Time
1 hour 7 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
In the last video, we saw how we can create a policy assignment using Azure portal.
00:07
However, when you develop automation script, you would like to use a command line interface toe assigned the policies.
00:15
Let's see how we can use Usher Command line interface. To do that
00:22
if you can actually see alliance doubt on your local machine you can run those commands from your local machine.
00:28
But you can also run this in azure cloud shell.
00:32
Here I am in Azure Portal and I will stop Cloud Shell.
00:38
I also created a resource group for this demo and I called it.
00:44
See why be ese policy cli demo.
00:50
The first thing I need to do is I need to get information about the resource group. I can run up,
00:57
see, like a month
00:59
to get the details about the resource group.
01:02
So I have the i. D. The location and so on
01:06
everything that I need about these resource group.
01:08
The next thing is I need to get information about the policy that I will apply
01:15
for these demo. Our apply policy called all the resource vocation. Much is the resource group location. What that means is that the resource is that are created in the resource group. Need to have the same location as the resource group.
01:29
Let's get information nowadays. Policy.
01:34
So this is the policy and the information that I will need from it is the name.
01:41
Now I can issue a command toe. Do the policy assignment.
01:47
Here are the steps.
01:49
First thing is
01:52
I shall see Ally has a policy command
01:55
and we will say Asher, poor policy assignment create. The next thing I need to provide is
02:02
friendly name for the assignment. In my case, I will use
02:08
all the resource location
02:12
next eventually display name, which will be helpful to find this policy assignment.
02:21
I will just put all the resource location matches the resource group, the name of the resource gold location
02:29
and then we need to specify the skull.
02:32
So the scope needs to include
02:37
the identifier of the resource group
02:39
because we would like toa put this at the resource group scope. So I will copy, they identify,
02:47
and I need to provide the full identify off the group.
02:52
And the last thing I need to do is I need toe identify the policy I wanna sign
03:00
and In this particular case, we'll use the policy name.
03:12
Once I actually issued a command, I receive a success message back, and this policy will be assigned to this resource group.
03:19
You can check this back by going to the research group in Azure Portal
03:28
and clicking on the Policies
03:30
section, and you will see that all the resource location matches Resource Group location is already assigned.
03:40
The policy is not evaluated yet. As you can see, it's not started.
03:46
Let's go in the resource group
03:47
and create a new resource there.
03:51
Before that, I want to check where the resource group is placed. So it is in West U. S. I will create a new resource that is not in this location. So we can see later on how this policy
04:04
reports on compliance.
04:08
Let's go back and we'll just create a simple storage account,
04:12
which is based, Let's say, in East us, too.
04:15
So we will search for storage account,
04:20
blob, file table and Q and will just create a new one in a different location than the resource group.
04:29
Call it cyber. Very sure
04:32
police see,
04:35
see alive day more storage
04:39
and we'll pick up east us too.
04:44
And we leave the rest. Actually,
04:50
by default
04:54
us. You can see
04:56
because this is our audit policy, not the enforcement policy. I am able to create a resource that is not in the occasion that the resource group has,
05:09
so I am not prevented from creating those. Three sources, however, will see later on.
05:15
This will be out of compliance resource.
05:19
In this video, we saw how we can use actual CIA lying toe assigned policies.
05:26
In the next video, we'll look at how we can dough assignments for initiatives.

Up Next

Azure Policies

This course goes into details about Azure Policy and how it can be used for IT governance of Azure resources.

Instructed By

Instructor Profile Image
Toddy Mladenov
Instructor