Azure Tutorials Series - Azure Policy | Blueprints
In previous article we learnt about Azure Encryption, Key Value, Azure Storage Encryption and lot of other related terms. In this article we will learn about Azure Policy, Difference between Azure Policy and RBAC, How to create a policy, Azure Blueprints, Azure Blueprints vs Azure Resource Manager Templates and lastly Azure Blueprints versus Azure Policy.
Azure Policy & Azure Blueprints
- Ensure whether the standards are maintained and followed.
Azure Policy
- Enforces rules or policies for specified or all resources
- Makes sure all existing resources follows it and all the new deployment shall also follow it
- Such that infrastructure remains compliant, for an example, all the virtual machines in your organization has 8 GB RAM at least, or even allows to select the location of the resources.
- Can immediately deny the creation of a new resource if it is non-compliant with the policy.
- Can stop the update of old resource if it is against the policy.
- Azure Policy can add restrictions on
- Storage accounts SKUs
- Virtual machine instance types
- Rules related to tagging of resource and groups
- Represented in JSON format.
- No prompt is thrown for the user consent.
- Before creating, make sure you decide the scope of the policy, it may apply from management group to resource group.
- Note- Policy is inherited by the child nodes. Exception is also allowed, for example, you may want to apply policy to entire subscription but not a particular resource group, it is equally possible.
- Create or update any resource through Azure Resource Manager is evaluated through policy first
- Few of the Policy status are
- Deny
- Disabled
- Append
- Audit, AuditIfNotExists
- DeployIfNotExists
Azure Policy vs RBAC
- RBAC focuses on user actions at different scopes, whereas Azure policy focuses on resource properties.
- Unlike RBAC, Azure policy is a default allow and explicit deny system.
Azure Blueprints
- Azure Blueprints is a declarative way to orchestrating deployment of
- Role assignments
- Policy assignments
- Azure Resource Manager Templates
- Resource groups
- Useful in DevOps - makes automation easier
- Suppose you want to move the blueprint files to Azure, you should then be using Azure Storage Explorer to copy the files.
Comments
Post a Comment