Forum Discussion

david_milette's avatar
david_milette
Copper Contributor
Mar 16, 2021

Azure resource group tag requirement exception?

Good day to you all, we have a policy in place requiring all new resources groups created to have 6 tags added and populated. Currently we have an application allowing elastic cloud provisioning of assets that uses the API to create a resource group and then populate said group with temporary assets. Typically via the API the resource group is created and then the tags are added but the policy is blocking this due to the 2 step process. Is there a way to create an exception to the policy in order to allow this app to create its resource groups that are temporary in nature say by enforcing an audit on the, versus a deny or something?

 

any advise is most appreciated. 

    • david_milette's avatar
      david_milette
      Copper Contributor

      hspinto Good question. I’d have to look into this with the vendor. Thry are built on the fly but maybe (hopefully) have a template structure to naming.

  • ibnmbodji's avatar
    ibnmbodji
    Steel Contributor

    Hi
    You can go the policy definition or Initiative you will see a Create exemption button
    - Click on Create exemption
    - Define Exemption scope as the Resource group
    - Give an Exemption name, category and description
    - Define the exemption expiration settings
    - Select the policy definitions scope (If it is an iniative by default all the policy definitions are selected . )
    - Review and Create the exemption

    • david_milette's avatar
      david_milette
      Copper Contributor
      Thx team the product when creating its resource group will create it with this format: MF_TESTRUN_RESOURCEGROUP_XXXXX_YYYYY where XXXXX is a random number and YYYY is the test scenario name requiring the resource group and assets. So I would suppose I'd need to create an exception around this template/mask. Is this feasible? Thx for all your help!

Resources