I struggling currently at some point with Azure Policy. I want to enforce a specific Tag and its value. (Sounds standard) But I want to allow one value from a predefined set which during creation is needed. For e.g.
Environment: (Any of these predefined values are allowed)
- Dev
- Test
- Prod
- PreProd
I created an Initiative with some other policies and when I assign this Initiative.
It will enforce only the chosen value but all other values are not allowed.
"properties": {
"displayName": "Tag3",
"policyType": "Custom",
"mode": "All",
"metadata": {
},
"parameters": {
"tags": {
"type": "Array",
"metadata": {
"displayName": "Environment",
"description": "The list of Environments"
},
"allowedValues": [
"Test",
"Dev",
"PreProd",
"Prod"
],
"defaultValue": [
"Prod"
]
}
},
"policyRule": {
"if": {
"not": {
"field": "tags",
"in": "[parameters('tags')]"
}
},
"then": {
"effect": "deny"
}
}
}