Azure Resource Policies: Assign all resource policies (*.json files) in the current folder to a resource group

Assign-ArmResourcePolicies.ps1

# Assigns all resource policies in the current folder to the specified resource group.
[CmdletBinding()]
Param(
    [Parameter(Mandatory=$True)]
    [string]$ResourceGroupName
)

# get subscription or ask user to log in
$subscription = Get-AzureRmSubscription;

if ($subscription -eq $null) {
    $login = Login-AzureRmAccount;
    $subscription = $login.Context.Subscription;
}

# find resource group to apply policies to
$resourceGroup = Get-AzureRmResourceGroup -Name $ResourceGroupName;
$scope = $resourceGroup.ResourceId;

# get all .JSON files from current folder, and assume they are all resource policy definitions
$policyTemplateFiles = Get-ChildItem | Where-Object {$_ -like "*.json"};
Write-Output "Found $($policyTemplateFiles.Count) resource policies to assign to $scope.";


# Create policy definitions for all files in this folder
$policyDefinitionList = New-Object System.Collections.ArrayList;
foreach ($file in $policyTemplateFiles)
{
    $policyName = $file.Name.Replace(".json", "");
    Write-Output "Defining resource policy $policyName.";

    # see if it already exists
    $ErrorActionPreference = "SilentlyContinue";
    $policyDefinition = $null;
    $policyDefinition = Get-AzureRmPolicyDefinition -Name $policyName;
    $ErrorActionPreference = "Continue";

    # if exists
    if ($policyDefinition -ne $null) {
        $ignore = $policyDefinitionList.Add($policyDefinition);
        Write-Warning "Policy definition $policyName already exists in subscription $($subscription.SubscriptionId). Will not re-define it.";
        continue; 
    }

    # create definition
    $ErrorActionPreference = "Stop";
    $policyDefinition = New-AzureRmPolicyDefinition `
        -Name $policyName `
        -DisplayName $policyName.Replace("-", " ") `
        -Description $policyName.Replace("-", " ") `
        -Policy $file.FullName;
    $ErrorActionPreference = "Continue";

    $ignore = $policyDefinitionList.Add($policyDefinition);
}


# Assign policies to scope
foreach ($policyDefinition in $policyDefinitionList) 
{
    $policyAssignmentName = "$ResourceGroupName-$($policyDefinition.Name)";
    Write-Output "Assigning $($policyDefinition.Name) to $ResourceGroupName.";

    # check for existing assignment to this scope
    $ErrorActionPreference = "SilentlyContinue";
    $policyAssignment = $null;
    $policyAssignment = Get-AzureRmPolicyAssignment -Name $policyAssignmentName -Scope $scope;
    $ErrorActionPreference = "Continue";

    if ($policyAssignment -ne $null) 
    {
        
        # remove existing assignment (we'll update it, in case it's changed)
        $ErrorActionPreference = "SilentlyContinue";
        $removed = Remove-AzureRmPolicyAssignment -Id $policyAssignment.ResourceId;
        $ErrorActionPreference = "Continue";

        if ($removed -eq $True) {
            Write-Warning "Found existing assignment for $policyAssignmentName in scope $scope. Removed it.";
        }
        else {
            Write-Error "Found existing assignment for $policyAssignmentName in scope $scope. Could not remove it. $($error[0])";
        }
    }

    $policyAssignment = New-AzureRmPolicyAssignment -Name $policyAssignmentName `
        -Scope $scope `
        -PolicyDefinition $policyDefinition `
        -DisplayName $policyAssignmentName;
    
    Write-Verbose "Created resource policy assignment $policyAssignmentName.";
}

Write-Output "All resource policy assignments completed.";