In a cloud environment, where multiple users are accessing and managing cloud resources, there’s always the possibility of human error. 99% of cloud breaches will be caused by user error. Stop just putting your security policy on paper. This article will provide you with an overview of Azure Policy and how to create Azure policy to help govern your Azure environment.
What is Azure Policy?
- Azure Policy is a service that allows you to define policies that implement and control a resource’s properties.
- It is a free feature in Azure that allows you to create policies and assign them to the resources. If these policies are not met, you receive alerts, and you can take action on those alerts.
- Azure Policy can be used to build a custom validation layer against deployments to prevent deviations from customer-defined rules. A minimal amount of extensibility is possible, and it is not a general-purpose Azure rules engine.
Benefits of Azure policy:
- It is a set of guardrails around all your resources to ensure cloud compliance, prevent misconfigurations, and follow a uniform resource governance plan.
- Having all your compliance data in one place will reduce the time you need to audit your environments.
- By implementing policies at the core of the Azure platform, you will be able to increase developer productivity and reduce external approval processes.
- You can control your cloud spending by controlling and optimizing it with the help of Azure policy.
During this lab we will :
- Set up an Allowed Locations Azure policy that only allows resources to be created in Canada, Canada East, and Canada central region.
- Test that only the Allowed location is used for resource creation; if the resource region is other than Canada, it should throw an error as per Azure policy definition.
Let’s see how to create an azure policy
- Login to azure portal https://portal.azure.com
- In All services, search for Policy and click on it.
Alternatively, you can search Policy in the Azure portal search directly and open the Policy blade.
- Now go to Authoring and click Assignment, then on Assignment, click on Assign policy.
- On Assign policy blade under the basic select policy definition
- On this page, Search for Location and select Allowed locations to create Azure policy definition.
- Back to assign a policy, here you will see all details are already filled, leave the rest of the tabs as a default and click on the Parameters tab.
- On this blade, Select Allowed Locations to select the desired location as per the requirement here we have selected Canada, Canada Central, and Canada East, this means that the resources can only be created in these 3 regions.
- Click on review+create. After validation completes, click on Create.
- Once the policy is created successfully, you can see the same under Assignment blade.
- In All services blade search for and select storage account
- On Storage, account blade, click on +create and fill all details in Basic tab as shown in below picture now let’s test the Location policy by creating a storage accountTo know more about the Storage account and the creation of a storage account, you can check out our lab on how to create a storage account here. For now, please perform the below steps to create a storage account.
In the above picture, you can see that it gives us an error as a POLICY VIOLATION because the region is selected as (US) EAST US; however, we have created the azure policy that only allows Canada, Canada central and Canada east location. This means that the azure policy for location is working fine.
- Now to fix this, change it to Canada as per policy and see it will remove the policy violation error, and you can easily create the storage account now.
Congratulations!! We Finished the step of creating an Azure policy and tested it successfully.
I hope this blog post was helpful in understanding the process of how to create an Azure Policy with 10 easy steps. Now that you have a better understanding, you can create lot many policies like this in your azure portal and assign them to various resources to implement your organizational standards and compliance rules. Let us know if we can help you get started! To learn more on cloud computing check out our other blogs and specially designed courses.
Thanks for reading. I hope you enjoyed it. Our team will continue to provide ways to leverage Azure concepts!