Exercise 5 – limiting the resource creation location with Azure Policy
This section will look at limiting the resource creation location with Azure Policy using the Azure portal.
The following subsections cover how to complete this exercise, segregated into tasks for ease of understanding.
Task – accessing the Azure portal
- Log into the Azure portal at https://portal.azure.com. Alternatively, you can use the Azure desktop app: https://portal.azure.com/App/Download.
Task – removing the policy assignment from the previous exercise
- Before starting this exercise, if you created the policy assignment for the previous exercise and have not deleted this yet, do so now by performing the following step.
- From the Assignments blade, locate the assignment to delete from the list. Then, right-click and select Delete assignment from the pop-up menu.
Task – creating a policy assignment
- In the search bar, type policy; click Policy from the results list.
- From the Policy blade, click Assignments under Authoring on the left navigation menu.
- Click Assign policy from the top toolbar.
- From the Policy definition field, under Basics on the Basics tab, click the ellipsis button on the right-hand side of the text box.
- From the Available Definitions page that appears, in the search box, enter allowed locations.
- From the policy definition search results, click Allowed locations.
- Click Select.
- From the Parameters tab, select the allowed locations for resource creation.
- Click Next: Review + create.
- On the Review + create tab, review your settings; you may go back to the previous tabs and make any edits if required. Once you have confirmed your settings, click Create.
- You will receive a notification that the policy assignment succeeded.
Task – testing the policy function
- In the search bar, type virtual machines; click Virtual machines from the results list.
- From the Virtual machines blade, click the + Create button via the top toolbar and select Virtual machine.
- From the Basics tab, set the Project details as required.
- From the Instance details tab, select a region that is NOT on the allowed location for the policy; this is so we can test the limits of the region that was set in the policy.
- You will receive a notification about policy enforcement stating that in this example, the region selected does not match that allowed in the policy of a location that resources can be created in:
Policy enforcement. Value does not meet requirements on resource: Microsoft.Compute/virtualMachines
The field ‘Location’ with the value ‘(Europe) West Europe’ is denied
- To remediate this, from the Instance details tab, select a region that IS in the allowed location for the policy; this is so we can test the limits of the region that was set in the policy.
- You will no longer receive the policy enforcement message and will be allowed to continue with resource creation in the policy allowed location.
- The final task is to clean up and delete the assigned policy that was created in this exercise; this can be achieved by performing the following step.
- From the Assignments blade, locate the assignment to delete from the list. Then, right-click and select Delete assignment from the pop-up menu.
In this exercise, we successfully limited the resource creation location with Azure Policy.
This section covered the hands-on exercises for this chapter. The following section provides a summary of this chapter.