StarterKit/Definitions-Microsoft-Release-Flow/policyAssignments/tag-assignments.jsonc (128 lines of code) (raw):
{
"$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-assignment-schema.json",
// Modify Policies for required tags --- use this comment to trigger deployment
"nodeName": "/Tags/",
"parameters": {
"excludedRG": [
"synapseworkspace-managedrg-*",
"databricks-rg-*",
"managed*",
"DefaultResourceGroup*",
"NetworkWatcherRG*",
"LogAnalyticsDefaultR*",
"Orca-Security*",
"rg-terraform*",
"cloud-shell-storage*"
]
},
"children": [
{
"nodeName": "required-and-inherit/",
"scope": {
"epac-dev": [
"/providers/Microsoft.Management/managementGroups/mg-epac-dev"
],
"nonprod": [
"/providers/Microsoft.Management/managementGroups/mg-nonprod"
],
"prod": [
"/providers/Microsoft.Management/managementGroups/mg-prod"
]
},
"definitionEntryList": [
{
"policyName": "7ce92201-8036-4d55-938e-0dce0a5bc475",
"displayName": "Require Tag on Resource Group with dynamic notScope",
"assignment": {
"name": "rgtag-",
"displayName": "Require Tag on Resource Group - ",
"description": "Require Tag for Resource Groups when any resource group (not listed in in excludedRg) is created or updated - "
}
},
{
"policyName": "5cc2cbfc-e306-4ec6-a141-eea3c79bb2ae",
"displayName": "Inherit Tag from Resource Group with dynamic notScope",
"assignment": {
"name": "taginh-",
"displayName": "Inherit Tag from Resource Group - ",
"description": "Modify Tag to comply with governance goal of enforcing Tags by inheriting Tags from RG - "
}
}
],
"children": [
{
"nodeName": "Example",
"assignment": {
"name": "Example",
"displayName": "Example",
"description": "Example"
},
"parameters": {
"tagName": "Example"
}
},
{
"nodeName": "Environment",
"assignment": {
"name": "Environment",
"displayName": "Environment",
"description": "Environment"
},
"parameters": {
"tagName": "Environment"
}
}
]
},
{
"nodeName": "Environment/",
"definitionEntry": {
"policyName": "2076e19d-45f9-4564-a459-bb5a0aeaff85",
"displayName": "Add/Replace Tag on Resource Group with dynamic notScope"
},
"parameters": {
"tagName": "Environment"
},
"children": [
{
"nodeName": "PROD",
"assignment": {
"name": "prod-env-tag",
"displayName": "Prod Environment Tag",
"description": "Set Tag Environment to PROD"
},
"parameters": {
"tagValue": "PROD"
},
"scope": {
"epac-dev": [
"providers/Microsoft.Management/managementGroups/mg-epac-dev-prod"
],
"prod": [
"/providers/Microsoft.Management/managementGroups/mg-prod"
]
}
},
{
"nodeName": "NONPROD",
"assignment": {
"name": "prod-env-tag",
"displayName": "NonProd Environment Tag",
"description": "Set Tag Environment to NONPROD"
},
"parameters": {
"tagValue": "NONPROD"
},
"scope": {
"epac-dev": [
"/providers/Microsoft.Management/managementGroups/mg-epac-dev-nonprod"
],
"nonprod": [
"/providers/Microsoft.Management/managementGroups/mg-nonprod"
]
}
}
]
}
]
}