AzPolicyAdvertizer

last sync: 2020-Aug-07 14:05:09 UTC

Azure Policy

Allowed locations for resource groups

Policy DisplayName Allowed locations for resource groups

Policy Id e765b5de-1225-4ba3-bd56-1ac6695af988

Policy Category General

Policy Description This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.

Policy Mode All

Policy Type BuiltIn

Policy in Preview FALSE

Policy Deprecated FALSE

Policy Effect Fixed: deny

Roles used none

Policy Changes no changes

Used in Policy Initiative(s)

Initiative DisplayName	Initiative Id
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f

Policy Rule

{
  "properties": {
    "displayName": "Allowed locations for resource groups",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.",
    "metadata": {
      "version": "1.0.0",
      "category": "General"
    },
    "parameters": {
      "listOfAllowedLocations": {
        "type": "Array",
        "metadata": {
          "description": "The list of locations that resource groups can be created in.",
          "strongType": "location",
          "displayName": "Allowed locations"
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "field": "location",
          "notIn": "[parameters('listOfAllowedLocations')]"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "e765b5de-1225-4ba3-bd56-1ac6695af988"
}

Azure Policy

Allowed locations for resource groups

Popular