Azure Policies Guide
Azure policies can be used to ensure that resources created in Azure are compliant with rules you wish to enforce. This could be anything from naming conventions to federal regulations. If you want your resources to be restricted in some way, Azure policies are the way to do it. Here's how you can get started with Azure policies in Kion.
Creating an Azure Policy
To create a new Azure policy, do the following:
- Navigate to Cloud Management in the sidebar, then select Azure Policy Definitions.
- Click the + button at the top of the page to start creating a new Azure policy.
- On this page, fill in the Azure policy name and description. These will be reflected in the Azure portal when created.
- In the text area called Azure Policy Definition, fill in the value of the properties section of your Azure policy. For example, if you have an Azure policy that looks like so:
{ "properties": { "description": "My test policy", "displayName": "My Policy", "mode": "all", "parameters": { "paramOne": { "type": "string", "defaultValue": "Default" } }, "policyRule": { "if": { "not": { "field": "name", "like": "[concat(parameters('paramOne'), '*')]" } }, "then": { "effect": "audit" } } } }
Then you will paste the following into the text area:
{ "description": "My test policy", "displayName": "My Policy", "mode": "all", "parameters": { "paramOne": { "type": "string", "defaultValue": "Default" } }, "policyRule": { "if": { "not": { "field": "name", "like": "[concat(parameters('paramOne'), '*')]" } }, "then": { "effect": "audit" } } }
- In the next text area titled Parameters, you may enter the parameters for this Azure policy that will be filled when it is assigned. For example, the parameters may look like this, assuming the example from the previous instruction is used:
{ "paramOne": { "value": "NotDefault" } }
- Select the users and groups which should have ownership over this policy definition using the dropdowns.
- When you're ready to create the policy, click Create Policy Definition.
Adding an Azure Policy to a Cloud Rule
Because Azure policies only affect how resources are created and do not discern between users, you may only attach Azure policies to cloud rules and not to cloud access roles. Here's how you can go about doing that:
- Navigate to Cloud Management in the side bar, then select Cloud Rules.
- Either create a new cloud rule by clicking the + button or edit an existing cloud rule by selecting its ellipsis menu and clicking edit.
- Scroll to the Azure Settings section, then click the Azure Policies dropdown to select the Azure policy or policies that you would like to be applied through the cloud rule.
When you apply the cloud rule to a project containing Azure subscriptions, the subscriptions will have the policies defined and applied.
Clone an Azure Policy
You can clone an existing Azure policy, using it as a template to create a new Azure policy. This includes built-in policy definitions (the clone will be a custom policy).
To do this, do the following:
- Navigate to Cloud Management >Azure Policy Definitions. You can move through the pages of the list with the > button, and you can apply filters with the Filter button.
- Click the ellipsis menu on the Azure Policy Definition you want to edit, then click Clone.
- Change the Azure Policy Definition Name. This will save it as a new Azure policy.
- Modify any other fields you would like to update. The Policy Type
- Click Clone Azure Policy Definition when you are done.
Deleting an Azure Policy
You may delete an Azure policy if it is not being used on any cloud rules. To do this, do the following:
- Navigate to Cloud Management in the side bar, then select Azure Policy Definitions. You can move through the pages of the list with the > button, and you can apply filters with the Filter button.
- Click the ellipsis menu on the Azure policy definition you want to delete, then click Delete.
- Click Yes, Delete on the dialog that appears to confirm that you want to delete the policy definition.