Reputation: 3
Policy to audit resource group that contains resources
I am looking to configure policy to audit resource groups that contains resources, whether have the particular tag name or not. Policy should not audit the empty resource groups. My requirement is only to perform audit for tags, if the resource group contains resources. Is it a possible scenario for creating policy?
Upvotes: 0
Views: 232
Answers (1)
Reputation: 5512
Indeed, Azure Policy makes it possible to audit, and even enforce tagging rules and conventions on your resources.
The Audit effect can be used in your policy to create a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request.
Such a policy rule can look similar to the following:
"policyRule": {
"if": {
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": "false"
},
"then": {
"effect": "audit"
}
}
Here are some more examples that demonstrate assigning policies for tag compliance.
Note: To see if your Azure resource supports tagging, see Tag support.
Upvotes: 0
Related Questions
- azure policy : only allow certain tag values in azure resources group tag
- How to apply Azure resource locks to Resource Groups via Policy
- Azure resources Audit details?
- Network Security Group Rule Audit (Azure)
- can azure policy detect changes in resources?
- Checking referenced resources with an Azure Policy
- How to list resources in a resource group with Microsoft.Azure.Management.Fluent?
- how to find the flow of azure policy
- Azure Policy - ARM to exclude Resource Group
- Action Groups to Resource Owners