forked from Azure/azure-policy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpattern-deploy-resources.json
56 lines (56 loc) · 2.46 KB
/
pattern-deploy-resources.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
{
"properties": {
"displayName": "Deploy network watcher when virtual networks are created",
"mode": "Indexed",
"description": "This policy creates a network watcher resource in regions with virtual networks. You need to ensure existence of a resource group named networkWatcherRG, which will be used to deploy network watcher instances.",
"metadata": {
"category": "Network"
},
"parameters": {},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/virtualNetworks"
},
"then": {
"effect": "DeployIfNotExists",
"details": {
"type": "Microsoft.Network/networkWatchers",
"resourceGroupName": "networkWatcherRG",
"existenceCondition": {
"field": "location",
"equals": "[field('location')]"
},
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
}
},
"resources": [{
"apiVersion": "2016-09-01",
"type": "Microsoft.Network/networkWatchers",
"name": "[concat('networkWacher_', parameters('location'))]",
"location": "[parameters('location')]"
}]
},
"parameters": {
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
}