Create an azure policy to apply multiple tags on multiple azure resource types, where tagname and tagvalues will be input of type an array of objects, If tags doesn't exists on the resource

Question

Create an azure policy to apply multiple tags on multiple azure resource types, where tagname and tagvalues will be input of type an array of objects, If tags doesn't exists on the resource

I am trying to create a policy definition for adding multiple tags, where tag name and tag values will be input of type an array of objects.
if any tags in the array are missing for the resource, those tags must me added on already existing resources.

SwathiDhanwada-MSFT 18,996 Reputation points Moderator

2023-05-24T04:28:19.22+00:00

@Prarthan Jain (L&T INFOTECH LIMITED) Did you get chance to look into my previous comment? Kindly revert if you have further questions.
SwathiDhanwada-MSFT 18,996 Reputation points Moderator

2023-05-25T06:26:48.6833333+00:00

@Prarthan Jain (L&T INFOTECH LIMITED) Hope the information provided is helpful.

If this answers your query, do click "Accept as Answer" and click "Yes" for the same, which might be beneficial to other community members reading this thread. If you have further questions, kindly revert with further information so that we can assist you accordingly.

1 answer

Your answer

SwathiDhanwada-MSFT 18,996 Reputation points Moderator

2023-05-24T04:28:19.22+00:00

@Prarthan Jain (L&T INFOTECH LIMITED) Did you get chance to look into my previous comment? Kindly revert if you have further questions.
SwathiDhanwada-MSFT 18,996 Reputation points Moderator

2023-05-25T06:26:48.6833333+00:00

@Prarthan Jain (L&T INFOTECH LIMITED) Hope the information provided is helpful.

If this answers your query, do click "Accept as Answer" and click "Yes" for the same, which might be beneficial to other community members reading this thread. If you have further questions, kindly revert with further information so that we can assist you accordingly.

Answer 1

@Prarthan Jain (L&T INFOTECH LIMITED) Welcome to Microsoft Q & A Community Forum. Here is a sample policy for your reference. This policy checks whether tags which are part of arrays exists or not. If it does not exist, it automatically adds the tag name and tag value to the resource. If the tag exists but value is not expected, it shows as non-compliant and you can remediate by creating remediation task.

{
	"mode": "All",
	"policyRule": {
		"if": {
			"allOf": [
				{
					"field": "type",
					"in": [
						"Microsoft.Compute/virtualMachines",
						"Microsoft.Storage/storageAccounts",
						"Microsoft.Network/networkInterfaces"
					]
				},
				{
					"anyOf": [
						{
							"not": {
								"field": "[concat('tags[', parameters('tags')[0].tagName, ']')]",
								"exists": "true"
							}
						},
						{
							"not": {
								"field": "[concat('tags[', parameters('tags')[1].tagName, ']')]",
								"exists": "true"
							}
						}
					]
				}
			]
		},
		"then": {
			"effect": "modify",
			"details": {
				"roleDefinitionIds": [
					"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
				],
				"operations": [
					{
						"operation": "addOrReplace",
						"field": "[concat('tags[', parameters('tags')[0].tagName, ']')]",
						"value": "[parameters('tags')[0].tagValue]"
					},
					{
						"operation": "addOrReplace",
						"field": "[concat('tags[', parameters('tags')[1].tagName, ']')]",
						"value": "[parameters('tags')[1].tagValue]"
					}
				]
			}
		}
	},
	"parameters": {
		"tags": {
			"type": "Array",
			"metadata": {
				"displayName": "tags",
				"description": "The tags to apply to the resources."
			},
			"defaultValue": [
				{
					"tagName": "Environment",
					"tagValue": "Production"
				},
				{
					"tagName": "Department",
					"tagValue": "IT"
				}
			]
		}
	}
}

Share via

Create an azure policy to apply multiple tags on multiple azure resource types, where tagname and tagvalues will be input of type an array of objects, If tags doesn't exists on the resource

1 answer

Your answer