Hands-on modules for the Dutch Azure Meetup on Governance.
Disclaimer: these exercises will create several Azure resources and may cost you some money.
These modules are based on Powershell, with Az module. See 'Tools' below.
Conjure up a resource group with some storage accounts: 1-add-demo-environment.
To implement your company's Cloud policy, you map each requirement to a control on an Azure resource. This typically leads to 2-deploy-policy-definition.
Microsoft recommends to bundle policies in 'policy sets' called 'Initiatives'. Unlike Powershell, the Azure CLI allows to update Initiatives. Optionally, take a look at initiatives.
When creating custom policies the 3-VSCode-policy-extension proves helpful.
Policy evaluations may take quite some time. Have a go at this by 4-trigger-policy-evaluation yourself. While you're at it, grab the policy evaluation results.
Policies may include remediation tasks. While remediation is a powerful concept, options a still quite specific. (skip this module, it is unfinished).
When setting up an environment or subscription, you may want to include your policies in a Blueprint. 6-explore-blueprint to get inspired!
Lastly, take advantage of the Azure DevOps pre-deployment condition gate 'Check Policy Compliance' to ensure releasing to a compliant environment.
When done: tidy up.
- GIT
- VSCode
- Azure Policy
- GitLens
- Markdownlint
- Powershell
- Powershell
Optionally, you may also want to look into azure-cli, and the ArmClient.
Thanks to Bas Kortleven (Wolf & Cherry) and Bram Kleverlaan (OahPat) for inspiration!