Created
November 4, 2023 17:53
-
-
Save xximjasonxx/eefda46386b3b1f13d4ea6097b4e9c6a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "displayName": "Allowed locations", | |
| "policyType": "BuiltIn", | |
| "mode": "Indexed", | |
| "description": "This policy enables you to restrict the locations your organization can specify when deploying resources. Use to enforce your geo-compliance requirements. Excludes resource groups, Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the 'global' region.", | |
| "metadata": { | |
| "version": "1.0.0", | |
| "category": "General" | |
| }, | |
| "parameters": { | |
| "listOfAllowedLocations": { | |
| "type": "Array", | |
| "metadata": { | |
| "description": "The list of locations that can be specified when deploying resources.", | |
| "strongType": "location", | |
| "displayName": "Allowed locations" | |
| } | |
| } | |
| }, | |
| "policyRule": { | |
| "if": { | |
| "allOf": [ | |
| { | |
| "field": "location", | |
| "notIn": "[parameters('listOfAllowedLocations')]" | |
| }, | |
| { | |
| "field": "location", | |
| "notEquals": "global" | |
| }, | |
| { | |
| "field": "type", | |
| "notEquals": "Microsoft.AzureActiveDirectory/b2cDirectories" | |
| } | |
| ] | |
| }, | |
| "then": { | |
| "effect": "deny" | |
| } | |
| } | |
| }, | |
| "id": "/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c", | |
| "type": "Microsoft.Authorization/policyDefinitions", | |
| "name": "e56962a6-4747-49cd-b67b-bf8b01975c4c" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment