You use aliases to access specific properties for a resource type.
An alias enable you to restrict what values or conditions are permitted for a property on a resource. Each alias maps to the paths in different API versions for a given resource type. During policy evaluation, the policy engine gets the property path for that API version. For more information about Policy and aliases, visit this blog post
Instructions for viewing all aliases that can be used in Azure Resource Policy are available here.
- File a new issue to the Azure Policy Github repository
- The title must include the Resource Provider namespace, resourceType(s) and property name, following this pattern: "Alias request: "RP/resourceType/propertyName"
Example: Alias request: Microsoft.Web/serverfarms/hostingEnvironmentProfile.id
-
Describe your policy scenario:
- Scenario - What are you trying to achieve using Azure Policy for this scenario?
- Definition - What is the proposed policy definition needed to achieve your scenario?
Scenario
Need to use Azure Policy to deny creation of ASP outside of ASE
Definition
{
"properties": {
"displayName": "Only allow creation of ASP on ASE",
"description": "Only allow creation of ASP on ASE",
"parameters": {
"hostingEnvironmentProfileID": {
"type": "string",
"metadata": {
"description": "appServiceEnvironmentName"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/serverfarms"
},
{
"not": {
"allOf": [
{
"field": "Microsoft.Web/serverfarms/hostingEnvironmentProfile.id",
"equals": "[parameters('hostingEnvironmentProfileID')]"
}
]
}
}
]
},
"then": {
"effect": "deny"
}
}
}
}
The request would look similar to the example below:
