Azure Policy Export

Azure Divers

Hi!

Azure Policy definitions, initiatives, and assignments can each be exported as JSON with Azure CLI.

Here an example to export an Azure Policy. In the first we will list all the Azure Policies which contains the display name « virtual machine ». In the second step we will export the Azure Policy in JSON.

maxime@Azure:~$ az policy definition list --query "[?contains(displayName, 'virtual machine')]" -o table
Name                                  PolicyType    Mode     DisplayName                                                                                                                       Description
------------------------------------  ------------  -------  ----------------
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56  BuiltIn       All      Audit virtual machines without disaster recovery configured                                                                       Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.
04c4380f-3fae-46e8-96c9-30193528f602  BuiltIn       Indexed  [Preview]: Network traffic data collection agent should be installed on Linux virtual machines                                    Security Center uses the Microsoft Dependency agent to collect network traffic data from your Azure virtual machines to enable advanced network protection features such as traffic visualization on the network map, network hardening recommendations and specific network threats.


maxime@Azure:~$ az policy definition show -n 0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 -o jsonc
{
  "description": "Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.",
  "displayName": "Audit virtual machines without disaster recovery configured",
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
  "metadata": {
    "category": "Compute",
    "version": "1.0.0"
  },
  "mode": "All",
  "name": "0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56",
  "parameters": {},
  "policyRule": {
    "if": {
      "field": "type",
      "in": [
        "Microsoft.Compute/virtualMachines",
        "Microsoft.ClassicCompute/virtualMachines"
      ]
    },
    "then": {
      "details": {
        "existenceCondition": {
          "field": "name",
          "like": "ASR-Protect-*"
        },
        "type": "Microsoft.Resources/links"
      },
      "effect": "auditIfNotExists"
    }
  },
  "policyType": "BuiltIn",
  "systemData": null,
  "type": "Microsoft.Authorization/policyDefinitions"
}

Maxime.

Démarrez une conversation

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *