-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Compute_virtualMachines_ZoneAligned_Audit.json
55 lines (55 loc) · 1.87 KB
/
Compute_virtualMachines_ZoneAligned_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
"properties": {
"displayName": "[Preview]: Virtual Machines should be Zone Aligned",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Virtual Machines can be configured to be Zone Aligned or not. They are considered Zone Aligned if they have only one entry in their zones array. This policy ensures that they are configured to operate within a single availability zone.",
"metadata": {
"category": "Resilience",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "This parameter lets you choose the effect of the policy. If you choose Audit (default), the policy will only audit resources for compliance. If you choose Deny, the policy will deny the creation of non-compliant resources. If you choose Disabled, the policy will not enforce compliance (useful, for example, as a second assignment to ignore a subset of non-compliant resources in a single resource group)."
},
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"not": {
"count": {
"field": "Microsoft.Compute/virtualMachines/zones[*]"
},
"equals": 1
}
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/42f4f3a2-7d20-4c13-a05d-01857a626c22",
"name": "42f4f3a2-7d20-4c13-a05d-01857a626c22"
}