Skip to content

Instantly share code, notes, and snippets.

@jesseloudon
Created June 26, 2020 07:44
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save jesseloudon/d1b3bdd13df3e9b4306d8eb1d5ea19f7 to your computer and use it in GitHub Desktop.
Reference your variable list values using ${var.variableName[count.index]}.
name = "addTagToRG_${var.mandatory_tag_keys[count.index]}"
policy_type = "Custom"
mode = "All"
display_name = "Add tag ${var.mandatory_tag_keys[count.index]} to resource group"
description = "Adds the mandatory tag key ${var.mandatory_tag_keys[count.index]} when any resource group missing this tag is created or updated. \nExisting resource groups can be remediated by triggering a remediation task.\nIf the tag exists with a different value it will not be changed."
metadata = <<METADATA
{
"category": "${var.policy_definition_category}",
"version" : "1.0.0"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"field": "[concat('tags[', parameters('tagName'), ']')]",
"exists": "false"
}
]
},
"then": {
"effect": "modify",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"operations": [
{
"operation": "add",
"field": "[concat('tags[', parameters('tagName'), ']')]",
"value": "[parameters('tagValue')]"
}
]
}
}
}
POLICY_RULE
parameters = <<PARAMETERS
{
"tagName": {
"type": "String",
"metadata": {
"displayName": "Mandatory Tag ${var.mandatory_tag_keys[count.index]}",
"description": "Name of the tag, such as ${var.mandatory_tag_keys[count.index]}"
},
"defaultValue": "${var.mandatory_tag_keys[count.index]}"
},
"tagValue": {
"type": "String",
"metadata": {
"displayName": "Tag Value '${var.mandatory_tag_value}'",
"description": "Value of the tag, such as '${var.mandatory_tag_value}'"
},
"defaultValue": "'${var.mandatory_tag_value}'"
}
}
PARAMETERS
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment