maravedi/azure_policy_tag_resources.json

## azure_policy_tag_resources.json
# Azure Policy: Tagging Based on Resource Group Name
# Objective:
# This policy aims to enforce tagging conventions based on the name of the resource group. If a resource group (or its contained resources) matches a specified naming pattern, a designated tag with a corresponding value will be applied.
#
# Parameters:
# tagName: The name of the tag you want to apply.
# tagValue: The value associated with the aforementioned tag.
# rgNamePattern: A naming pattern that resource groups should match. For instance, if you want to target resource groups that start with "azurebatch", you'd use "azurebatch*".
# applyToResources: A boolean parameter that dictates whether the tagging should be applied only to the resource group itself or also to the resources contained within the matching resource group.
#
# How it Works:
# The policy first checks if the resource is a resource group with a name that matches the given pattern (rgNamePattern).
# It then determines whether the specified tag (tagName) is absent or if it exists but has a different value than the one provided (tagValue).
# Based on the applyToResources parameter, the policy will either:
# Only apply the tag to the resource group itself (if the parameter is false).
# Apply the tag to both the resource group and any resources contained within it (if the parameter is true).
# If the conditions are met, the policy will modify the resource by adding or updating the specified tag with the provided value.
#
# Effect:
# The effect of this policy is to ensure consistent tagging based on resource group naming conventions. This can aid in cost management, resource tracking, and organizational clarity.

{
  "properties": {
    "displayName": "Apply Tag to Resource Groups matching string pattern and optionally any resources inside that Resource Group",
    "policyType": "Custom",
    "mode": "All",
    "description": "Enforces tagging for resource groups (RGs) and optionally their resources based on the RG's name. Parameters: tagName (desired tag), tagValue (tag's value), rgNamePattern (RG naming pattern), applyToResources (true/false for tagging contained resources). Ensures consistent tagging for management.",
    "parameters": {
      "tagName": {
        "type": "String",
        "metadata": {
          "description": "Name of the tag."
        }
      },
      "tagValue": {
        "type": "String",
        "metadata": {
          "description": "Value of the tag."
        }
      },
      "rgNamePattern": {
        "type": "String",
        "metadata": {
          "description": "Pattern for the name of the Resource Group."
        }
      },
      "applyToResources": {
        "type": "Boolean",
        "metadata": {
          "description": "Flag to determine if the tag should be applied to resources within the matching resource groups."
        },
        "defaultValue": true
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "name",
            "like": "[parameters('rgNamePattern')]"
          },
          {
            "anyOf": [
              {
                "field": "[concat('tags[', parameters('tagName'), ']')]",
                "exists": "false"
              },
              {
                "field": "[concat('tags[', parameters('tagName'), ']')]",
                "notEquals": "[parameters('tagValue')]"
              }
            ]
          },
          {
            "anyOf": [
              {
                "field": "type",
                "equals": "Microsoft.Resources/subscriptions/resourceGroups"
              },
              {
                "value": "[parameters('applyToResources')]",
                "equals": "true"
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "modify",
        "details": {
          "roleDefinitionIds": [
            "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
          ],
          "operations": [
            {
              "operation": "add",
              "field": "[concat('tags[', parameters('tagName'), ']')]",
              "value": "[parameters('tagValue')]"
            }
          ]
        }
      }
    }
  },
  "type": "Microsoft.Authorization/policyDefinitions",
}
	# Azure Policy: Tagging Based on Resource Group Name
	# Objective:
	# This policy aims to enforce tagging conventions based on the name of the resource group. If a resource group (or its contained resources) matches a specified naming pattern, a designated tag with a corresponding value will be applied.
	#
	# Parameters:
	# tagName: The name of the tag you want to apply.
	# tagValue: The value associated with the aforementioned tag.
	# rgNamePattern: A naming pattern that resource groups should match. For instance, if you want to target resource groups that start with "azurebatch", you'd use "azurebatch*".
	# applyToResources: A boolean parameter that dictates whether the tagging should be applied only to the resource group itself or also to the resources contained within the matching resource group.
	#
	# How it Works:
	# The policy first checks if the resource is a resource group with a name that matches the given pattern (rgNamePattern).
	# It then determines whether the specified tag (tagName) is absent or if it exists but has a different value than the one provided (tagValue).
	# Based on the applyToResources parameter, the policy will either:
	# Only apply the tag to the resource group itself (if the parameter is false).
	# Apply the tag to both the resource group and any resources contained within it (if the parameter is true).
	# If the conditions are met, the policy will modify the resource by adding or updating the specified tag with the provided value.
	#
	# Effect:
	# The effect of this policy is to ensure consistent tagging based on resource group naming conventions. This can aid in cost management, resource tracking, and organizational clarity.

	{
	"properties": {
	"displayName": "Apply Tag to Resource Groups matching string pattern and optionally any resources inside that Resource Group",
	"policyType": "Custom",
	"mode": "All",
	"description": "Enforces tagging for resource groups (RGs) and optionally their resources based on the RG's name. Parameters: tagName (desired tag), tagValue (tag's value), rgNamePattern (RG naming pattern), applyToResources (true/false for tagging contained resources). Ensures consistent tagging for management.",
	"parameters": {
	"tagName": {
	"type": "String",
	"metadata": {
	"description": "Name of the tag."
	}
	},
	"tagValue": {
	"type": "String",
	"metadata": {
	"description": "Value of the tag."
	}
	},
	"rgNamePattern": {
	"type": "String",
	"metadata": {
	"description": "Pattern for the name of the Resource Group."
	}
	},
	"applyToResources": {
	"type": "Boolean",
	"metadata": {
	"description": "Flag to determine if the tag should be applied to resources within the matching resource groups."
	},
	"defaultValue": true
	}
	},
	"policyRule": {
	"if": {
	"allOf": [
	{
	"field": "name",
	"like": "[parameters('rgNamePattern')]"
	},
	{
	"anyOf": [
	{
	"field": "[concat('tags[', parameters('tagName'), ']')]",
	"exists": "false"
	},
	{
	"field": "[concat('tags[', parameters('tagName'), ']')]",
	"notEquals": "[parameters('tagValue')]"
	}
	]
	},
	{
	"anyOf": [
	{
	"field": "type",
	"equals": "Microsoft.Resources/subscriptions/resourceGroups"
	},
	{
	"value": "[parameters('applyToResources')]",
	"equals": "true"
	}
	]
	}
	]
	},
	"then": {
	"effect": "modify",
	"details": {
	"roleDefinitionIds": [
	"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
	],
	"operations": [
	{
	"operation": "add",
	"field": "[concat('tags[', parameters('tagName'), ']')]",
	"value": "[parameters('tagValue')]"
	}
	]
	}
	}
	}
	},
	"type": "Microsoft.Authorization/policyDefinitions",
	}