|
Policy Rule
|
{
"properties": {
"displayName": "Configure backup on VMs of a location to an existing central Vault in the same location",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "This policy configures Azure Backup protection on VMs in a given location to an existing central vault in the same location. It applies to only those VMs that are not already configured for backup. It is recommended that this policy is assigned to not more than 200 VMs. If the policy is assigned for more than 200 VMs, it can result in the backup getting triggered a few hours beyond the defined schedule. This policy will be enhanced to support more VM images.",
"metadata": {
"version": "1.0.0",
"category": "Backup"
},
"parameters": {
"vaultLocation": {
"type": "String",
"metadata": {
"displayName": "Location (Specify the location of the VMs that you want to protect)",
"description": "Specify the location of the VMs that you want to protect. VMs should be backed up to a vault in the same location.\nFor example - southeastasia",
"strongType": "location"
}
},
"backupPolicyId": {
"type": "String",
"metadata": {
"displayName": "Backup Policy (of type Azure VM from a vault in the location chosen above)",
"description": "Specify the id of the Azure backup policy to configure backup of the virtual machines. The selected Azure backup policy should be of type Azure virtual machine. This policy needs to be in a vault that is present in the location chosen above.\nFor example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/",
"strongType": "Microsoft.RecoveryServices/vaults/backupPolicies"
}
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"deployIfNotExists",
"auditIfNotExists",
"disabled"
],
"defaultValue": "deployIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "location",
"equals": "[parameters('vaultLocation')]"
},
{
"anyOf": [
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "WindowsServer"
},
{
"field": "Microsoft.Compute/imageSKU",
"in": [
"2008-R2-SP1",
"2008-R2-SP1-smalldisk",
"2012-Datacenter",
"2012-Datacenter-smalldisk",
"2012-R2-Datacenter",
"2012-R2-Datacenter-smalldisk",
"2016-Datacenter",
"2016-Datacenter-Server-Core",
"2016-Datacenter-Server-Core-smalldisk",
"2016-Datacenter-smalldisk",
"2016-Datacenter-with-Containers",
"2016-Datacenter-with-RDSH",
"2019-Datacenter",
"2019-Datacenter-Core",
"2019-Datacenter-Core-smalldisk",
"2019-Datacenter-Core-with-Containers",
"2019-Datacenter-Core-with-Containers-smalldisk",
"2019-Datacenter-smalldisk",
"2019-Datacenter-with-Containers",
"2019-Datacenter-with-Containers-smalldisk",
"2019-Datacenter-zhcn"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "WindowsServerSemiAnnual"
},
{
"field": "Microsoft.Compute/imageSKU",
"in": [
"Datacenter-Core-1709-smalldisk",
"Datacenter-Core-1709-with-Containers-smalldisk",
"Datacenter-Core-1803-with-Containers-smalldisk"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServerHPCPack"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "WindowsServerHPCPack"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftSQLServer"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2016"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2016-BYOL"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2012R2"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2012R2-BYOL"
}
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftRServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "MLServer-WS2016"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftVisualStudio"
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"VisualStudio",
"Windows"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftDynamicsAX"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "Dynamics"
},
{
"field": "Microsoft.Compute/imageSKU",
"equals": "Pre-Req-AX7-Onebox-U8"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "microsoft-ads"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "windows-data-science-vm"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsDesktop"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "Windows-10"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "RedHat"
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"RHEL",
"RHEL-SAP-HANA"
]
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSKU",
"like": "6.*"
},
{
"field": "Microsoft.Compute/imageSKU",
"like": "7*"
}
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "SUSE"
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"SLES",
"SLES-HPC",
"SLES-HPC-Priority",
"SLES-SAP",
"SLES-SAP-BYOS",
"SLES-Priority",
"SLES-BYOS",
"SLES-SAPCAL",
"SLES-Standard"
]
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSKU",
"like": "12*"
}
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "Canonical"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "UbuntuServer"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSKU",
"like": "14.04*LTS"
},
{
"field": "Microsoft.Compute/imageSKU",
"like": "16.04*LTS"
},
{
"field": "Microsoft.Compute/imageSKU",
"like": "18.04*LTS"
}
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "Oracle"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "Oracle-Linux"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSKU",
"like": "6.*"
},
{
"field": "Microsoft.Compute/imageSKU",
"like": "7.*"
}
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "OpenLogic"
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"CentOS",
"Centos-LVM",
"CentOS-SRIOV"
]
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSKU",
"like": "6.*"
},
{
"field": "Microsoft.Compute/imageSKU",
"like": "7*"
}
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "cloudera"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "cloudera-centos-os"
},
{
"field": "Microsoft.Compute/imageSKU",
"like": "7*"
}
]
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"/providers/microsoft.authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b"
],
"type": "Microsoft.RecoveryServices/backupprotecteditems",
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"backupPolicyId": {
"type": "String"
},
"fabricName": {
"type": "String"
},
"protectionContainers": {
"type": "String"
},
"protectedItems": {
"type": "String"
},
"sourceResourceId": {
"type": "String"
}
},
"resources": [
{
"apiVersion": "2017-05-10",
"name": "[concat('DeployProtection-',uniqueString(parameters('protectedItems')))]",
"type": "Microsoft.Resources/deployments",
"resourceGroup": "[first(skip(split(parameters('backupPolicyId'), '/'), 4))]",
"subscriptionId": "[first(skip(split(parameters('backupPolicyId'), '/'), 2))]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"backupPolicyId": {
"type": "String"
},
"fabricName": {
"type": "String"
},
"protectionContainers": {
"type": "String"
},
"protectedItems": {
"type": "String"
},
"sourceResourceId": {
"type": "String"
}
},
"resources": [
{
"type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
"name": "[concat(first(skip(split(parameters('backupPolicyId'), '/'), 8)), '/', parameters('fabricName'), '/',parameters('protectionContainers'), '/', parameters('protectedItems'))]",
"apiVersion": "2016-06-01",
"properties": {
"protectedItemType": "Microsoft.Compute/virtualMachines",
"policyId": "[parameters('backupPolicyId')]",
"sourceResourceId": "[parameters('sourceResourceId')]"
}
}
]
},
"parameters": {
"backupPolicyId": {
"value": "[parameters('backupPolicyId')]"
},
"fabricName": {
"value": "[parameters('fabricName')]"
},
"protectionContainers": {
"value": "[parameters('protectionContainers')]"
},
"protectedItems": {
"value": "[parameters('protectedItems')]"
},
"sourceResourceId": {
"value": "[parameters('sourceResourceId')]"
}
}
}
}
]
},
"parameters": {
"backupPolicyId": {
"value": "[parameters('backupPolicyId')]"
},
"fabricName": {
"value": "Azure"
},
"protectionContainers": {
"value": "[concat('iaasvmcontainer;iaasvmcontainerv2;', resourceGroup().name, ';' ,field('name'))]"
},
"protectedItems": {
"value": "[concat('vm;iaasvmcontainerv2;', resourceGroup().name, ';' ,field('name'))]"
},
"sourceResourceId": {
"value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/',field('name'))]"
}
}
}
}
}
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "09ce66bc-1220-4153-8104-e3f51c936913"
}
|