Azure policy definition to restrict users from using or amending from reserved subnet which consists of "123" and "reserved" words in the subnet name
I am very new to Azure policies and I am looking for azure policy definition which restrict users from using or amending from reserved subnet which consists of "123" and "reserved" words in the subnet name.
Also, users should not delete the subnet if exist already which contains 'reserved' and '123' in the subnet name.
Which means what we need is deny someone deploying anything under the subnet that having the keyword reserved and 123.
I tried the below but its failing. Not sure if the below one is valid or not.
Policy definition:
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/virtualNetworks/subnets"
},
{
"field": "Microsoft.Network/virtualNetworks/subnets[*].name",
"matchAny": [
"123",
"reserved"
]
}
]
},
"then": {
"effect": "Deny"
}
}
}
Error:
Failed to parse policy rule: 'Could not find member 'matchAny' on object of type 'LeafExpressionDefinition'. Path 'matchAny'.'.
Could any one please help me on this?
Failed to parse policy rule: 'Could not find member 'matchAny' on object of type 'LeafExpressionDefinition'. Path 'matchAny'.'
Here is the updated policy to restrict the creation of subnets that contain the names '123' and 'reserved'
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/virtualNetworks/subnets"
},
{
"field": "name",
"in": [
"reserved",
"123"
]
},
{
"anyOf": [
{
"field": "name",
"equals": "Microsoft.Network/virtualNetworks/subnets[*].name"
},
{
"field": "name",
"contains": "reserved"
},
{
"field": "name",
"contains": "123"
}
]
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {}
}
Once assigned the policy it will deny the deploying Azure subnets that has the keyword reserved and 123.
If a subnet's name does not match the specified name, it will be marked as non-compliant
