Share via

How to Enforce a Tag With a Predefined Value

PhrygianMode 20 Reputation points
2024-02-02T18:31:12.1933333+00:00

I want an Azure policy in place that requires all new resources to have an "Environment" tag. With that tag I only want there to be three acceptable values: Test, Prod and Dev. If the value doesn't meet the predefined value, it fails validation. Does anyone know how to achieve this, or how to create a tagging policy that will enforce a tag with predefined values?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
819 questions
0 comments
Accepted answer
  1. SwathiDhanwada-MSFT 18,456 Reputation points
    2024-02-05T10:58:20.06+00:00

    @PhrygianMode Here is a sample azure policy to enforce a tag with pre-defined values. Kindly check and tweak it based on your requirement.

    {
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "not": {
        "field": "[concat('tags[', parameters('tagName'), ']')]",
        "in": "[parameters('tagValue')]"
      }
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {
    "tagName": {
      "type": "String",
      "metadata": {
        "displayName": "Tag Name",
        "description": "Name of the tag, such as 'environment'"
      }
    },
    "tagValue": {
      "type": "Array",
      "metadata": {
        "displayName": "Tag Value",
        "description": "Value of the tag, such as 'production'"
      },
      "allowedValues": [
        "Dev",
        "Test",
        "Prod"
      ]
    }
  }
}
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest