How to restrict the creation of cloud resources to certain Azure regions
Note: Policies are only supported for Microsoft Azure accounts.
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules. These business rules, described in JSON format, are known as policy definitions. Through the Multi-Cloud Orchestrator it is possible to add and assign policy definitions to your Azure accounts.
There are many policy definitions for common use cases already available in your Azure environment as built-ins to help you get started.
- Have a valid Azure subscription in Multi-Cloud Orchestrator.
Create a policy assignment
- Go to Policies > Catalog
- Press the "Add policy definition" button.
- You can either upload your own policy definition (in JSON format)
- Import an existing policy assignment from your Azure cloud account
- import any built-in policy made available by Microsoft Azure.
The last option is what we are going to use, as there is a policy available which perfectly fits the needs of this how to.
Select Import builtin definition and search for Allowed locations, then press the "Import definition" button.
In the policy overview, click the Allowed locations policy definition and press the Add assignment button Fill out name, description and select the cloud account(s) to which the policy should be applied. Last but not least, enumerate the azure locations that should be allowed, for example:
- [ "westeurope", "eastus" ]
Note: If the policy requires array type parameters (as in this case) or object type parameters make sure to use a valid JSON value.
Note: It may take up to 30 minutes for the policy to be applied to the Azure subscription.
Verify policy enforcement
- Try to create a server in an unsupported location. The steps to create a server are: How to create a server.
- Verify that the policy assignment prevented the server to be created.