I have try to refer this policy & created below custom policy. Somehow this is not working as expected. Could you please help to debug this?
{
"properties": {
"displayName": "Configure backup on Storageaccount with a given tag to an existing recovery services vault in the same location",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Enforce backup for all stoageaccount by backing them up to an existing central recovery services vault in the same location and subscription as the virtual machine. Doing this is useful when there is a central team in your organization managing backups for all resources in a subscription. You can optionally include virtual machines containing a specified tag to control the scope of assignment. See
https://aka.ms/AzureVMCentralBackupIncludeTag.",
"metadata": {
"version": "3.0.0",
"category": "Backup"
},
"parameters": {
"vaultLocation": {
"type": "String",
"metadata": {
"displayName": "Location (Specify the location of the VMs that you want to protect)",
"description": "Specify the location of the VMs that you want to protect. VMs should be backed up to a vault in the same location. For example - CanadaCentral",
"strongType": "location"
}
},
"inclusionTagName": {
"type": "String",
"metadata": {
"displayName": "Inclusion Tag Name",
"description": "Name of the tag to use for including VMs in the scope of this policy. This should be used along with the Inclusion Tag Value parameter. Learn more at
},
"defaultValue": ""
},
"inclusionTagValue": {
"type": "Array",
"metadata": {
"displayName": "Inclusion Tag Values",
"description": "Value of the tag to use for including VMs in the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Inclusion Tag Name parameter. Learn more at
https://aka.ms/AppCentricVMBackupPolicy."
}
},
"backupPolicyId": {
"type": "String",
"metadata": {
"displayName": "Backup Policy (of type Storage Account from a vault in the location chosen above)",
"description": "Specify the ID of the Azure Backup policy to configure backup of the Storage Account. The selected Azure Backup policy should be of type Azure Storage Account. This policy needs to be in a vault that is present in the location chosen above. For example - /subscriptions/<SubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.RecoveryServices/vaults/<VaultName>/backupPolicies/<BackupPolicyName>",
"strongType": "Microsoft.RecoveryServices/vaults/backupPolicies"
}
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"deployIfNotExists",
"auditIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Storage/storageAccounts"
},
{
"field": "id",
"notContains": "/resourceGroups/databricks-rg-"
},
{
"field": "location",
"equals": "[parameters('vaultLocation')]"
},
{
"field": "[concat('tags[', parameters('inclusionTagName'), ']')]",
"in": "[parameters('inclusionTagValue')]"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/XXXXXXXXXXXX",
"/providers/microsoft.authorization/roleDefinitions/XXXXXXXXXXXX"
],
"type": "Microsoft.RecoveryServices/backupprotecteditems",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "
http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"backupPolicyId": {
"type": "String"
},
"fabricName": {
"type": "String"
},
"protectionContainers": {
"type": "String"
},
"protectedItems": {
"type": "String"
},
"sourceResourceId": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2017-05-10",
"name": "[concat('DeployProtection-',uniqueString(parameters('protectedItems')))]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[first(skip(split(parameters('backupPolicyId'), '/'), 4))]",
"subscriptionId": "[first(skip(split(parameters('backupPolicyId'), '/'), 2))]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "
https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"backupPolicyId": {
"type": "String"
},
"fabricName": {
"type": "String"
},
"protectionContainers": {
"type": "String"
},
"protectedItems": {
"type": "String"
},
"sourceResourceId": {
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
"name": "[concat(first(skip(split(parameters('backupPolicyId'), '/'), 8)), '/', parameters('fabricName'), '/',parameters('protectionContainers'), '/', parameters('protectedItems'))]",
"apiVersion": "2016-06-01",
"properties": {
"protectedItemType": "Microsoft.Storage/storageAccounts",
"policyId": "[parameters('backupPolicyId')]",
"sourceResourceId": "[parameters('sourceResourceId')]"
}
}
]
},
"parameters": {
"backupPolicyId": {
"value": "[parameters('backupPolicyId')]"
},
"fabricName": {
"value": "[parameters('fabricName')]"
},
"protectionContainers": {
"value": "[parameters('protectionContainers')]"
},
"protectedItems": {
"value": "[parameters('protectedItems')]"
},
"sourceResourceId": {
"value": "[parameters('sourceResourceId')]"
}
}
}
}
]
},
"parameters": {
"backupPolicyId": {
"value": "[parameters('backupPolicyId')]"
},
"fabricName": {
"value": "AzureStorage"
},
"protectionContainers": {
"value": "[concat('/azfileshare;', resourceGroup().name, ';' ,field('name'))]"
},
"protectedItems": {
"value": "[concat('/azfileshare;', resourceGroup().name, ';' ,field('name'))]"
},
"sourceResourceId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/',field('name'))]"
}
}
}
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/XXXXXXXXXXXXXXX",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "XXXXXXXXXXXXXXX"
}
