (or other method) can I use to limit my validation to the resource group name only?
Here is what I am trying:
$definition = New-AzureRmPolicyDefinition -Name resourceGroupNamePatterns
-Description "Restrict resource group names to allowed prefixes only" -Policy '{
"if": {
"allOf": [
{
"not": {
"field": "name",
"like": "Pattern1-*"
}
},
{
"not": {
"field": "name",
"like": "Pattern2-*"
}
},
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourcegroups"
}
]
},
"then": {
"effect": "deny"
}
}'
Not sure if this question is still relevant, but at the time of posting Azure Policy did not support evaluation on resource groups.
The policy definition provided in the question is correct.
Please try updating your powershell version, and updating the policy definition. It will default to
mode: allwhich in turn will enable policy evaluation on resource groups.Documentation about Policy mode: https://docs.microsoft.com/en-us/azure/azure-policy/policy-definition
Mode
The mode determines which resource types will be evaluated for a policy. The supported modes are:
We recommend that you set mode to all. All policy definitions created through the portal use the all mode. If you use PowerShell or Azure CLI, you need to specify the mode parameter and set it to all.
The resource groups are
Microsoft.Resources/subscriptions/resourcegroupstype. You can kinda infer that from the resource provider operations: