In the last video, we saw how we can create a policy assignment using Azure portal.
However, when you develop automation script, you would like to use a command line interface toe assigned the policies.
Let's see how we can use Usher Command line interface. To do that
if you can actually see alliance doubt on your local machine you can run those commands from your local machine.
But you can also run this in azure cloud shell.
Here I am in Azure Portal and I will stop Cloud Shell.
I also created a resource group for this demo and I called it.
See why be ese policy cli demo.
The first thing I need to do is I need to get information about the resource group. I can run up,
to get the details about the resource group.
So I have the i. D. The location and so on
everything that I need about these resource group.
The next thing is I need to get information about the policy that I will apply
for these demo. Our apply policy called all the resource vocation. Much is the resource group location. What that means is that the resource is that are created in the resource group. Need to have the same location as the resource group.
Let's get information nowadays. Policy.
So this is the policy and the information that I will need from it is the name.
Now I can issue a command toe. Do the policy assignment.
I shall see Ally has a policy command
and we will say Asher, poor policy assignment create. The next thing I need to provide is
friendly name for the assignment. In my case, I will use
all the resource location
next eventually display name, which will be helpful to find this policy assignment.
I will just put all the resource location matches the resource group, the name of the resource gold location
and then we need to specify the skull.
So the scope needs to include
the identifier of the resource group
because we would like toa put this at the resource group scope. So I will copy, they identify,
and I need to provide the full identify off the group.
And the last thing I need to do is I need toe identify the policy I wanna sign
and In this particular case, we'll use the policy name.
Once I actually issued a command, I receive a success message back, and this policy will be assigned to this resource group.
You can check this back by going to the research group in Azure Portal
and clicking on the Policies
section, and you will see that all the resource location matches Resource Group location is already assigned.
The policy is not evaluated yet. As you can see, it's not started.
Let's go in the resource group
and create a new resource there.
Before that, I want to check where the resource group is placed. So it is in West U. S. I will create a new resource that is not in this location. So we can see later on how this policy
reports on compliance.
Let's go back and we'll just create a simple storage account,
which is based, Let's say, in East us, too.
So we will search for storage account,
blob, file table and Q and will just create a new one in a different location than the resource group.
Call it cyber. Very sure
see alive day more storage
and we'll pick up east us too.
And we leave the rest. Actually,
because this is our audit policy, not the enforcement policy. I am able to create a resource that is not in the occasion that the resource group has,
so I am not prevented from creating those. Three sources, however, will see later on.
This will be out of compliance resource.
In this video, we saw how we can use actual CIA lying toe assigned policies.
In the next video, we'll look at how we can dough assignments for initiatives.