Limit maximum VM to be created in one region

sid 101 Reputation points
2023-01-13T03:56:04.14+00:00

I want to restrict maximum VM creation in particular Azure Region what policy we can use to fulfill this requirement. Any VM beyond set limit need to be denied.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
372 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
508 questions
No comments
{count} votes

Accepted answer
  1. Andrew Dello Stritto 85 Reputation points Microsoft Employee
    2023-01-13T04:40:01.3266667+00:00

    To create a custom policy to restrict the maximum number of VMs in a specific region:

    1. In the Azure Portal, navigate to the Azure Policy service.
    2. Click on the "+ Policy definition" button to create a new policy definition.
    3. In the "Basics" tab, give the policy a name and select "Custom" as the policy type.
    4. In the "Policy rule" tab, you can use the built-in policy function "count" to check the number of VMs in a specific region. You can use a condition like this:
    Copy code
    count(resourceId, 'Microsoft.Compute/virtualMachines', 'West US') > 10
    

    This will check for more than 10 VMs in the region "West US"

    1. In the "Effect" tab, select "Deny" to prevent the creation of new VMs in that region.
    2. Click on the "Create" button to create the policy.
    3. After creating the policy, you need to assign it to the management group or subscription where you want it to take effect.

    You can use Azure Policy initiative to manage multiple policies at once.

    Also, you can use Azure Quotas to restrict the number of resources that can be created in a subscription, by using Azure Quotas you can limit the number of VMs that can be created in a subscription, and you can also assign different quotas to different subscriptions or management groups.
    [https://learn.microsoft.com/en-us/azure/governance/policy/overview


0 additional answers

Sort by: Most helpful