I have create one name pattern policy assignment, policy definition for vnet and another policy assignment, policy definition for subnet.
name pattern policy working only for vnet, but subnet name patter policy not working.
Here i attached my terrform script in .txt file
# Define Azure Policy Definition
resource "azurerm_policy_definition" "subnetpolicy" {
name = "subnet-Naming-Convention"
policy_type = "Custom"
mode = "Indexed"
display_name = "Subnet_Naming_Convention"
metadata = <<METADATA
{
"category": "Naming"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf":[
{
"not":{
"field":"name",
"match":"[parameters('namePattern')]"
}
},
{
"field": "type",
"equals": "Microsoft.Network/virtualNetworks/subnets"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
parameters = <<PARAMETERS
{
"namePattern":{
"type": "String",
"metadata":{
"displayName": "namePattern",
"description": "? for letter, # for numbers"
}
}
}
PARAMETERS
}
# Define Azure Policy Assignment
resource "azurerm_policy_assignment" "subnetpolicy-assignment" {
name = "Naming-Convention-Assignment-Subnet"
scope = var.scope
policy_definition_id = azurerm_policy_definition.subnetpolicy.id
description = "Naming convention for subnet"
display_name = "Naming-Convention-Assignment-For-Subnet"
parameters = <<PARAMETERS
{
"namePattern": {
"value": "snet-${var.env}-??????-###"
}
}
PARAMETERS
}
# Define Azure Policy Definition
resource "azurerm_policy_definition" "vnetpolicy" {
name = "Virtual-Network-Naming-Convention"
policy_type = "Custom"
mode = "Indexed"
display_name = "Virtual_Network_Naming_Convention"
metadata = <<METADATA
{
"category": "Naming"
}
METADATA
policy_rule = <<POLICY_RULE
{
"if": {
"allOf":[
{
"not":{
"field":"name",
"match":"[parameters('namePattern')]"
}
},
{
"field": "type",
"equals": "Microsoft.Network/VirtualNetworks"
}
]
},
"then": {
"effect": "deny"
}
}
POLICY_RULE
parameters = <<PARAMETERS
{
"namePattern":{
"type": "String",
"metadata":{
"displayName": "namePattern",
"description": "? for letter, # for numbers"
}
}
}
PARAMETERS
}
# Define Azure Policy Assignment
resource "azurerm_policy_assignment" "vnetpolicy-assignment" {
name = "Naming-Convention-Assignment-For-Vnet"
scope = var.scope
policy_definition_id = azurerm_policy_definition.vnetpolicy.id
description = "Naming convention for Vnet"
display_name = "Naming-Convention-Assignment-For-Virtual-Network"
parameters = <<PARAMETERS
{
"namePattern": {
"value": "vnet-????-????-###"
}
}
PARAMETERS
}
48603-mainvnet.txt