I'm trying to validate if a resource is deployed in correct resource group (as in if it's deployed in a resourceGroupName containing "core-services")?
An example:
If bastionHosts is deployed/created in a "core-services" resource group.
Does anyone know how to obtain the Azure Resource Information (a bastionHost) like resourceGroupName?
To obtain the resourceGroupName within a policy rule, you can utilize the resourceGroup() function.
Here's an example that checks if a given Microsoft.Network/bastionHosts resource is deployed within a resource group whose name contains "core-services":
{
"if": {
"allOf": [{
"value": "[resourceGroup().name]",
"like": "*core-services*"
},
{
"field": "type",
"equals": "Microsoft.Network/bastionHosts"
}
]
},
"then": {
"effect": "deny"
}
}
More Information: https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#value-examples