This repository holds a bunch of bicep templates that creates and assigns Azure polices to audit or enforce a specific naming convention.
The preset follows Microsoft naming convention which was proposed here and adds some that where missing (e.g. private endpoints). For resource types where Microsoft doesn't make any suggestions I have created my own proposals, which can be found here.
However you can modify them according to your needs. The underyling module uses a notLike condition so you can check for pre- and postfixes, e.g. app-* would match app-some-web-application whereas *-app would match some-web-application-app.
- Update templates, so that pattern takes an array of strings, instead of a single string
- After assigning an initiative/policy it can take up to 30min until it becomes active, so be patient!
- You need to have the
Resource Policy Contributorrole assigned on the target subscription. - Bicep currenlty only supports a single scope why I decided to stick with
subscriptionscope for the moment. - I didn't bundle them inside an initiative on purpose, so the user can freely decided on what to policy to use.
- When deploying a policy assignment via template, we currently can't set a
non-compliant message. This seems to be a limitation of ARM.
This polices are ready to use. You don't have to rebuild them. However, in case you would like to apply your own naming schema follow this steps
- Adjust the array at the begining of
Generate-Biceps.ps1according to your needs - Run
Generate-Biceps.ps1that will outout *.biceps into the 'dist` folder - Run
Generate-Templates.ps1to transpile them into JSON-based ARM templates (outputs to thedistfolder)
🟢 Tested 🟡 Not tested yet, feedback welcome! 🔴 Not yet implemented, PR welcome!
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Management group | mg- |
🟢 | |
| Resource group | rg- |
🟢 | |
| Policy definition | policy- |
🟡 | |
| API management service instance | apim- |
🟡 | |
| Managed Identity | id- |
🟢 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Private endpoint | pe- |
🔴 | |
| Virtual network | vnet- |
🟢 | |
| Subnet | snet- |
🟡 | |
| Virtual network peering | peer- |
🟡 | |
| Network interface (NIC) | nic- |
🟡 | |
| Public IP address | pip- |
🟡 | |
| Load balancer (internal) | lbi- |
🔴 | |
| Load balancer (external) | lbe- |
🔴 | |
| Network security group (NSG) | nsg- |
🟡 | |
| Application security group (ASG) | asg- |
🟡 | |
| Local network gateway | lgw- |
🟡 | |
| Virtual network gateway | vgw- |
🟡 | |
| VPN connection | cn- |
🟡 | |
| ExpressRoute circuit | erc- |
🟡 | |
| Application gateway | agw- |
🟡 | |
| Route table | route- |
🟡 | |
| User defined route (UDR) | udr- |
🟡 | |
| Traffic Manager profile | traf- |
🟡 | |
| Front door | fd- |
🟡 | |
| CDN profile | cdnp- |
🟢 | |
| CDN endpoint | cdne- |
🟢 | |
| Web Application Firewall (WAF) policy | waf |
🟡 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Virtual machine | vm |
🟢 | |
| Virtual machine scale set | vmss- |
🟡 | |
| Availability set | avail- |
🟡 | |
| Managed disk (OS) | osdisk |
🔴 | |
| Managed disk (data) | disk |
🔴 | |
| VM storage account | stvm |
🔴 | |
| Azure Arc enabled server | arcs- |
🔴 | |
| Azure Arc enabled Kubernetes cluster | arck |
🔴 | |
| Container registry | cr |
🔴 | |
| Container instance | ci- |
🔴 | |
| AKS cluster | aks- |
🟡 | |
| Service Fabric cluster | sf- |
🔴 | |
| App Service environment | ase- |
🔴 | |
| App Service plan | plan- |
🟢 | |
| Web app | app- |
🟢 | |
| Static web app | stapp |
🔴 | |
| Function app | func- |
🟡 | |
| Cloud service | cld- |
🔴 | |
| Notification Hubs | ntf- |
🟡 | |
| Notification Hubs namespace | ntfns- |
🟡 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Azure SQL Database server | sql- |
🟡 | |
| Azure SQL database | sqldb- |
🟡 | |
| Azure Cosmos DB database | cosmos- |
🟢 | |
| Azure Cache for Redis instance | redis- |
🟢 | |
| MySQL database | mysql- |
🟡 | |
| PostgreSQL database | psql- |
🟢 | |
| Azure SQL Data Warehouse | sqldw- |
🔴 | |
| Azure Synapse Analytics | syn- |
🔴 | |
| SQL Server Stretch Database | sqlstrdb- |
🔴 | |
| SQL Managed Instance | sqlmi- |
🟡 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Storage account | st |
🟢 | |
| Azure StorSimple | ssimp |
🔴 | |
| Azure Container Registry | acr |
🟢 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Azure Cognitive Search | srch- |
🔴 | |
| Azure Cognitive Services | cog- |
🔴 | |
| Azure Machine Learning workspace | mlw- |
🔴 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Azure Analysis Services server | as |
🔴 | |
| Azure Databricks workspace | dbw- |
🔴 | |
| Azure Stream Analytics | asa- |
🔴 | |
| Azure Data Explorer cluster | dec |
🔴 | |
| Azure Data Factory | adf- |
🔴 | |
| Data Lake Store account | dls |
🔴 | |
| Data Lake Analytics account | dla |
🔴 | |
| HDInsight - Hadoop cluster | hadoop- |
🔴 | |
| HDInsight - HBase cluster | hbase- |
🔴 | |
| HDInsight - Kafka cluster | kafka- |
🔴 | |
| HDInsight - Spark cluster | spark- |
🔴 | |
| HDInsight - Storm cluster | storm- |
🔴 | |
| HDInsight - ML Services cluster | mls- |
🔴 | |
| IoT hub | iot- |
🔴 | |
| Power BI Embedded | pbi- |
🔴 | |
| Time Series Insights environment | tsi- |
🔴 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| App Configuration store | appcs- |
🟢 | |
| Azure Static Web Apps | stap- |
🟡 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Integration account | ia- |
🟢 | |
| Logic apps | logic- |
🟢 | |
| Service Bus | sb- |
🟢 | |
| Service Bus queue | sbq- |
🟢 | |
| Service Bus topic | sbt- |
🟢 | |
| Event Hubs namespace | evhns- |
🟢 | |
| Event hub | evh- |
🟢 | |
| Event Grid domain | evgd- |
🟢 | |
| Event Grid topic | evgt- |
🟢 | |
| Event Grid system topic | evgst- |
🔴 | |
| Event Grid Subscriptions | evgs- |
🔴 | Microsoft.EventGrid/eventSubscriptions |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Automation account | aa- |
🟡 | |
| Azure Monitor action group | ag- |
🔴 | |
| Azure Purview instance | pview- |
🔴 | |
| Blueprint | bp- |
🔴 | |
| Blueprint assignment | bpa- |
🔴 | |
| Key vault | kv- |
🟢 | |
| Log Analytics workspace | log- |
🟢 | |
| Application Insights | appi- |
🟢 |
| Asset type | Abbreviation | Status | Deploy |
|---|---|---|---|
| Azure Migrate project | migr- |
🔴 | |
| Database Migration Service instance | dms- |
🟡 | |
| Recovery Services vault | rsv- |
🟡 |