I am trying to create a policy which forces two routes to be on route table. My policy currently is:
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/routeTables"
},
{
"anyOf": [
{
"field": "Microsoft.Network/routeTables/routes[*].name",
"NotEquals": "myrouteA"
},
{
"field": "Microsoft.Network/routeTables/routes[*].name",
"NotEquals": "myrouteB"
}
]
}
]
},
"then": {
"effect": "deny"
}
}
But this does not deny the removal of routes. What should I change?
Azure Policy are not used for scenarios - deny removal. Use resource locks to avoid removal of the Route Table.
You can have a plan to have RouteTable with recommended routes by enforcing a policy.