如何通过策略将 Azure 资源锁应用于资源组
[英]How to apply Azure resource locks to Resource Groups via Policy
问题描述
我正在尝试创建一个 Azure 策略,该策略将向订阅中的资源组部署具有“CanNotDelete”级别的资源锁。
目前,该策略 100% 合规,但该策略尚未创建任何锁定。
我的 JSON policy.rules 文件中有以下内容;
{ "if": { "field": "type", "equals": "Microsoft.Resources/resourceGroups" }, "then": { "effect": "deployIfNotExists", "details": { "type": "Microsoft.Authorization/locks", "existenceCondition": { "field": "Microsoft.Authorization/locks/level", "equals": "CanNotDelete" }, "roleDefinitionIds": [ "/providers/Microsoft.Authorization/roleDefinitions/0000-0000-0000-0000-0000000" ], "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", "contentVersion": "1.0.0.0", "parameters": { "location": { "type": "string" } }, "resources": [ { "type": "Microsoft.Authorization/locks", "apiVersion": "2017-04-01", "name": "ResourceLock", "properties": { "level": "CanNotDelete", "notes": "Prevent accidental deletion of resource groups" } } ] } } } } } }
1 个解决方案
解决方案1
1 2019-03-04 10:05:39
设法通过两个更改使其工作;
- if 语句路径 - Microsoft.Resources/subscriptions/resourceGroups
- 由于某种原因没有创建托管标识,这是“deployIfNotExists”策略效果所必需的。
我希望能帮助遇到同样问题的人
Azure资源删除锁可防止删除资源上的角色分配
[英]Azure resource deletion locks preventing deletion of role assignment on the resource
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.