This repository holds a bunch of bicep templates that creates and assigns Azure polices to audit or enforce a specific naming convention.
The preset follows Microsoft naming convention which was proposed here and adds some that where missing (e.g. private endpoints). For resource types where Microsoft doesn't make any suggestions I have created my own proposals, which can be found here.
However you can modify them according to your needs. The underyling module uses a notLike
condition so you can check for pre- and postfixes, e.g. app-*
would match app-some-web-application
whereas *-app
would match some-web-application-app
.
- Update templates, so that pattern takes an array of strings, instead of a single string
- After assigning an initiative/policy it can take up to 30min until it becomes active, so be patient!
- You need to have the
Resource Policy Contributor
role assigned on the target subscription. - Bicep currenlty only supports a single scope why I decided to stick with
subscription
scope for the moment. - I didn't bundle them inside an initiative on purpose, so the user can freely decided on what to policy to use.
- When deploying a policy assignment via template, we currently can't set a
non-compliant message
. This seems to be a limitation of ARM.
This polices are ready to use. You don't have to rebuild them. However, in case you would like to apply your own naming schema follow this steps
- Adjust the array at the begining of
Generate-Biceps.ps1
according to your needs - Run
Generate-Biceps.ps1
that will outout *.biceps into the 'dist` folder - Run
Generate-Templates.ps1
to transpile them into JSON-based ARM templates (outputs to thedist
folder)
🟢 Tested 🟡 Not tested yet, feedback welcome! 🔴 Not yet implemented, PR welcome!
Asset type | Abbreviation | Status | Deploy |
---|---|---|---|
Management group | mg- |
🟢 | |
Resource group | rg- |
🟢 | |
Policy definition | policy- |
🟡 | |
API management service instance | apim- |
🟡 | |
Managed Identity | id- |
🟢 |
Asset type | Abbreviation | Status | Deploy |
---|---|---|---|
Storage account | st |
🟢 | |
Azure StorSimple | ssimp |
🔴 | |
Azure Container Registry | acr |
🟢 |
Asset type | Abbreviation | Status | Deploy |
---|---|---|---|
Azure Cognitive Search | srch- |
🔴 | |
Azure Cognitive Services | cog- |
🔴 | |
Azure Machine Learning workspace | mlw- |
🔴 |
Asset type | Abbreviation | Status | Deploy |
---|---|---|---|
Azure Analysis Services server | as |
🔴 | |
Azure Databricks workspace | dbw- |
🔴 | |
Azure Stream Analytics | asa- |
🔴 | |
Azure Data Explorer cluster | dec |
🔴 | |
Azure Data Factory | adf- |
🔴 | |
Data Lake Store account | dls |
🔴 | |
Data Lake Analytics account | dla |
🔴 | |
HDInsight - Hadoop cluster | hadoop- |
🔴 | |
HDInsight - HBase cluster | hbase- |
🔴 | |
HDInsight - Kafka cluster | kafka- |
🔴 | |
HDInsight - Spark cluster | spark- |
🔴 | |
HDInsight - Storm cluster | storm- |
🔴 | |
HDInsight - ML Services cluster | mls- |
🔴 | |
IoT hub | iot- |
🔴 | |
Power BI Embedded | pbi- |
🔴 | |
Time Series Insights environment | tsi- |
🔴 |
Asset type | Abbreviation | Status | Deploy |
---|---|---|---|
App Configuration store | appcs- |
🟢 | |
Azure Static Web Apps | stap- |
🟡 |
Asset type | Abbreviation | Status | Deploy |
---|---|---|---|
Azure Migrate project | migr- |
🔴 | |
Database Migration Service instance | dms- |
🟡 | |
Recovery Services vault | rsv- |
🟡 |