Sample ARM and Bicep(!) templates for Azure policy and policy initiative definitions.
Before starting to work with these templates, read the information in the following blog posts according to your interests:
- Naming convention for Azure resources
- How to validate Azure tags
- Azure Policy Best Practices
- Audit and Enable Azure Hybrid Benefit using Azure Policy
- How to deploy Azure Policy with Bicep
- Azure Policy: Starter Guide
- Practical aspects of running a CMDB for Azure resources: Tips
- Practical aspects of running a CMDB for Azure resources: Fundamentals
- How to deploy Azure Policy from an Azure DevOps pipeline
- How to ensure proper configuration for your Azure resources
- Automatic tagging for Azure resources
- How to enforce naming convention for Azure resources
- Using ARM templates to deploy Azure Policy initiatives
- How to deploy Azure Policies with ARM templates
To start working with this project, clone the repository to your local machine and look for the artifacts in the specific folders:
- linked templates - contains sample ARM templates for policy and initiative definitions plus their assignments grouped by logical area
- main-template - contains master ARM template to perform deployments of all policies and initiatives to a subscription
To create definitions and assignments for policies and initiatives in the target subscription or resource group, use the following build order:
-
Deploy policy definitions
-
Deploy policy initiatives
-
(Optionally) Create a resource group to be used as a target for assignments during testing policy effects
-
Create policy and initiative assignments
-
Pay attention to the format of parameters as there are cases when they should be provided as an object type. Look into existing policies and initiatives for examples.
-
When using deployment scripts in the build/release pipelines, define the script variables in the pipeline ones.