Exercise 4 – enabling resource tagging with Azure Policy
This section will look at enabling resource tagging with Azure Policy using the Azure portal.
The following subsections show how to complete this exercise, segregated into tasks for ease of understanding.
Task – accessing the Azure portal
- Log into the Azure portal at https://portal.azure.com. Alternatively, you can use the Azure desktop app: https://portal.azure.com/App/Download.
Task – creating a policy assignment
- In the search bar, type policy; click Policy from the results list.
- From the Policy blade, click Assignments under Authoring via the left navigation menu.
- Click Assign policy from the top toolbar.
- From the Policy definition field, under Basics on the Basics tab, click the ellipsis button on the right-hand side of the text box.
- From the Available Definitions page that appears, in the search box, enter require a tag.
- From the policy definition search results, click Require a tag on resource groups.
- Click Select.
- From the Parameters tab, in the Tag Name field, enter Environment as the text value.
- Click Next: Review + create.
- On the Review + create tab, review your settings; you may go back to the previous tabs and make any edits if required. Once you have confirmed your settings, click Create.
- You will receive a notification, stating that the policy assignment succeeded.
Task – testing the policy function
- In the search bar, type resource groups; click Resource groups from the results list.
- From the Resource groups blade, click the + Create button via the top toolbar.
- From the Basics tab, set the Project and Resource details as required.
- Click Next: Review + create.
- On the Review + create tab, click Create.
- You will receive a notification, stating that the resource group failed to be created; click View error details.
- In the summary tab, you will see that the policy disallowed the resource; this is the required expected behavior.
- From the Tags tab, enter the name that was defined in the policy; in our exercise, this text value was Environment.
- For this exercise, enter Production as the text value.
- Click Next: Review + create.
- On the Review + create tab, click Create.
- You will receive a notification, stating that the resource group was created successfully this time.
- Search for Tags or navigate to the Tags blade in the portal. You will see that your tag has been created. Upon clicking your tag, the page for the tag will show all the resources that have been tagged with it.
- The final task is to clean up and delete the assigned policy that was created in this exercise.
- From the Assignments blade, locate the assignment to delete from the list. Then, right-click and select Delete assignment from the pop-up menu.
In this exercise, we successfully created a policy to deny creating a resource that does not have a tag. In the following exercise, we will look at limiting the resource creation location with Azure Policy.