Introduction
Azure Policy allows you to create, assign and manage policies. These policies enforce different rules and effects over your resources, so the resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.
Click here to learn more about Azure Policy.
In this blog, you will see how to create an Azure Policy Assignment for a storage account to restrict SKUs using PowerShell.
Prerequisites
Install Azure PowerShell Module to run the script.
PowerShell Script
Open Notepad and paste the following script. Save the file as script.ps1.
- ## Input Parameters
- $resourceGroupName="azpractice"
- $policyDefName="Allowed storage account SKUs"
- $policyAsgnName="Restrict Storage Account SKU"
-
- ## Connect to Azure Account
- Connect-AzAccount
-
- ## Function create policy assignment to restrict storage account SKU
- Function CreatePolicyAssignment
- {
- Write-Host -ForegroundColor Green "Creating policy assignment.."
- ## Get the resource group
- $resourceGroup = Get-AzResourceGroup -Name $resourceGroupName
- ## Get the policy definfition
- $policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.Properties.DisplayName -eq $policyDefName}
- ## Policy Parameters
- $allowedLocations = @{'listofAllowedSKUs'='Standard_GRS','Standard_LRS', 'Standard_ZRS'}
- ## Create policy assignment
- New-AzPolicyAssignment -Name $policyAsgnName -PolicyDefinition $policy -Scope $resourceGroup.ResourceId -PolicyParameterObject $allowedLocations
- }
-
- CreatePolicyAssignment
-
- ## Disconnect from Azure Account
- Disconnect-AzAccount
Open the Windows PowerShell window and navigate to the location where the script file was saved.
Run the following command.
.\script.ps1
Summary
Thus, in this blog, you saw how to create an Azure Policy Assignment for a storage account to restrict SKUs using PowerShell.