Azure
/
Enterprise-Scale
зеркало из https://github.com/Azure/Enterprise-Scale.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

ALZ Contribution Guide - Policy Naming Convention (#1176) 

* policy naming convention

* added note

* More comments
This commit is contained in:
JamJarchitect 2023-01-19 17:12:53 +00:00 коммит произвёл GitHub
Родитель 94e4a3b79c
Коммит 2ee2aca682
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 24 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

24
docs/wiki/ALZ-Contribution-Guide.md
Просмотреть файл

@ -93,6 +93,30 @@ To work with policies, they are location in [src/resources/Microsoft.Authorizati
To create a new policy, it is worth taking the framework from an already existing policy.
In ALZ Custom there is a way to name the custom policies that are used. They are prefixed with one of the following: `Append`, `Audit`, `Deny` or `Deploy`
#### **Append**
When contributing a custom policy based on appending resources at scale, the correct prefix would be `Append` - such as `Append-AppService-httpsonly.json`.
#### **Audit**
Auditing resources at scale via policy is achievable using the correct effect inside the definition. This policy contribution should be prefixed with `Audit` - in example, `Audit-MachineLearning-PrivateEndpointId.json`.
#### **Deny**
Deny policies are used to prevent the creation/action of and on Azure resources. Policies being created and contributed should be prefixed with 'Deny' - in example `Deny-Databricks-Sku.json`.
#### **Deploy**
Deploy follows the DeployIfNotExists (DINE) methodology. Policy contribution should be named prefixed with `Deploy` - in example `Deploy-Custom-Route-Table.json`.
The naming convetion should be formatted in the following manner: `{prefix}-{resourceType}-{targetSetting}.json`. In an example: `Deny-SqlMi-minTLS.json`.
When creating the naming convention for the definition, it must company with the [Naming rule and restrictions for Azure resources | Microsoft Authorization](https://learn.microsoft.com/azure/azure-resource-manager/management/resource-name-rules#microsoftauthorization) standard.
Once the `Name` in the file name and `Name` in the policy definition have been set, it is worth noting that they should not be changed as it can impact initiatives and assignments.
Inside of the JSON is a `metadata` section which is required for policy creation.
![Policy Metadata](https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/policy-metadata-example.png)