diff --git a/docs/source/azure/examples/addstoragefirewall.rst b/docs/source/azure/examples/addstoragefirewall.rst
index bd44a6b76db..e119c731f19 100644
--- a/docs/source/azure/examples/addstoragefirewall.rst
+++ b/docs/source/azure/examples/addstoragefirewall.rst
@@ -1,3 +1,5 @@
+.. _azure_examples_add_firewall_rules_to_storage:
+
Add storage firewall
====================
diff --git a/docs/source/azure/examples/resizeappplan.rst b/docs/source/azure/examples/resizeappplan.rst
index b7051ca75e6..3baf6823b7b 100644
--- a/docs/source/azure/examples/resizeappplan.rst
+++ b/docs/source/azure/examples/resizeappplan.rst
@@ -1,3 +1,5 @@
+.. _azure_examples_resize_app_service_plan:
+
Resize an Application Service Plan
==============================================================
Count or Size can be provided individually or together.
diff --git a/docs/source/azure/policy/resources/appserviceplan.rst b/docs/source/azure/policy/resources/appserviceplan.rst
index f7577b40ae2..e21ae77ec07 100644
--- a/docs/source/azure/policy/resources/appserviceplan.rst
+++ b/docs/source/azure/policy/resources/appserviceplan.rst
@@ -33,29 +33,4 @@ Actions
Example Policies
----------------
-
-This set of policies will mark all app services for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
-
-.. code-block:: yaml
-
- policies:
- - name: mark-test-appservice-for-deletion
- resource: azure.appserviceplan
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-appservice
- resource: azure.appserviceplan
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
+- :ref:`azure_examples_resize_app_service_plan`
\ No newline at end of file
diff --git a/docs/source/azure/policy/resources/arm.rst b/docs/source/azure/policy/resources/arm.rst
index 3cca54a6bba..2643bcdd198 100644
--- a/docs/source/azure/policy/resources/arm.rst
+++ b/docs/source/azure/policy/resources/arm.rst
@@ -1,7 +1,7 @@
.. _azure_armresource:
-Network Interface
-=================
+Azure ARM Resource
+==================
Filters
-------
@@ -15,32 +15,3 @@ Actions
-------
- ARM Resource Actions (see :ref:`azure_genericarmaction`)
-Example Policies
-----------------
-
-This set of policies will mark all ARM resources for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
-
-
-.. code-block:: yaml
-
- policies:
- - name: mark-test-armresources-for-deletion
- resource: azure.armresource
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-armresources
- resource: azure.armresource
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
diff --git a/docs/source/azure/policy/resources/batch.rst b/docs/source/azure/policy/resources/batch.rst
index 22ac9d65c41..f3c8abce77d 100644
--- a/docs/source/azure/policy/resources/batch.rst
+++ b/docs/source/azure/policy/resources/batch.rst
@@ -18,28 +18,16 @@ Actions
Example Policies
----------------
-This set of policies will mark all Batch Accounts for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This set of policies will find all Azure Batch services that have more than 100 cores as the limit for the dedicated core quota.
.. code-block:: yaml
policies:
- - name: mark-test-batch-for-deletion
+ - name: find-batch-with-high-dedicated-cores
resource: azure.batch
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-batch
- resource: azure.batch
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
\ No newline at end of file
+ resource: azure.batch
+ filters:
+ - type: value
+ key: properties.dedicatedCoreQuota
+ op: gt
+ value: 100
\ No newline at end of file
diff --git a/docs/source/azure/policy/resources/cognitiveservices.rst b/docs/source/azure/policy/resources/cognitiveservices.rst
index f5e17156f2e..56b11008aef 100644
--- a/docs/source/azure/policy/resources/cognitiveservices.rst
+++ b/docs/source/azure/policy/resources/cognitiveservices.rst
@@ -19,38 +19,12 @@ Actions
Example Policies
----------------
-This set of policies will mark all Cognitive Services accounts for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This policy will find all Cognitive Service accounts with 1000 or more total errors over the 72 hours
.. code-block:: yaml
policies:
- - name: mark-test-cogserv-for-deletion
- resource: azure.cognitiveservice
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-cogserv
- resource: azure.cognitiveservice
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all Cognitive Service accounts with 1000 or more total errors over the 72 hours and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-cogserv-many-failures
+ - name: cogserv-many-failures
resource: azure.cognitiveservice
filters:
- type: metric
@@ -59,13 +33,3 @@ This policy will find all Cognitive Service accounts with 1000 or more total err
aggregation: total
threshold: 1000
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Cognitive Services with Errors
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/cosmosdb.rst b/docs/source/azure/policy/resources/cosmosdb.rst
index 8d9e658d386..91f45cfc18b 100644
--- a/docs/source/azure/policy/resources/cosmosdb.rst
+++ b/docs/source/azure/policy/resources/cosmosdb.rst
@@ -19,38 +19,12 @@ Actions
Example Policies
----------------
-This set of policies will mark all CosmosDB for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This policy will find all CosmosDB with 1000 or less total requests over the last 72 hours
.. code-block:: yaml
policies:
- - name: mark-test-cosmosdb-for-deletion
- resource: azure.cosmosdb
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-marked-cosmosdbs
- resource: azure.cosmosdb
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all CosmosDB with 1000 or less total requests over the last 72 hours and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-cosmosdb-inactive
+ - name: cosmosdb-inactive
resource: azure.cosmosdb
filters:
- type: metric
@@ -59,13 +33,3 @@ This policy will find all CosmosDB with 1000 or less total requests over the las
aggregation: total
threshold: 1000
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Inactive CosmosDB
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/datafactory.rst b/docs/source/azure/policy/resources/datafactory.rst
index c64d8192728..5069c85f03b 100644
--- a/docs/source/azure/policy/resources/datafactory.rst
+++ b/docs/source/azure/policy/resources/datafactory.rst
@@ -19,38 +19,12 @@ Actions
Example Policies
----------------
-This set of policies will mark all Data Factories for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This policy will find all Data Factories with 10 or more failures in pipeline runs over the last 72 hours
.. code-block:: yaml
policies:
- - name: mark-test-datafactories-for-deletion
- resource: azure.datafactory
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-datafactories
- resource: azure.datafactory
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all Data Factories with 10 or more failures in pipeline runs over the last 72 hours and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-datafactory-dropping-messages
+ - name: datafactory-dropping-messages
resource: azure.datafactory
filters:
- type: metric
@@ -59,13 +33,3 @@ This policy will find all Data Factories with 10 or more failures in pipeline ru
aggregation: total
threshold: 10
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Datafactory Pipeline Failing
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/datalake.rst b/docs/source/azure/policy/resources/datalake.rst
index 0ff908b6869..ba0fdb86728 100644
--- a/docs/source/azure/policy/resources/datalake.rst
+++ b/docs/source/azure/policy/resources/datalake.rst
@@ -24,7 +24,7 @@ This policy will find all Datalake Stores with one million or more write request
.. code-block:: yaml
policies:
- - name: notify-datalake-busy
+ - name: datalake-busy
resource: azure.datalake
filters:
- type: metric
@@ -33,13 +33,3 @@ This policy will find all Datalake Stores with one million or more write request
aggregation: total
threshold: 1000000
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Busy Datalake Stores
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/disk.rst b/docs/source/azure/policy/resources/disk.rst
index 2b96e3fedb7..49838554484 100644
--- a/docs/source/azure/policy/resources/disk.rst
+++ b/docs/source/azure/policy/resources/disk.rst
@@ -31,29 +31,3 @@ Deletes all disks that are currently not being managed by a VM
value: null
actions:
- type: delete
-
-This set of policies will mark all disks for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
-
-.. code-block:: yaml
-
- policies:
- - name: mark-test-disk-for-deletion
- resource: azure.disk
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-disk
- resource: azure.disk
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
diff --git a/docs/source/azure/policy/resources/iothub.rst b/docs/source/azure/policy/resources/iothub.rst
index be0408b0192..009a0a5b2a7 100644
--- a/docs/source/azure/policy/resources/iothub.rst
+++ b/docs/source/azure/policy/resources/iothub.rst
@@ -19,38 +19,12 @@ Actions
Example Policies
----------------
-This set of policies will mark all IoT Hubs for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This policy will find all IoT Hubs with 1000 or more dropped messages over the last 72 hours
.. code-block:: yaml
policies:
- - name: mark-test-iothubs-for-deletion
- resource: azure.iothub
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-iothubs
- resource: azure.iothub
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all IoT Hubs with 1000 or more dropped messages over the last 72 hours and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-iothubs-dropping-messages
+ - name: iothubs-dropping-messages
resource: azure.iothub
filters:
- type: metric
@@ -59,13 +33,3 @@ This policy will find all IoT Hubs with 1000 or more dropped messages over the l
aggregation: total
threshold: 1000
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: IOT Hubs Dropping Messages
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/keyvault.rst b/docs/source/azure/policy/resources/keyvault.rst
index 74b735876ed..f505acc67ae 100644
--- a/docs/source/azure/policy/resources/keyvault.rst
+++ b/docs/source/azure/policy/resources/keyvault.rst
@@ -39,38 +39,12 @@ Actions
Example Policies
----------------
-This set of policies will mark all Key Vaults for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This policy will find all KeyVaults with 10 or less API Hits over the last 72 hours
.. code-block:: yaml
policies:
- - name: mark-test-keyvaults-for-deletion
- resource: azure.keyvault
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-keyvaults
- resource: azure.keyvault
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all KeyVaults with 10 or less API Hits over the last 72 hours and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-inactive-keyvaults
+ - name: inactive-keyvaults
resource: azure.keyvault
filters:
- type: metric
@@ -79,16 +53,6 @@ This policy will find all KeyVaults with 10 or less API Hits over the last 72 ho
aggregation: total
threshold: 10
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Inactive Key Vault
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
This policy will find all KeyVaults with an access of Service Principals not in the white list that exceed read-only access
diff --git a/docs/source/azure/policy/resources/loadbalancer.rst b/docs/source/azure/policy/resources/loadbalancer.rst
index e4b71601487..3671863464b 100644
--- a/docs/source/azure/policy/resources/loadbalancer.rst
+++ b/docs/source/azure/policy/resources/loadbalancer.rst
@@ -38,7 +38,7 @@ This policy will filter load balancers with an ipv6 frontend public IP
value_type: normalize
value: "ipv6"
-This policy will find all load balancers with 1000 or less transmitted packets over the last 72 hours and notify user@domain.com
+This policy will find all load balancers with 1000 or less transmitted packets over the last 72 hours
.. code-block:: yaml
@@ -52,13 +52,3 @@ This policy will find all load balancers with 1000 or less transmitted packets o
aggregation: total
threshold: 1000
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Inactive Load Balancer
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/networkinterface.rst b/docs/source/azure/policy/resources/networkinterface.rst
index 8a608f20a88..31ba39dc64d 100644
--- a/docs/source/azure/policy/resources/networkinterface.rst
+++ b/docs/source/azure/policy/resources/networkinterface.rst
@@ -10,10 +10,11 @@ Filters
- ARM Resource Filters (see :ref:`azure_genericarmfilter`)
- Tag Filter - Filter on tag presence and/or values
- Marked-For-Op Filter - Filter on tag that indicates a scheduled operation for a resource
-- ``effective-route-table`` - Filter based on Effective Routes associated with network interfaces such as route names, next hops.
+- ``effective-route-table``
+ - Filter based on Effective Routes associated with network interfaces such as route names, next hops.
- Network Interfaces must be attached to a virtual machine and the virtual machine must be powered on.
- .. c7n-schema:: EffectiveRouteTableFilter
+ .. c7n-schema:: EffectiveRouteTableFilter
:module: c7n_azure.resources.network_interface
Actions
@@ -23,32 +24,6 @@ Actions
Example Policies
----------------
-This policy will mark all Network Interfaces for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
-
-.. code-block:: yaml
-
- policies:
- - name: mark-test-networkinterface-for-deletion
- resource: azure.networkinterface
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-networkinterface
- resource: azure.networkinterface
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
This policy will get Network Interfaces that have User added routes.
.. code-block:: yaml
diff --git a/docs/source/azure/policy/resources/publicip.rst b/docs/source/azure/policy/resources/publicip.rst
index e454faf8888..820ce07511d 100644
--- a/docs/source/azure/policy/resources/publicip.rst
+++ b/docs/source/azure/policy/resources/publicip.rst
@@ -19,38 +19,12 @@ Actions
Example Policies
----------------
-This set of policies will mark all public IP addresses for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This policy will find all public IP addresses under DDoS attack over the last 72 hours
.. code-block:: yaml
policies:
- - name: mark-test-public-ip-for-deletion
- resource: azure.publicip
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-publicips
- resource: azure.publicip
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all public IP addresses under DDoS attack over the last 72 hours and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-publicip-dropping-packets
+ - name: publicip-dropping-packets
resource: azure.publicip
filters:
- type: metric
@@ -59,13 +33,3 @@ This policy will find all public IP addresses under DDoS attack over the last 72
aggregation: maximum
threshold: 0
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 1
- subject: Public IP Under DDoS Attack
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/redis.rst b/docs/source/azure/policy/resources/redis.rst
index e7a3e7c800c..e06cc1e152f 100644
--- a/docs/source/azure/policy/resources/redis.rst
+++ b/docs/source/azure/policy/resources/redis.rst
@@ -24,7 +24,7 @@ This policy will find all Redis caches with more than 1000 cache misses in the l
.. code-block:: yaml
policies:
- - name: notify-redis-cache-misses
+ - name: redis-cache-misses
resource: azure.redis
filters:
- type: metric
@@ -33,13 +33,3 @@ This policy will find all Redis caches with more than 1000 cache misses in the l
aggregation: count
threshold: 1000
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Many Cache Misses
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/resourcegroup.rst b/docs/source/azure/policy/resources/resourcegroup.rst
index c2bfd56ff49..0923b24f719 100644
--- a/docs/source/azure/policy/resources/resourcegroup.rst
+++ b/docs/source/azure/policy/resources/resourcegroup.rst
@@ -40,29 +40,3 @@ This policy will delete all empty resource groups
- type: empty-group
actions:
- type: delete
-
-This set of policies will mark all resource groups for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
-
-.. code-block:: yaml
-
- policies:
- - name: mark-test-groups-for-deletion
- resource: azure.resourcegroup
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-resource-groups
- resource: azure.resourcegroup
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
diff --git a/docs/source/azure/policy/resources/sqldatabase.rst b/docs/source/azure/policy/resources/sqldatabase.rst
index e4045ab9cd2..273d7593f82 100644
--- a/docs/source/azure/policy/resources/sqldatabase.rst
+++ b/docs/source/azure/policy/resources/sqldatabase.rst
@@ -14,16 +14,18 @@ Filters
- Metric Filter - Filter on metrics from Azure Monitor - (see `SQL Server Supported Metrics `_)
- Tag Filter - Filter on tag presence and/or values
- Marked-For-Op Filter - Filter on tag that indicates a scheduled operation for a resource
-- Short Term Backup Retention Policy Filter
+
+- ``short-term-backup-retention-policy``
- Filter on the retention period (in days) of the database's short term backup retention policy.
- more info on `Short Term Backups `_
- If there is no short term backup retention policy set on the database, it is treated as if the retention is zero days.
- The default comparison operation is `eq`
-.. c7n-schema:: ShortTermBackupRetentionPolicyFilter
- :module: c7n_azure.resources.sqldatabase
+ .. c7n-schema:: ShortTermBackupRetentionPolicyFilter
+ :module: c7n_azure.resources.sqldatabase
+
-- Long Term Backup Retention Policy Filter
+- ``long-term-backup-retention-policy``
- Filter on the retention period of the database's long term backup retention policy.
- more info on `Long Term Backups `_
- If the specified backup type has not been set on the resource, it is treated as if the retention period is zero.
@@ -31,8 +33,8 @@ Filters
- The `azure.sqldatabase` resource will only get through the filter if the `retention-period-units` field matches the units specified in the actual long term backup retention policy.
- Example: if the filter is looking for backups less than 1 year, and the retention policy is set to 6 months, then the database will not get through the filter because there is a unit mismatch.
-.. c7n-schema:: LongTermBackupRetentionPolicyFilter
- :module: c7n_azure.resources.sqldatabase
+ .. c7n-schema:: LongTermBackupRetentionPolicyFilter
+ :module: c7n_azure.resources.sqldatabase
Actions
-------
diff --git a/docs/source/azure/policy/resources/sqlserver.rst b/docs/source/azure/policy/resources/sqlserver.rst
index 6d8b667443c..d09b4c01315 100644
--- a/docs/source/azure/policy/resources/sqlserver.rst
+++ b/docs/source/azure/policy/resources/sqlserver.rst
@@ -11,9 +11,11 @@ Filters
- Metric Filter - Filter on metrics from Azure Monitor - (see `SQL Server Supported Metrics `_)
- Tag Filter - Filter on tag presence and/or values
- Marked-For-Op Filter - Filter on tag that indicates a scheduled operation for a resource
-- Firewall Rules Filter (see :ref:`azure_filters`)
- .. c7n-schema:: SqlServerFirewallRulesFilter
+- ``firewall-rules``
+ Firewall Rules Filter (see :ref:`azure_filters`)
+
+ .. c7n-schema:: SqlServerFirewallRulesFilter
:module: c7n_azure.resources.sqlserver
Actions
@@ -22,39 +24,12 @@ Actions
Example Policies
----------------
-
-This set of policies will mark all SQL servers for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
-
-.. code-block:: yaml
-
- policies:
- - name: mark-test-sql-servers-for-deletion
- resource: azure.sqlserver
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-sqlservers
- resource: azure.sqlserver
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all SQL servers with average DTU consumption under 10 percent over the last 72 hours and notify user@domain.com
+This policy will find all SQL servers with average DTU consumption under 10 percent over the last 72 hours
.. code-block:: yaml
policies:
- - name: notify-sqlserver-under-utilized
+ - name: sqlserver-under-utilized
resource: azure.sqlserver
filters:
- type: metric
@@ -65,16 +40,6 @@ This policy will find all SQL servers with average DTU consumption under 10 perc
timeframe: 72
filter: "ElasticPoolResourceId eq '*'"
no_data_action: include
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Under-utilized SQL Server
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
This policy will find all SQL servers without any firewall rules defined.
diff --git a/docs/source/azure/policy/resources/storage.rst b/docs/source/azure/policy/resources/storage.rst
index d3e794e7853..0885bd19d81 100644
--- a/docs/source/azure/policy/resources/storage.rst
+++ b/docs/source/azure/policy/resources/storage.rst
@@ -11,7 +11,8 @@ Filters
- Metric Filter - Filter on metrics from Azure Monitor - (see `Storage Account Supported Metrics `_)
- Tag Filter - Filter on tag presence and/or values
- Marked-For-Op Filter - Filter on tag that indicates a scheduled operation for a resource
-- Firewall Rules Filter (see :ref:`azure_filters`)
+
+- ``firewall-rules`` Firewall Rules Filter (see :ref:`azure_filters`)
.. c7n-schema:: StorageFirewallRulesFilter
:module: c7n_azure.resources.storage
@@ -34,54 +35,5 @@ Actions
Example Policies
----------------
+- :ref:`azure_examples_add_firewall_rules_to_storage`
-This set of policies will mark all storage accounts for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
-
-.. code-block:: yaml
-
- policies:
- - name: mark-test-storage-for-deletion
- resource: azure.storage
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-storage
- resource: azure.storage
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all Storage Accounts with 100 or less transactions over the 72 hours and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-storage-dropping-messages
- resource: azure.storage
- filters:
- - type: metric
- metric: Transactions
- op: le
- aggregation: total
- threshold: 100
- timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Inactive Storage Account
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/vm.rst b/docs/source/azure/policy/resources/vm.rst
index 4ba3795f61b..dbe8a528505 100644
--- a/docs/source/azure/policy/resources/vm.rst
+++ b/docs/source/azure/policy/resources/vm.rst
@@ -124,12 +124,12 @@ Find all VMs with a Public IP address
key: 'properties.ipConfigurations[].properties.publicIPAddress.id'
value: not-null
-This policy will find all VMs that have Percentage CPU usage >= 75% over the last 72 hours and notify user@domain.com
+This policy will find all VMs that have Percentage CPU usage >= 75% over the last 72 hours
.. code-block:: yaml
policies:
- - name: notify-busy-vms
+ - name: busy-vms
resource: azure.vm
filters:
- type: metric
@@ -138,23 +138,13 @@ This policy will find all VMs that have Percentage CPU usage >= 75% over the las
aggregation: average
threshold: 75
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Busy VMs
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
-
-This policy will find all VMs that have Percentage CPU usage <= 1% over the last 72 hours, mark for deletion in 7 days and notify user@domain.com
+
+This policy will find all VMs that have Percentage CPU usage <= 1% over the last 72 hours, mark for deletion in 7 days
.. code-block:: yaml
policies:
- - name: notify-busy-vms
+ - name: delete-unused-vms
resource: azure.vm
filters:
- type: metric
@@ -167,12 +157,3 @@ This policy will find all VMs that have Percentage CPU usage <= 1% over the last
- type: mark-for-op
op: delete
days: 7
- - type: notify
- template: default
- priority_header: 2
- subject: VMs to be Deleted in 7 Days
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
diff --git a/docs/source/azure/policy/resources/vmss.rst b/docs/source/azure/policy/resources/vmss.rst
index 5dea0240782..90a411a8176 100644
--- a/docs/source/azure/policy/resources/vmss.rst
+++ b/docs/source/azure/policy/resources/vmss.rst
@@ -18,28 +18,15 @@ Actions
Example Policies
----------------
-This set of policies will mark all VM Scale Sets for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This set of policies will find all VM Scale Sets that are set to overprovision.
.. code-block:: yaml
policies:
- - name: mark-test-vmscaleset-for-deletion
+ - name: find-vmss-overprovision-true
resource: azure.vmss
filters:
- type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-vmscaleset
- resource: azure.vmss
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
\ No newline at end of file
+ key: properties.overprovision
+ op: equal
+ value: True
\ No newline at end of file
diff --git a/docs/source/azure/policy/resources/vnet.rst b/docs/source/azure/policy/resources/vnet.rst
index afe85c01453..dc0764258b4 100644
--- a/docs/source/azure/policy/resources/vnet.rst
+++ b/docs/source/azure/policy/resources/vnet.rst
@@ -18,28 +18,15 @@ Actions
Example Policies
----------------
-This set of policies will mark all Virtual Networks for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This set of policies will find all Virtual Networks that do not have DDOS protection enabled.
.. code-block:: yaml
policies:
- - name: mark-test-vnet-for-deletion
+ - name: find-vnets-ddos-protection-disabled
resource: azure.vnet
filters:
- type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-vnet
- resource: azure.vnet
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
+ key: properties.enableDdosProtection
+ op: equal
+ value: False
diff --git a/docs/source/azure/policy/resources/webapp.rst b/docs/source/azure/policy/resources/webapp.rst
index 1dcd0fee224..7bc70b9d2ad 100644
--- a/docs/source/azure/policy/resources/webapp.rst
+++ b/docs/source/azure/policy/resources/webapp.rst
@@ -19,38 +19,12 @@ Actions
Example Policies
----------------
-This set of policies will mark all web apps for deletion in 7 days that have 'test' in name (ignore case),
-and then perform the delete operation on those ready for deletion.
+This policy will find all web apps with 10 or less requests over the last 72 hours
.. code-block:: yaml
policies:
- - name: mark-test-webapp-for-deletion
- resource: azure.webapp
- filters:
- - type: value
- key: name
- op: in
- value_type: normalize
- value: test
- actions:
- - type: mark-for-op
- op: delete
- days: 7
- - name: delete-test-webapp
- resource: azure.webapp
- filters:
- - type: marked-for-op
- op: delete
- actions:
- - type: delete
-
-This policy will find all web apps with 10 or less requests over the last 72 hours, mark for deletion and notify user@domain.com
-
-.. code-block:: yaml
-
- policies:
- - name: notify-webapp-dropping-messages
+ - name: webapp-dropping-messages
resource: azure.webapp
filters:
- type: metric
@@ -63,22 +37,13 @@ This policy will find all web apps with 10 or less requests over the last 72 hou
- type: mark-for-op
op: delete
days: 7
- - type: notify
- template: default
- priority_header: 2
- subject: Inactive Web Apps to be Deleted in 7 Days
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename
-This policy will find all web apps with 1000 or more server errors over the last 72 hours and notify user@domain.com
+This policy will find all web apps with 1000 or more server errors over the last 72 hours
.. code-block:: yaml
policies:
- - name: notify-webapp-dropping-messages
+ - name: webapp-high-error-count
resource: azure.webapp
filters:
- type: metric
@@ -87,13 +52,3 @@ This policy will find all web apps with 1000 or more server errors over the last
aggregation: total
threshold: 1000
timeframe: 72
- actions:
- - type: notify
- template: default
- priority_header: 2
- subject: Web Apps with Many Server Errors
- to:
- - user@domain.com
- transport:
- - type: asq
- queue: https://accountname.queue.core.windows.net/queuename