I'd like to enforce tag value pattern "RJGVM-###" for a Tag which will be required for resource groups. I manage to make it required, but whenever I put in any value it still passes.
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
},
{
"not": {
"field": "[concat('tags[',parameters('tagName'), ']')]",
"exists": "true"
}
},
{
"value": "[resourceGroup().tags[parameters('tagName')]]",
"notMatch": "RJGVM-###"
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "Tag Name",
"description": "Name of the tag, such as 'environment'"
}
}
}
}
Please refer this example mentioned in the below link to ensure match pattern on tag value :
https://github.com/Azure/azure-policy/tree/master/samples/TextPatterns/enforce-tag-match-pattern