How can we trigger an Azure Policy from an Azure Runbook? example - to may be stop provisioning of resources in a subscription temporarily. I have basically created an Budget Action Group to an Azure Runbook via Webhook. This works successfully, but need to also test Azure Policy trigger via a Runbook if the Budget/Action Group gets triggered.
Asked
Active
Viewed 100 times
1 Answers
0
In Azure policy definitions and assignments exist. A policy definition is just that, it defines what a policy would do if it were to be assigned to a certain scope in a Policy assignment.
So you could create the policy definition for blocking resource creation and first test it at the scope of a testing resourcegroup. When everything works as expected you can create simple powershell commands in your runbook to create the assignment at the scope needed when the runbook is triggered. You could also automate the removal of the policy assignment.
PowerShell commands are: New-AzPolicyAssignment and Remove-AzPolicyAssignment.
Further documentation on assigning policies can be found here
Roderick Bant
- 1,534
- 1
- 9
- 17
-
Thank you so much @roderick This looks like what I wanted, will try to test this asap. :) – Sahil Wadehra Nov 08 '22 at 07:23