How to Create an Azure Policy Assignment for a Storage Account to Restrict SKUs

Introduction 

Azure Policy allows you to create, assign and manage policies. These policies enforce different rules and effects over your resources, so the resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.

Click here to learn more about Azure Policy.

In this blog, you will see how to create an Azure Policy Assignment for a storage account to restrict SKUs using PowerShell.

Prerequisites

Install Azure PowerShell Module to run the script.

PowerShell Script

Open Notepad and paste the following script. Save the file as script.ps1.

  1. ## Input Parameters  
  2. $resourceGroupName="azpractice"  
  3. $policyDefName="Allowed storage account SKUs"  
  4. $policyAsgnName="Restrict Storage Account SKU"  
  5.  
  6. ## Connect to Azure Account  
  7. Connect-AzAccount   
  8.  
  9. ## Function create policy assignment to restrict storage account SKU  
  10. Function CreatePolicyAssignment  
  11. {  
  12.     Write-Host -ForegroundColor Green "Creating policy assignment.."    
  13.     ## Get the resource group  
  14.     $resourceGroup = Get-AzResourceGroup -Name $resourceGroupName  
  15.     ## Get the policy definfition  
  16.     $policy = Get-AzPolicyDefinition -BuiltIn | Where-Object {$_.Properties.DisplayName -eq $policyDefName}  
  17.     ## Policy Parameters  
  18.     $allowedLocations = @{'listofAllowedSKUs'='Standard_GRS','Standard_LRS''Standard_ZRS'}  
  19.     ## Create policy assignment  
  20.     New-AzPolicyAssignment -Name $policyAsgnName -PolicyDefinition $policy -Scope $resourceGroup.ResourceId -PolicyParameterObject $allowedLocations  
  21. }  
  22.   
  23. CreatePolicyAssignment   
  24.  
  25. ## Disconnect from Azure Account  
  26. Disconnect-AzAccount   

Open the Windows PowerShell window and navigate to the location where the script file was saved.

Run the following command.

.\script.ps1

Summary

Thus, in this blog, you saw how to create an Azure Policy Assignment for a storage account to restrict SKUs using PowerShell.