Demystifying Azure Policies with ARM Templates

In my blog post Defining Input Parameters For Policy Definitions in ARM Template I’ve showed you how to use deploy policy definitions with parameters via ARM template. I didn’t described completely on why such workaround is needed but I think now it is good time to explain that as well. The topic is a little bit complex so I hope my explanation will help you understand it.

Continue reading “Demystifying Azure Policies with ARM Templates”

Platform Image Azure Policy Definition Example

Azure Policy team has a GitHub repository of Policy definitions examples. Recently I’ve been looking at some of the examples there and I’ve noticed that one of them was not working correctly. Specifically I am referring to Platform Image Policy. Additionally the example contains only the rules. It does not have ARM template for deploying the definition. You will notice also that the policy is pretty static as it does not contain parameters. Because of that based on that sample I would like to create an example on my own and show it to you.

Continue reading “Platform Image Azure Policy Definition Example”

Escape Double Quotes For Strings in ARM Templates

Recently I’ve came into the following situation. I needed to store a json as Azure Automation string variable. To do that is easy as you just need to pass the json as text by first escaping it. That is easy peasy when using PowerShell. But what if you want to pass the json as object parameter via ARM template parameters file and do the escape completely within the ARM template. Apparently that is possible as well and I will show you how.

Continue reading “Escape Double Quotes For Strings in ARM Templates”

Azure Linked Subscription Level Template Deployment Requires Location

Subscription Level Template deployments is relatively new feature. Support for Azure CLI was added in version 2.0.40 and for AzureRM PowerShell module is yet to come. Basically instead of deploying resources at resource group you are doing that at subscription level. This opens a lot of possibilities some of which are:

Continue reading “Azure Linked Subscription Level Template Deployment Requires Location”

Defining Input Parameters For Policy Definitions in ARM Template

My good friend and fellow MVP Tao Yang wrote a great post on Using ARM Templates to Deploying Azure Policy Definitions That Requires Input Parameters. Azure Policy has two terms that you should be aware:

  • Policy Definition – This is the policy itself. This is the definition of what will be governed. The policy definition when created does not do anything until it is assigned. There are policy definitions available out of the box (created by Microsoft) and such that can be created on your own. Out of box policies are of type built-in and the ones created by you are custom.
  • Policy Assignment – This assigns policy definition to be applied at specific level like subscription, management group or resource group.

Continue reading “Defining Input Parameters For Policy Definitions in ARM Template”