5

As an administrator, I need to limit the sized of VMs my end-users can provision through the Azure portal. I'm looking for something similar to what I can do with AWS IAM, make sure that users can only provision certain sizes of VMs.

David Makogon
  • 69,407
  • 21
  • 141
  • 189
Harnik
  • 253
  • 2
  • 5
  • 1
    Putting it as a comment instead of an answer because I don't know how to do this but do take a look at Azure Resource Manager Policies - https://azure.microsoft.com/en-in/documentation/articles/resource-manager-policy/. Most likely you would be able define some policies which would restrict the VM size. – Gaurav Mantri Aug 09 '16 at 15:59

2 Answers2

2

Garuav nailed it - you want to use a policy definition.

https://azure.microsoft.com/en-us/documentation/articles/resource-manager-policy/

You will essentially have something like this:

$policyJSON = @'
    {
      "if" : {
      "not" : {
        "field" : "vmSize",
        "in" : ["Standard_D1", "Standard_D2"]
      }
    },
      "then" : {
        "effect" : "deny"
      }
    }
'@

$policy = New-AzureRmPolicyDefinition -Name 'VMSizeRestriction' -DisplayName 'VM Size Restrictions' -Policy $policyJSON

New-AzureRmPolicyAssignment -Name 'VMSizeRestriction-SubscriptionA' -PolicyDefinition $policy -Scope '/subscriptions/########-####-####-####-############'

You can assign it other scopes as well (e.g. resourceGroups) and combined it with RBAC (allow users access to only one RG and then apply policy to that RG) for example. The doc link above has a little more.

bmoore-msft
  • 8,376
  • 20
  • 22
1

To restrict the size of Vms that your end users can provision from the azure portal you can create an "Azure Dev Test lab" and directly set the vm sizes you want to allow. Then you can give RBAC rights to your customers to access to the dev test lab.

enter image description here

An other option would be to create a ressource policy and apply it on your customer subscriptions.

Regards,

Thibaut Ranise
  • 705
  • 4
  • 12