Azure策略-ARM排除资源组

时间:2018-10-18 09:19:07

标签: azure-resource-manager

我正在使用以下内容来应用策略定义。如何将资源组排除项添加到分配中?

{
      "type": "Microsoft.Authorization/policyAssignments",
      "name": "[variables('policyAssignmentAllowedLocations')]",
      "apiVersion": "[variables('deploymentsApiVersion')]",
      "dependsOn": [
        "[resourceId('Microsoft.Authorization/policyDefinitions/', variables('policyDefinitionAllowedLocations'))]"
      ],
      "properties": {
        "scope": "[subscription().id]",
        "policyDefinitionId": "[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]"
      }
    }

1 个答案:

答案 0 :(得分:1)

可以通过notScopes属性将排除项添加到策略分配中。

以下资源定义描述了策略分配,该策略分配排除名为 excludedResourceGroupName 的资源组:

{
    "type": "Microsoft.Authorization/policyAssignments",
    "name": "[variables('policyAssignmentAllowedLocations')]",
    "apiVersion": "[variables('deploymentsApiVersion')]",
    "dependsOn": [
        "[resourceId('Microsoft.Authorization/policyDefinitions/', variables('policyDefinitionAllowedLocations'))]"
    ],
    "properties": {
        "scope": "[subscription().id]",
        "policyDefinitionId": "[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]"[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]"[resourceId('Microsoft.Authorization/policyDefinitions', variables('policyDefinitionAllowedLocations'))]",
        "notScopes" : [
            "[concat(subscription().id,'/resourcegroups/',variables('excludedResourceGroupName'))]"
        ]
    }
}