Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

How to obtain resourceGroupName of a resource in Azure Policy Definition?

byMR
August 14, 2023

I’m trying to validate if a resource is deployed in correct resource group (as in if it’s deployed in a resourceGroupName containing "core-services")?

An example:

If bastionHosts is deployed/created in a "core-services" resource group.

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

Does anyone know how to obtain the Azure Resource Information (a bastionHost) like resourceGroupName?

>Solution :

To obtain the resourceGroupName within a policy rule, you can utilize the resourceGroup() function.

Here’s an example that checks if a given Microsoft.Network/bastionHosts resource is deployed within a resource group whose name contains "core-services":

{
    "if": {
        "allOf": [{
                "value": "[resourceGroup().name]",
                "like": "*core-services*"
            },
            {
                "field": "type",
                "equals": "Microsoft.Network/bastionHosts"
            }
        ]
    },
    "then": {
        "effect": "deny"
    }
}

More Information: https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#value-examples

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading