1

I'm trying to create an Azure policy for creating a RG for every subscription under my tenant. I created this custom policy like I saw in some example but nothing is being created.

The custom policy:

{
    "properties": {
        "displayName": "Create resource group if not exists",
        "description": "This policy will create resource group if not exists",
        "policyType": "Custom",
        "mode": "All",
        "metadata": {
            "version": "1.0.0",
            "category": "Resource Management"
        },
        "parameters": {},
        "policyRule": {
            "if": {
                "allOf": [
                    {
                        "field": "type",
                        "equals": "Microsoft.Resources/subscriptions"
                    }
                ]
            },
            "then": {
                "effect": "deployIfNotExists",
                "details": {
                    "type": "Microsoft.Resources/deployments",
                    "name": "createResourceGroup",
                    "roleDefinitionIds": [
                        "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
                    ],
                    "existenceCondition": {
                        "field": "name",
                        "equals": "TestRG"
                    },
                    "deployment": {
                        "properties": {
                            "mode": "incremental",
                            "template": {
                                "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
                                "contentVersion": "",
                                "parameters": {},
                                "variables": {},
                                "resources": [
                                    {
                                        "type": "Microsoft.Resources/resourceGroups",
                                        "apiVersion": "2018-05-01",
                                        "name": "TestRG",
                                        "location": "eastus",
                                        "tags": {
                                            "Test": "Infra"
                                        },
                                        "properties": {}
                                    }
                                ]
                            },
                            "parameters": {}
                        }
                    }
                }
            }
        }
    }
}

If you have any ideas I would really appreciate that. Thanks.

yershalom
  • 786
  • 1
  • 8
  • 19

1 Answers1

0

The alias "Microsoft.Resources/subscriptions" which you are referring to does not exist within the available aliases, hence the custom policy isn't working as expected. You can verify the list of available aliases using the PowerShell command "Get-AzPolicyAlias".

To raise a new policy alias request, you need to create ticket with Microsoft Support team.

SwathiDhanwada
  • 518
  • 3
  • 9