azurepolicyazure-cloud-servicesazure-resource-group

Restrict/deny the allowed locations for resources


I am looking to assign the resource policy that to limit the allowed locations where the resources can be deployed, so that I can be use only the particular resources for my work and the cost will be low. I found This but this is like manually restricted I need it in the script way.

I searched in the network but didn't find any related doc. Can anyone help on this, thanks in advance.


Solution

  • I have followed the below configuration to deny the allowed locations for resources

    Go-To Portal → and search for Policy and policy definition

    enter image description here

    I have filled the appropriate fields and i have used the below script to deny allocated locations

     { 
    "properties": { 
    "displayName": "Allowed resource types", 
    "policyType": "BuiltIn",  
    "mode": "Indexed",  
    "description": "This policy enables you to specify the resource types that your organization can deploy. Only resource types that support 'tags' and 'location' will be affected by this policy. To restrict all resources please duplicate this policy and change the 'mode' to 'All'.", 
    "metadata": { 
    "version": "1.0.0",    
    "category": "General"  
    },   
    "parameters": { 
    "listOfResourceTypesAllowed": { 
    "type": "Array", 
    "metadata": {   
    "description": "The list of resource types that can be deployed.",  
    "displayName": "Allowed resource types",  
    "strongType": "resourceTypes"   
    }   
    } 
    }, 
    "policyRule": {
    "if": {
    "not": {
    "field": "type",
    "in": "[parameters('listOfResourceTypesAllowed')]"
    }
    },
    "then": {
    "effect": "deny"
    }
    }
    

    I have assigned the policy and when I check in the assignments I am able to see

    enter image description here

    When I check to create resource group with non allowed locations I am not able to create

    enter image description here