Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
azuredeploy.json
azurepolicy.parameters.json
azurepolicy.rules.json

README.md

Audit and deploy Resource Locks on Resource Groups based on Tags

Deploy Resource Locks CanNotDelete to Resource Groups that have a specific Tag. Within this Policy, you sepcify the Tag Name and Tag Value that will be used for identifying the Resource Groups to audit and deploy to.

Try in the Azure Portal

Deploy to Azure

Try with PowerShell

$definition = New-AzPolicyDefinition -Name "deploy-resourceGroup-resourceLocks" -DisplayName "Audit and deploy Resource Locks on Resource Groups based on Tags" -description "Audits and remediates all Resource Groups that have a specific Tag, for the CanNotDelete Resource Lock." -Policy 'https://raw.githubusercontent.com/stefanrothnet/azure-policy/master/deploy-resourceGroup-resourceLocks/azurepolicy.rules.json' -Parameter 'https://raw.githubusercontent.com/stefanrothnet/azure-policy/master/deploy-resourceGroup-resourceLocks/azurepolicy.parameters.json' -Mode All
$definition
$assignment = New-AzPolicyAssignment -Name <assignmentname> -Scope <scope> -tagName <tagName> -tagValue <tagValue> -PolicyDefinition $definition
$assignment 

Try with CLI

az policy definition create --name 'deploy-resourceGroup-resourceLocks' --display-name 'Audit and deploy Resource Locks on Resource Groups based on Tags' --description 'Audits and remediates all Resource Groups that have a specific Tag, for the CanNotDelete Resource Lock.' --rules 'https://raw.githubusercontent.com/stefanrothnet/azure-policy/master/deploy-resourceGroup-resourceLocks/azurepolicy.rules.json' --params 'https://raw.githubusercontent.com/stefanrothnet/azure-policy/master/deploy-resourceGroup-resourceLocks/azurepolicy.parameters.json' --mode All

az policy assignment create --name <assignmentname> --scope <scope> --policy "deploy-resourceGroup-resourceLocks" 
You can’t perform that action at this time.