[英]Azure Custom Tag Policy, Exclude resource type
I did an azure custom policy that discover object not compliant, with custom missing tag, on my subscription.我做了一个 azure 自定义策略,发现 object 不合规,自定义缺少标签,我的订阅。
I got to much error from this policy becouse it discover also oms agent, extension etc..我从这个政策中得到了很多错误,因为它还发现了 oms 代理、扩展等。
Here the json:这里是 json:
{
"mode": "All",
"policyRule": {
"if": {
"anyOf": [
{
"field": "tags['TAG1']",
"exists": false
},
{
"field": "tags['TAG2']",
"exists": false
}
]
},
"then": {
"effect": "audit"
}
},
"parameters": {}
}
it search all resources and audit it if they are not with that tag.它会搜索所有资源并对其进行审核(如果它们不带有该标签)。
Is possibile to specified exclusion for specific resources type?是否可以针对特定资源类型指定排除项? For example Microsoft.Compute/virtualMachines/extensions etc...
例如 Microsoft.Compute/virtualMachines/extensions 等...
Thanks谢谢
This way you can mention all the resource types in "notEquals" operator for which you do not want to check for tags.这样,您可以在“notEquals”运算符中提及您不想检查标签的所有资源类型。
{
"if": {
"allOf": [
{
"field": "type",
"notEquals": "Microsoft.Security/assessments"
},
{
"field": "type",
"notEquals": "Microsoft.Compute/VirtualMachines"
},
{
"anyOf": [
{
"field": "tags['TAG1']",
"exists": false
},
{
"field": "tags['TAG2']",
"exists": false
}
]
}
]
},
"then": {
"effect": "audit"
}
}
Thanks it works: I'm trying to add other exclusion for type like below but i got error:谢谢它有效:我正在尝试为以下类型添加其他排除项,但出现错误:
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"not": {
"field": "type",
"equals": "Microsoft.Security/assessments"
},
{
"field": "type",
"equals": "Microsoft.Compute/VirtualMachines"
}
},
{
"anyOf": [
{
"field": "tags['TAG1']",
"exists": false
},
{
"field": "tags['TAG2']",
"exists": false
}
]
}
]
},
"then": {
"effect": "audit"
}
},
"parameters": {}
}
is possible to exclude more object in the same policy??是否可以在同一策略中排除更多 object?
Using "mode": "indexed"
instead of "mode": "All"
will only match resources that support location and tags.使用
"mode": "indexed"
而不是"mode": "All"
只会匹配支持位置和标签的资源。
Source: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#resource-manager-modes资料来源: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#resource-manager-modes
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.