azure-policy

来源： https://stackoverflow.com/questions/61356867/azure-policy-check-for-an-empty-value

来源： https://stackoverflow.com/questions/61356867/azure-policy-check-for-an-empty-value

问题 I am currently helping investigate adopting Azure for my organization's public cloud. One of the tasks I have been assigned is locking down accounts to prevent users from being able to elevate their permissions within a subscription. One of the things in particular I am interested in is denying the creation of Custom Roles, as we don't want people to go and start creating their own roles until the need for the role has been vetted by security. I have been trying to do this via an Azure policy

问题 I'm trying to connect an API endpoint in Azure (api management) to a backend service. However, the set-body policy isn't recognizing my JSON body and thus isn't transforming it for the backend call. I've tried all iterations i can think of for the "Liquid" and "None" templates. The microsoft documentation is useless as even the "liquid" template is capitalized in the doc while it NEEDS to be lowercase. Even the Deep Dive article that everyone points to is misleading and/or out of date. i was

问题 I try do use Azure Policy to check if all resource groups in my production subscription have a "CanNotDelete" lock. I built a policy inspired by this question, the result can be found below. While testing this, I found out that resource groups without a lock are correctly detected as "non-compliant". However, if a resource group contains a resource which has a dedicated lock (Scope=resource, e.g. only on a KeyVault), the whole resource group will be marked as compliant - even tough only one