Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
830 questions
terraform to create an Azure policy to validates Resource Group Names using name pattern
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 92%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Basavaraj Biradar
1
Reputation point
I am trying to create an Azure policy which I can assign at the subscription level, and control the naming of the resource groups in the subscription.
What resource type (or other method) can I use to limit my validation to the resource group name only?
and also i need to use it for management group to create name policy using terraform
resource "azurerm_policy_definition" "policy" {
name = "PaC-Naming-Convention02rgAll"
policy_type = "Custom"
mode = "All"
display_name = "PaC_Naming_Convention01All"
metadata = <<METADATA
{
"category": "Demo"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf":[
{
"not":{
"field":"name",
"match":"[parameters('namePattern')]"
}
},
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
parameters = <<PARAMETERS
{
"namePattern":{
"type": "String",
"metadata":{
"displayName": "namePattern",
"description": "? for letter, # for numbers"
}
}
}
PARAMETERS
}
data "azurerm_subscription" "current" {
}
# Define Azure Policy Assignment
resource "azurerm_policy_assignment" "policy-assignment" {
name = "Naming-Convention-Assignment02All"
scope = data.azurerm_subscription.current.id
policy_definition_id = azurerm_policy_definition.policy.id
description = "Naming convention"
display_name = "Naming-Convention-AssignmentAll"
parameters = <<PARAMETERS
{
"namePattern": {
"value": "rg-?????-###"
}
}
PARAMETERS
}
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT 18,551 Reputation points2020-12-08T07:19:31.617+00:00 @Basavaraj Biradar Welcome to Microsoft Q & A Community forum. Kindly note Policy definitions which enforce on a resource group or subscription should set mode to all and specifically target the Microsoft.Resources/subscriptions/resourceGroups or Microsoft.Resources/subscriptions type. From the information you have provided, seems you have already figured it out. Do you need any further assistance regarding this?
-
Basavaraj Biradar 1 Reputation point
2020-12-08T07:28:26.233+00:00 I figured out ,that is working as well.
And how can i apply policy for management group with name pattern. to root tenant.
[nterraform-to-create-an-azure-policy-to-validates-management-group-names-using-n][1][1]: https://stackoverflow.com/questions/65167814/nterraform-to-create-an-azure-policy-to-validates-management-group-names-using-n -
olufemia-MSFT 2,861 Reputation points2020-12-24T16:45:04.61+00:00 Hello @Basavaraj Biradar ,
Can you confirm your 'scope' value in the variables.tf file adheres to one of the listed patterns?
If no, update the scope value per guidance here and let us know if that resolves your question.
Tip: for Management Groups: /managementGroups/{groupId}
Happy to investigate further if needed.
Sign in to comment