Created
June 20, 2019 19:34
-
-
Save mmckechney/b4f63cb3b51577980406ef7046ba1935 to your computer and use it in GitHub Desktop.
Azure Policy to add a specified Network Security Group to a Subnet if none is specified at creation time
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "displayName": "Append NSG if missing", | |
| "description": "Sets default NSG if none is specified", | |
| "policyType": "Custom", | |
| "mode": "All", | |
| "parameters": { | |
| "nsgResourceId": { | |
| "type": "String", | |
| "metadata": { | |
| "description": "Full resource ID path for the NSG" | |
| } | |
| } | |
| }, | |
| "policyRule": { | |
| "if": { | |
| "allOf": [ | |
| { | |
| "field": "type", | |
| "equals": "Microsoft.Network/virtualNetworks/subnets" | |
| }, | |
| { | |
| "field": "Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id", | |
| "exists": false | |
| } | |
| ] | |
| }, | |
| "then": { | |
| "effect": "append", | |
| "details": [ | |
| { | |
| "field": "Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup", | |
| "value": { | |
| "id": "[parameters('nsgResourceId')]" | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@mmckechney I tried the modify action and I was able to see all the non compliant subnets, but remediate action seems to complain about
Can you please review my policy here. This is my policy