Azure indexed policy not being applied to resource group
Question
I'm writing some azure policies that force certain tags to be in place, as well as inheriting tags from a subscription to a resource group. However, when these policies are set to indexed mode (as recommended by azure) they aren't applied when creating a resource group, only on resources themselves. When the mode is set to All however, the policies work on the resource group. Is there something I'm doing wrong? I don't want to set the mode to All because that could cause conflicts with resources that don't support tagging right?
1 answers
solution1
0 ACCPTED 2022-02-23 13:10:19
I solved it myself by setting the mode to All, but only denying an action if the field is set to resource group.
{ "properties": { "displayName": "Require a tag on resources", "policyType": "Custom", "mode": "All", "description": "Enforces existence of a the project tag", "metadata": { "version": "1.0.1", "category": "Tags" }, "parameters": {}, "policyRule": { "if": { "allOf": [ { "field": "[concat('tags[', 'project', ']')]", "exists": "false" }, { "field": "type", "equals": "Microsoft.Resources/subscriptions/resourceGroups" } ] }, "then": { "effect": "deny" } } } }
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.