未实施Azure策略

时间:2020-04-02 12:45:36

标签: azure tags policy

尝试在Azure中创建与订阅绑定的策略,该策略将拒绝创建没有特定“ costCenter”标记的资源组。我已将以下策略分配给已完成并以“ costCenter”完成的“ coreTagName1”订阅:

 "properties": {
   "displayName": "manual_test_1",
   "policyType": "Custom",
   "mode": "Indexed",
   "description": "manual test for tag enforcement",
   "metadata": {
     "category": "test",
     "createdBy": "#########",
     "createdOn": "2020-04-02T12:27:39.2686671Z",
     "updatedBy": "#########",
     "updatedOn": "2020-04-02T12:35:32.5608728Z"
   },
   "parameters": {
     "coreTagName1": {
       "type": "String",
       "metadata": {
         "displayName": "tagName to enforce",
         "description": "Name of the tag, such as costCenter"
       }
     }
   },
   "policyRule": {
     "if": {
       "anyOf": [
         {
           "field": "type",
           "equals": "Microsoft.Resources/subscriptions/resourceGroups"
         },
         {
           "exists": "false",
           "field": "[concat('tags[', parameters('coreTagName1'), ']')]"
         }
       ]
     },
     "then": {
       "effect": "deny"
     }
   }
 },
 "id": "/subscriptions/#########/providers/Microsoft.Authorization/policyDefinitions/########",
 "type": "Microsoft.Authorization/policyDefinitions",
 "name": "#######"
}

但是我仍然可以创建资源组,并且根本不指定任何标签。我觉得我在方法中缺少一些基本要素,但还无法解决。

1 个答案:

答案 0 :(得分:0)

正如贾格拉蒂所说。在检查合规性结果之前,请留出一段时间让策略运行合规性扫描。 (通常等待时间为30分钟,但这在很大程度上取决于范围和资源数量)。

相关问题
最新问题