How to restrict "Publisher" by Azure Policy
Question
we have hard time, because we are trying to restrict specific "Publishers" by Azure Policy but we find only how to restrict a "Type". Isnt there a noble soul, who know, how to help us?
1 answers
solution1
0 ACCPTED 2018-07-27 03:33:32
You can create a policy like the one below to restrict compute resources from a specific publisher -
{
"policyRule": {
"if": {
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"match": "[parameters('NotAllowedImage')]"
}
]
},
"then": {
"effect": "Deny"
}
},
"parameters": {
"NotAllowedImage": {
"type": "String",
"metadata": {
"displayName": "Not Allowed Image",
"description": "Not Allowed Image for Virtual Machine/Compute"
}
}
},
"metadata": {
"category": "Compute"
}
}
When you assign this image to a subscription or a resource group then at the time you will be asked to enter a value for the image name you would like to restrict. Save the assignment.
Now once you create a vm/compute resource from the denied image publisher then it would fail the validation step as the policy would not allow to create such vm/compute resource.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.