Azure Resource Tags – Enforce tag creation on Resource Groups and Resources
- Create Azure Policies that enforce tagging
- Create an Initiative
- Assign the Initiative to a Subscription, Resource Group, Management Group,
One of the key recommendations when adopting Azure as a cloud platform is good naming standards. Microsoft has a best practice recommendations but keeping it simple is always the best bet.
For naming subscriptions, the following is a good standard to maintain:
<Company> <Department (optional)> <Product Line (optional)> <Environment>
Examples:
- EAX360-Research & Development-DEVELOPMENT
- EAX360-Finance-Accounting-PRODUCTION
The second step to ensuring that best practice is adhered to is to start enforcing tagging at the subscription level. This post describes how to setup tag enforcement when creating a Resource Group
Dashboard > Subscriptions > Microsoft P&G – PRODUCTION> Policy – Definitions
From here, you have several tagging definitions:
Append tag and its value from the resource group | Built-in | Policy | General |
Apply tag and its default value | Built-in | Policy | General |
Apply tag and its default value to resource groups | Built-in | Policy | General |
Enforce tag and its value | Built-in | Policy | General |
Enforce tag and its value on resource groups | Built-in | Policy | General |
Require specified tag | Built-in | Policy | General |
Require specified tag on resource groups | Built-in | Policy | General |
In my Azure tenant, I have several policies that trigger on RESOURCE CREATE. The implementation is straight-forward but requires an Azure Policy Initiative to be created, which looks like:
Now, when I create a new resource, I get the following error:
This isn’t the most helpful error notification but it does do the job.