Task: Implement a Custom ARM Policy

Video: Policies and Initiatives in Action

Estimated time: 15 minutes

Goal

Create a custom ARM Policy that requires a specific Tag be applied to all resources provisioned in a resource group.

Pre-requisites

1. Azure subscription

2. Azure AD tenant

   Completing previous tasks will meet pre-requisites.

Requirements

1. Create a custom ARM policy that requires a specific tag
2. Assign the policy to a resource group
3. Validate the policy

Requirement 1: Create custom ARM policy

Create a new policy named DemoPolicy that requires a costCenter tag.

• Use the following policy rule:

{
  "if": {
      "not": {
          "field": "tags",
          "containsKey": "costCenter"
      }
  },
  "then": {
      "effect": "deny"
  }
}

Requirement 2: Assign the policy to a resource group

Now you will create a new resource group and assign the policy to the resource group. To complete this requirements:

• Provision a new resource group named task-policy.
• Assign the DemoPolicy policy to the task-policy resource group.

Requirement 3: Validate the policy

Finally, you will test the policy. You will confirm that resources without the costCenter tag cannot be provisioned in the task-policy resource group, and those with the tag can. To complete the requirement:

• Attempt to provision a route table named demoroute in the task-policy resource group without a costCenter tag. This should fail.
• Attempt to provision a virtual machine named demovm in the task-policy resource group with a costCenter tag. This should succeed.

Cleanup

• Delete the task-policy resource group.
• Delete the DemoPolicy ARM policy.

Solution

Having trouble completing this task? View the demonstration video to see how to do it.