cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure resource group tag requirement exception?

david_milette
Copper Contributor

‎Mar 15 2021 05:33 PM - edited ‎Mar 15 2021 05:49 PM

‎Mar 15 2021 05:33 PM - edited ‎Mar 15 2021 05:49 PM

Azure resource group tag requirement exception?

Good day to you all, we have a policy in place requiring all new resources groups created to have 6 tags added and populated. Currently we have an application allowing elastic cloud provisioning of assets that uses the API to create a resource group and then populate said group with temporary assets. Typically via the API the resource group is created and then the tags are added but the policy is blocking this due to the 2 step process. Is there a way to create an exception to the policy in order to allow this app to create its resource groups that are temporary in nature say by enforcing an audit on the, versus a deny or something?

 

any advise is most appreciated. 

2,508 Views
0 Likes
8 Replies
Reply
8 Replies
hspinto

‎Mar 16 2021 05:43 AM

‎Mar 16 2021 05:43 AM

Re: Azure resource group tag requirement exception?

@david_milette 

 

If you know the name of the temporary resource groups, have you tried to add exclusions or exemptions?

 

Understand scope in Azure Policy - Azure Policy | Microsoft Docs

 

If the resource group name cannot be anticipated, I am afraid you cannot add an exception to something that is unknown.

0 Likes
Reply
david_milette

‎Mar 16 2021 05:51 AM

‎Mar 16 2021 05:51 AM

Re: Azure resource group tag requirement exception?

@hspinto Good question. I’d have to look into this with the vendor. Thry are built on the fly but maybe (hopefully) have a template structure to naming.

0 Likes
Reply
ibnmbodji

‎Mar 16 2021 06:09 AM - edited ‎Mar 16 2021 06:10 AM

‎Mar 16 2021 06:09 AM - edited ‎Mar 16 2021 06:10 AM

Re: Azure resource group tag requirement exception?

Hi
You can go the policy definition or Initiative you will see a Create exemption button
- Click on Create exemption
- Define Exemption scope as the Resource group
- Give an Exemption name, category and description
- Define the exemption expiration settings
- Select the policy definitions scope (If it is an iniative by default all the policy definitions are selected . )
- Review and Create the exemption

0 Likes
Reply
david_milette

‎Mar 16 2021 06:14 AM

‎Mar 16 2021 06:14 AM

Re: Azure resource group tag requirement exception?

Thx team the product when creating its resource group will create it with this format: MF_TESTRUN_RESOURCEGROUP_XXXXX_YYYYY where XXXXX is a random number and YYYY is the test scenario name requiring the resource group and assets. So I would suppose I'd need to create an exception around this template/mask. Is this feasible? Thx for all your help!
0 Likes
Reply
ibnmbodji

‎Mar 16 2021 06:24 AM

‎Mar 16 2021 06:24 AM

Re: Azure resource group tag requirement exception?

The resource group should exist before creating the exemption so deployment will be blocked if the effect is set to deny .
You can either see another effect to avoid the deny
https://docs.microsoft.com/en-us/azure/governance/policy/concepts/effects
Or deploy resources in another subscription
0 Likes
Reply
david_milette

‎Mar 16 2021 06:47 AM

‎Mar 16 2021 06:47 AM

Re: Azure resource group tag requirement exception?

Indeed, that is what we are seing. Thx for the clarification.
0 Likes
Reply
david_milette

‎Mar 21 2021 01:42 PM

‎Mar 21 2021 01:42 PM

Re: Azure resource group tag requirement exception?

As our app implementation was using the .Net API we managed to code this to finally work. Thx for all your assistance!
0 Likes
Reply
ibnmbodji

‎Mar 22 2021 01:53 AM

‎Mar 22 2021 01:53 AM

Re: Azure resource group tag requirement exception?

@david_milette 

Hi 

It can be interesting to see what it's look like . 

Thanks 

0 Likes
Reply