Skip to content

This repository holds Azure policies to enforce Microsoft's naming convention for Azure resources

License

Notifications You must be signed in to change notification settings

matthiasguentert/azure-naming-convention-initiative

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

👮‍♂️ Azure Naming Convention Initiative 🚨

This repository holds a bunch of bicep templates that creates and assigns Azure polices to audit or enforce a specific naming convention.

The preset follows Microsoft naming convention which was proposed here and adds some that where missing (e.g. private endpoints). For resource types where Microsoft doesn't make any suggestions I have created my own proposals, which can be found here.

However you can modify them according to your needs. The underyling module uses a notLike condition so you can check for pre- and postfixes, e.g. app-* would match app-some-web-application whereas *-app would match some-web-application-app.

🏗 Todo

  • Update templates, so that pattern takes an array of strings, instead of a single string

👉 Important notes & limitations

  • After assigning an initiative/policy it can take up to 30min until it becomes active, so be patient!
  • You need to have the Resource Policy Contributor role assigned on the target subscription.
  • Bicep currenlty only supports a single scope why I decided to stick with subscription scope for the moment.
  • I didn't bundle them inside an initiative on purpose, so the user can freely decided on what to policy to use.
  • When deploying a policy assignment via template, we currently can't set a non-compliant message. This seems to be a limitation of ARM.

This polices are ready to use. You don't have to rebuild them. However, in case you would like to apply your own naming schema follow this steps

  1. Adjust the array at the begining of Generate-Biceps.ps1 according to your needs
  2. Run Generate-Biceps.ps1 that will outout *.biceps into the 'dist` folder
  3. Run Generate-Templates.ps1 to transpile them into JSON-based ARM templates (outputs to the dist folder)

🚀 Currently implemented resources

🟢 Tested 🟡 Not tested yet, feedback welcome! 🔴 Not yet implemented, PR welcome!

General

Asset type Abbreviation Status Deploy
Management group mg- 🟢 Deploy to Azure
Resource group rg- 🟢 Deploy to Azure
Policy definition policy- 🟡 Deploy to Azure
API management service instance apim- 🟡 Deploy to Azure
Managed Identity id- 🟢 Deploy to Azure

Networking

Asset type Abbreviation Status Deploy
Private endpoint pe- 🔴
Virtual network vnet- 🟢 Deploy to Azure
Subnet snet- 🟡 Deploy to Azure
Virtual network peering peer- 🟡 Deploy to Azure
Network interface (NIC) nic- 🟡 Deploy to Azure
Public IP address pip- 🟡 Deploy to Azure
Load balancer (internal) lbi- 🔴
Load balancer (external) lbe- 🔴
Network security group (NSG) nsg- 🟡 Deploy to Azure
Application security group (ASG) asg- 🟡 Deploy to Azure
Local network gateway lgw- 🟡 Deploy to Azure
Virtual network gateway vgw- 🟡 Deploy to Azure
VPN connection cn- 🟡 Deploy to Azure
ExpressRoute circuit erc- 🟡 Deploy to Azure
Application gateway agw- 🟡 Deploy to Azure
Route table route- 🟡 Deploy to Azure
User defined route (UDR) udr- 🟡 Deploy to Azure
Traffic Manager profile traf- 🟡 Deploy to Azure
Front door fd- 🟡 Deploy to Azure
CDN profile cdnp- 🟢 Deploy to Azure
CDN endpoint cdne- 🟢 Deploy to Azure
Web Application Firewall (WAF) policy waf 🟡 Deploy to Azure

Compute and Web

Asset type Abbreviation Status Deploy
Virtual machine vm 🟢 Deploy to Azure
Virtual machine scale set vmss- 🟡 Deploy to Azure
Availability set avail- 🟡 Deploy to Azure
Managed disk (OS) osdisk 🔴
Managed disk (data) disk 🔴
VM storage account stvm 🔴
Azure Arc enabled server arcs- 🔴
Azure Arc enabled Kubernetes cluster arck 🔴
Container registry cr 🔴
Container instance ci- 🔴
AKS cluster aks- 🟡 Deploy to Azure
Service Fabric cluster sf- 🔴
App Service environment ase- 🔴
App Service plan plan- 🟢 Deploy to Azure
Web app app- 🟢 Deploy to Azure
Static web app stapp 🔴
Function app func- 🟡 Deploy to Azure
Cloud service cld- 🔴
Notification Hubs ntf- 🟡 Deploy to Azure
Notification Hubs namespace ntfns- 🟡 Deploy to Azure

Databases

Asset type Abbreviation Status Deploy
Azure SQL Database server sql- 🟡 Deploy to Azure
Azure SQL database sqldb- 🟡 Deploy to Azure
Azure Cosmos DB database cosmos- 🟢 Deploy to Azure
Azure Cache for Redis instance redis- 🟢 Deploy to Azure
MySQL database mysql- 🟡 Deploy to Azure
PostgreSQL database psql- 🟢 Deploy to Azure
Azure SQL Data Warehouse sqldw- 🔴
Azure Synapse Analytics syn- 🔴
SQL Server Stretch Database sqlstrdb- 🔴
SQL Managed Instance sqlmi- 🟡 Deploy to Azure

Storage

Asset type Abbreviation Status Deploy
Storage account st 🟢 Deploy to Azure
Azure StorSimple ssimp 🔴
Azure Container Registry acr 🟢 Deploy to Azure

AI and Machine Learning

Asset type Abbreviation Status Deploy
Azure Cognitive Search srch- 🔴
Azure Cognitive Services cog- 🔴
Azure Machine Learning workspace mlw- 🔴

Analytics and IoT

Asset type Abbreviation Status Deploy
Azure Analysis Services server as 🔴
Azure Databricks workspace dbw- 🔴
Azure Stream Analytics asa- 🔴
Azure Data Explorer cluster dec 🔴
Azure Data Factory adf- 🔴
Data Lake Store account dls 🔴
Data Lake Analytics account dla 🔴
HDInsight - Hadoop cluster hadoop- 🔴
HDInsight - HBase cluster hbase- 🔴
HDInsight - Kafka cluster kafka- 🔴
HDInsight - Spark cluster spark- 🔴
HDInsight - Storm cluster storm- 🔴
HDInsight - ML Services cluster mls- 🔴
IoT hub iot- 🔴
Power BI Embedded pbi- 🔴
Time Series Insights environment tsi- 🔴

Developer tools

Asset type Abbreviation Status Deploy
App Configuration store appcs- 🟢 Deploy to Azure
Azure Static Web Apps stap- 🟡 Deploy to Azure

Integration

Asset type Abbreviation Status Deploy
Integration account ia- 🟢 Deploy to Azure
Logic apps logic- 🟢 Deploy to Azure
Service Bus sb- 🟢 Deploy to Azure
Service Bus queue sbq- 🟢 Deploy to Azure
Service Bus topic sbt- 🟢 Deploy to Azure
Event Hubs namespace evhns- 🟢 Deploy to Azure
Event hub evh- 🟢 Deploy to Azure
Event Grid domain evgd- 🟢 Deploy to Azure
Event Grid topic evgt- 🟢 Deploy to Azure
Event Grid system topic evgst- 🔴
Event Grid Subscriptions evgs- 🔴 Microsoft.EventGrid/eventSubscriptions

Management and governance

Asset type Abbreviation Status Deploy
Automation account aa- 🟡 Deploy to Azure
Azure Monitor action group ag- 🔴
Azure Purview instance pview- 🔴
Blueprint bp- 🔴
Blueprint assignment bpa- 🔴
Key vault kv- 🟢 Deploy to Azure
Log Analytics workspace log- 🟢 Deploy to Azure
Application Insights appi- 🟢 Deploy to Azure

Migration

Asset type Abbreviation Status Deploy
Azure Migrate project migr- 🔴
Database Migration Service instance dms- 🟡 Deploy to Azure
Recovery Services vault rsv- 🟡 Deploy to Azure

🤓 Further reading

About

This repository holds Azure policies to enforce Microsoft's naming convention for Azure resources

Resources

License

Stars

Watchers

Forks

Packages

No packages published