Enforcing Naming Convention for Resource Group via Azure Policy

@20aman    Jun 18, 2021

Having the right naming convention is very important for your environment. If you already have a naming convention defined then you should try to enforce it in your environment. One such way to do this is via Azure policy. In this post, we will look at how we can do this with a policy sample.

Sample naming convention

Let's assume that the naming convention for the Resource Groups has the below features/restrictions:

  • The name should start with "RG-"
  • The name should end with the environment i.e. dev, test, or prod
  • The name should also end with the location i.e. US East, US West, etc.

E.g. the name should be something like RG-AccoutingRecordsApp-Dev-USE to denote that the resource group is for the accounting department for some "records app". This resource group is in a dev environment and within the US East location.

Enforcing the naming convention

To enforce the naming convention we will have negative conditions so that later we can apply the deny operation to stop the resource group from even creating. Also note that all of the conditions should be met. If any of the conditions is not met then the resource group creation will fail.

Policy sample:

{
    "mode": "All",
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "anyOf": [
              {
                "field": "name",
                "notLike": "RG-*"
              },
              {
                "allOf": [
                  {
                    "field": "name",
                    "notLike": "*-DEV-USE"
                  },
                  {
                    "field": "name",
                    "notLike": "*-DEV-USW"
                  },
                  {
                    "field": "name",
                    "notLike": "*-TEST-USE"
                  },
                  {
                    "field": "name",
                    "notLike": "*-TEST-USW"
                  },
                  {
                    "field": "name",
                    "notLike": "*-PROD-USE"
                  },
                  {
                    "field": "name",
                    "notLike": "*-PROD-USW"
                  }
                ]
              }
            ]
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    },
    "parameters": {}
  }

Complete Policy Samples on GitHub

You can find the complete policy samples on the GitHub in my policy samples repository here: AzurePolicySamples - Enforcing Standards.





Comments powered by Disqus