terraform to create an Azure policy to validates Resource Group Names using name pattern
Basavaraj Biradar
1
Reputation point
I am trying to create an Azure policy which I can assign at the subscription level, and control the naming of the resource groups in the subscription.
What resource type (or other method) can I use to limit my validation to the resource group name only?
and also i need to use it for management group to create name policy using terraform
resource "azurerm_policy_definition" "policy" {
name = "PaC-Naming-Convention02rgAll"
policy_type = "Custom"
mode = "All"
display_name = "PaC_Naming_Convention01All"
metadata = <<METADATA
{
"category": "Demo"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf":[
{
"not":{
"field":"name",
"match":"[parameters('namePattern')]"
}
},
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
parameters = <<PARAMETERS
{
"namePattern":{
"type": "String",
"metadata":{
"displayName": "namePattern",
"description": "? for letter, # for numbers"
}
}
}
PARAMETERS
}
data "azurerm_subscription" "current" {
}
# Define Azure Policy Assignment
resource "azurerm_policy_assignment" "policy-assignment" {
name = "Naming-Convention-Assignment02All"
scope = data.azurerm_subscription.current.id
policy_definition_id = azurerm_policy_definition.policy.id
description = "Naming convention"
display_name = "Naming-Convention-AssignmentAll"
parameters = <<PARAMETERS
{
"namePattern": {
"value": "rg-?????-###"
}
}
PARAMETERS
}