我正在使用以下内容来应用策略定义。如何将资源组排除项添加到分配中?
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyAssignmentAllowedLocations')]",
"apiVersion": "[variables('deploymentsApiVersion')]",
"dependsOn": [
"[resourceId('Microsoft.Authorization/policyDefinitions/', variables('policyDefinitionAllowedLocations'))]"
],
"properties": {
"scope": "[subscription().id]",
"policyDefinitionId": "[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]"
}
}
答案 0 :(得分:1)
可以通过notScopes属性将排除项添加到策略分配中。
以下资源定义描述了策略分配,该策略分配排除名为 excludedResourceGroupName 的资源组:
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[variables('policyAssignmentAllowedLocations')]",
"apiVersion": "[variables('deploymentsApiVersion')]",
"dependsOn": [
"[resourceId('Microsoft.Authorization/policyDefinitions/', variables('policyDefinitionAllowedLocations'))]"
],
"properties": {
"scope": "[subscription().id]",
"policyDefinitionId": "[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]"[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]"[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]",
"notScopes" : [
"[concat(subscription().id,'/resourcegroups/',variables('excludedResourceGroupName'))]"
]
}
}