June 1, 2018

Azure Policy – Allowing only define VM sizes

Azure Policy is the big step to start to have some sort of governance on your Azure environment. It’s really easy to implement, efficient and powerful. With Azure Policies, you can control how and what you allow users to deploy. It’s important to have such policies to control the cost of the subscription, special when you have a monthly budget like mine. On other hand, you are limiting the number of possible human mistake, by selecting the wrong VM size.

You can always suspend the policy, for a brief moment, in case you need to deploy that VM size and then resume the policy again.

In this case, the idea is to limit the size of the VM, that you are allowing to deploy on the subscription.

Here is the example of the policy:

{

  “policyRule”: {

    “if”: {

      “allOf”: [

        {

          “field”: “type”,

        “equals”: “Microsoft.Compute/virtualMachines”

        },

        {

          “not”: {

            “field”: “Microsoft.Compute/virtualMachines/sku.name”,

            “in”: [ “Standard_A0”, “Standard_A1”, “Standard_D1” ]

          }

        }

      ]

    },

    “then”: {

      “effect”: “deny”

    }

  }

}

Cheers,

Marcos Nogueira
Azure MVP
azurecentric.com
Twitter: @mdnoga

Written by Marcos Nogueira

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents. Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

Share

Marcos Nogueira

With more than 18 years experience in Datacenter Architectures, Marcos Nogueira is currently working as a Principal Cloud Solution Architect. He is an expert in Private and Hybrid Cloud, with a focus on Microsoft Azure, Virtualization and System Center. He has worked in several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms, IT Services, and Gas & Oil in different countries and continents. Marcos was a Canadian MVP in System Center Cloud & Datacenter Managenment and he has +14 years as Microsoft Certified, with more than 100+ certifications (MCT, MCSE, and MCITP, among others). Marcos is also certified in VMware, CompTIA and ITIL v3. He assisted Microsoft in the development of workshops and special events on Private & Hybrid Cloud, Azure, System Center, Windows Server, Hyper-V and as a speaker at several Microsoft TechEd/Ignite and communities events around the world.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: