On the 29th of September we could see some new announcements at AzureCon. One thing that did not get that much attention was the announcement of Azure Resource Manager Policies. The announcement was a bit hidden in the following video: Azure Resource Manager Policies at 22 min 44 seconds. To me this was a pretty cool announcement, because you can control your deployments by using policies.
Policies are like Role Based Access applicable on subscriptions, resource groups and individual resources. Policies are allow by default.
The following scenarios can be arranged with policies:
- Chargeback, you have to apply a tag otherwise a deployment will fail;
- Geo Compliance, you want to roll out resource only in certain regions, like North and West Europe;
- Service curation, only roll out the services that you allow (compute, networking, storage, resources) and nothing else;
- Naming convention, make sure you resources are named according the pattern you decided on.
More documentation can be found here, this document explains how to you can create a policy and apply a policy.
In the video you could see the part about using Powershell cmdlets to apply polices, however at this moment the cmdlets are only in preview. Last week the AzureRM powershell module appeared, see following link.
To me this was an exciting announcement and I think an important one in the development of ARM and the possibility of controlling your deployments. I am curious how this will progress in the future.